A simple test to see is a host infected with earlier versions of "SpyEye" malware, which dropped a file at the same location every time. Good "proof of concept" showing that malware can be easily detected based on predictable behavior. later versions of SpyEye randomly chose their "drop file" location.
47fe222c307b38e17f5980aac2311b07cad91512447c0c7ebe7f8c9f9001844a
#!/usr/bin/env python
# Spy_Check.py - Insecurety Research 2012
# Checks generically for Spyeye infection
# Note: This is NOT a definitive test. If it comes clean, scan anyway.
# This technique worked fine on most version of Spyeye
import os
import sys
spypath = '''%SystemDrive%\cleansweep.exe\''' #thx to @Zy0d0x it now checks all drives.
if os.path.exists(spypath):
print "Host infected with Spyeye!\n"
print "Clean your box with an AV?"
sys.exit(0)
else:
print "Host seems clean. Scan anyway."
sys.exit(0)