Solved

[ahsankhan]

solved

Edited August 4, 2009 by ahsankhan

[PC_LOAD_LETTER]

you can use process monitor to see what a process changes as it runs but if you wanted to see what it is capable of modifying before it is run, youre gonna need something that can decompile the software which more than likely isnt gonna be possible.

i suppose if you really need to test a piece of software you could use a VM such as VMware or virtualbox in combination with process monitor.

[JedMeister]

Sometimes, if its a compressed executable, you can just uncompress it (with WinRAR or 7zip). Most virus scanners actually scan memory whilst installing so if its a known virus it should be picked up anyway.

But if you really want to fully check and understand what its gonna do to your system before you do it you'll need to use some sort of virtual machine (as geek said) or some sort of decompiler (again as geek suggested). Personally I think its probably way more effort than its worth. With some good AV, backed up by tools such as Spybot S&D, Spyware Blaster and HijackThis, system restore turned on etc, only downloading from reputable sources and not opening attachments from people you don't know, you shouldn't have too many troubles.

[Tripredacus]

You can research most processes by name online. There are a bunch of websites that tell you what processes are. I haven't had trouble finding anything online yet. Just type in '"process.exe" process'. But of course use your app name and no single quotes.

[fairyprincess]

Never used this to submit a file, however when a user had a problem i found this site as it had a detailed breakdown of everything generated by the virus that had infected their system, including, files, registry keys, registered services, ports opened etc

http://www.threatexpert.com/submit.aspx or http://www.threatexpert.com/submissionapplet.aspx (SITE: http://www.threatexpert.com/)

Here is an example output

http://www.threatexpert.com/report.aspx?ui...3a-204688078f8e

[Nick_White]

You can also check if the program "behaves" like a virus (creates files in Windows directories, adds things to start-up, modifies system files etc.) using Comodo Firewall. It has firewall + HIPS and it asks you for every thing that the executable tries to do.

[Mousum]

http://www.sandboxie.com/

You can try this

[njven]

Sandboxie is good so running the program in isloated space. To monitor everything its doing, use Sysinternals (now Microsoft) Process Watch programs such as Process Explorer (TaskManager), Process Monitor (you can set its filters to a certain .exe and also to "Create/Modify Files", also Regmon REgistry Monitor (haven't used it yet).

Just check out all the programs on the page linked. All are completely safe and are reliable.

Link

http://technet.microsoft.com/en-us/sysinte...c84cb9e2f5.aspx

[JedMeister]

If you still want to go the 'find out exactly what it does to your system before you actually install it' route then here's a great utility for extracting any type of compressed file. Will extract almost anything apparently!

Universal Extractor - http://legroom.net/software/uniextract

Depending on how the installer itself is setup you may or may not be able to see what reg entries its going to change but you will be able to see the files it contains and possibly where they will be going to.

[mark]

If you still want to go the 'find out exactly what it does to your system before you actually install it' route then here's a great utility for extracting any type of compressed file. Will extract almost anything apparently!

Universal Extractor - <a href="http://legroom.net/software/uniextract" target="_blank">http://legroom.net/software/uniextract</a>

Depending on how the installer itself is setup you may or may not be able to see what reg entries its going to change but you will be able to see the files it contains and possibly where they will be going to.

Or you can go here: http://www.msfn.org/board/Universal-Extrac...v15-t62418.html

Mark