ahsankhan Posted April 20, 2008 Share Posted April 20, 2008 (edited) solved Edited August 4, 2009 by ahsankhan Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted April 20, 2008 Share Posted April 20, 2008 you can use process monitor to see what a process changes as it runs but if you wanted to see what it is capable of modifying before it is run, youre gonna need something that can decompile the software which more than likely isnt gonna be possible.i suppose if you really need to test a piece of software you could use a VM such as VMware or virtualbox in combination with process monitor. Link to comment Share on other sites More sharing options...
JedMeister Posted April 21, 2008 Share Posted April 21, 2008 Sometimes, if its a compressed executable, you can just uncompress it (with WinRAR or 7zip). Most virus scanners actually scan memory whilst installing so if its a known virus it should be picked up anyway.But if you really want to fully check and understand what its gonna do to your system before you do it you'll need to use some sort of virtual machine (as geek said) or some sort of decompiler (again as geek suggested). Personally I think its probably way more effort than its worth. With some good AV, backed up by tools such as Spybot S&D, Spyware Blaster and HijackThis, system restore turned on etc, only downloading from reputable sources and not opening attachments from people you don't know, you shouldn't have too many troubles. Link to comment Share on other sites More sharing options...
Tripredacus Posted April 21, 2008 Share Posted April 21, 2008 You can research most processes by name online. There are a bunch of websites that tell you what processes are. I haven't had trouble finding anything online yet. Just type in '"process.exe" process'. But of course use your app name and no single quotes. Link to comment Share on other sites More sharing options...
fairyprincess Posted April 21, 2008 Share Posted April 21, 2008 Never used this to submit a file, however when a user had a problem i found this site as it had a detailed breakdown of everything generated by the virus that had infected their system, including, files, registry keys, registered services, ports opened etchttp://www.threatexpert.com/submit.aspx or http://www.threatexpert.com/submissionapplet.aspx (SITE: http://www.threatexpert.com/)Here is an example outputhttp://www.threatexpert.com/report.aspx?ui...3a-204688078f8e Link to comment Share on other sites More sharing options...
Nick_White Posted April 22, 2008 Share Posted April 22, 2008 You can also check if the program "behaves" like a virus (creates files in Windows directories, adds things to start-up, modifies system files etc.) using Comodo Firewall. It has firewall + HIPS and it asks you for every thing that the executable tries to do. Link to comment Share on other sites More sharing options...
Mousum Posted April 22, 2008 Share Posted April 22, 2008 http://www.sandboxie.com/You can try this Link to comment Share on other sites More sharing options...
njven Posted April 23, 2008 Share Posted April 23, 2008 Sandboxie is good so running the program in isloated space. To monitor everything its doing, use Sysinternals (now Microsoft) Process Watch programs such as Process Explorer (TaskManager), Process Monitor (you can set its filters to a certain .exe and also to "Create/Modify Files", also Regmon REgistry Monitor (haven't used it yet).Just check out all the programs on the page linked. All are completely safe and are reliable.Linkhttp://technet.microsoft.com/en-us/sysinte...c84cb9e2f5.aspx Link to comment Share on other sites More sharing options...
JedMeister Posted April 24, 2008 Share Posted April 24, 2008 If you still want to go the 'find out exactly what it does to your system before you actually install it' route then here's a great utility for extracting any type of compressed file. Will extract almost anything apparently!Universal Extractor - http://legroom.net/software/uniextractDepending on how the installer itself is setup you may or may not be able to see what reg entries its going to change but you will be able to see the files it contains and possibly where they will be going to. Link to comment Share on other sites More sharing options...
mark Posted April 24, 2008 Share Posted April 24, 2008 If you still want to go the 'find out exactly what it does to your system before you actually install it' route then here's a great utility for extracting any type of compressed file. Will extract almost anything apparently!Universal Extractor - <a href="http://legroom.net/software/uniextract" target="_blank">http://legroom.net/software/uniextract</a>Depending on how the installer itself is setup you may or may not be able to see what reg entries its going to change but you will be able to see the files it contains and possibly where they will be going to.Or you can go here: http://www.msfn.org/board/Universal-Extrac...v15-t62418.htmlMark Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now