Solved

spying on spyware

Posted on 2006-11-04
4
212 Views
Last Modified: 2013-12-04

Hi,

I'm looking for a program that will tell me exactly what data SPYWARE.EXE
is reading and writing. I used filemon and diskmon from sysinternals.com,
but the last one especially is a bit cumbersome.

thanks a lot for helping,

Haico
0
Comment
Question by:haico
4 Comments
 
LVL 7

Accepted Solution

by:
Chatable earned 63 total points
ID: 17873363
There are a lot of ways to spy on a program.
As you noticed there is filemon which will tell you what data it reads/writes to files on the disk. There is also regmon, (also from sysinternals) which will tell you the data it reads/writes to the registry.
Also you should use WireShark (http://www.wireshark.org) to see what it sends to the Internet.
All this is really nice but will only be meaningful if the data is sent in plain-text, which is not the case for most spyware. Most spyware software will send data (and even save it to disk) with some sort of scrambling (sometimes even encryption), so the output of filemon or wireshark will look like a weird binary mess. Unfortunately decoding the data usually requires disassembling the software in question.
Maybe before doing anything yourself you should try searching a bit on that specific spyware that you have. You may very well not be the first one who's trying to determine what it does.
0
 
LVL 11

Assisted Solution

by:DeltaFire
DeltaFire earned 62 total points
ID: 20133755
Try to utilize Sandboxie and VMWare virtual machine. It is as close to the real world as possible within an a relatively safe and isolated environment. Again why I say relative is since nothing is 100% secure.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101064
Forced accept.

Computer101
EE Admin
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question