spying on spyware


Hi,

I'm looking for a program that will tell me exactly what data SPYWARE.EXE
is reading and writing. I used filemon and diskmon from sysinternals.com,
but the last one especially is a bit cumbersome.

thanks a lot for helping,

Haico
haicoAsked:
Who is Participating?
 
ChatableCommented:
There are a lot of ways to spy on a program.
As you noticed there is filemon which will tell you what data it reads/writes to files on the disk. There is also regmon, (also from sysinternals) which will tell you the data it reads/writes to the registry.
Also you should use WireShark (http://www.wireshark.org) to see what it sends to the Internet.
All this is really nice but will only be meaningful if the data is sent in plain-text, which is not the case for most spyware. Most spyware software will send data (and even save it to disk) with some sort of scrambling (sometimes even encryption), so the output of filemon or wireshark will look like a weird binary mess. Unfortunately decoding the data usually requires disassembling the software in question.
Maybe before doing anything yourself you should try searching a bit on that specific spyware that you have. You may very well not be the first one who's trying to determine what it does.
0
 
Dmitri FarafontovLinux Systems AdminCommented:
Try to utilize Sandboxie and VMWare virtual machine. It is as close to the real world as possible within an a relatively safe and isolated environment. Again why I say relative is since nothing is 100% secure.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.