Solved

spying on spyware

Posted on 2006-11-04
4
216 Views
Last Modified: 2013-12-04

Hi,

I'm looking for a program that will tell me exactly what data SPYWARE.EXE
is reading and writing. I used filemon and diskmon from sysinternals.com,
but the last one especially is a bit cumbersome.

thanks a lot for helping,

Haico
0
Comment
Question by:haico
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Accepted Solution

by:
Chatable earned 63 total points
ID: 17873363
There are a lot of ways to spy on a program.
As you noticed there is filemon which will tell you what data it reads/writes to files on the disk. There is also regmon, (also from sysinternals) which will tell you the data it reads/writes to the registry.
Also you should use WireShark (http://www.wireshark.org) to see what it sends to the Internet.
All this is really nice but will only be meaningful if the data is sent in plain-text, which is not the case for most spyware. Most spyware software will send data (and even save it to disk) with some sort of scrambling (sometimes even encryption), so the output of filemon or wireshark will look like a weird binary mess. Unfortunately decoding the data usually requires disassembling the software in question.
Maybe before doing anything yourself you should try searching a bit on that specific spyware that you have. You may very well not be the first one who's trying to determine what it does.
0
 
LVL 12

Assisted Solution

by:Dmitri Farafontov
Dmitri Farafontov earned 62 total points
ID: 20133755
Try to utilize Sandboxie and VMWare virtual machine. It is as close to the real world as possible within an a relatively safe and isolated environment. Again why I say relative is since nothing is 100% secure.
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21101064
Forced accept.

Computer101
EE Admin
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question