Finding Malware & Hidden Changes

Triopstor · Post by **Triopstor** » Sep 18, 2009 10:51

THE PROBLEM
=========
I'm interested in installing some demo calculation software. However this software attaches hidden changes to computers AND does not return the original computer state prior to installing via UNINSTALLING the software.

There are no viruses just hidden changes.

How can take an "Image Snap Shot" of a computer prior to installation or find what registry changes or any lurking hidden files that are made afterwards? Is there a better way to uninstall software?

One idea I have was to install this on a fresh EXTERNAL hard drive. And then reformat the whole external hard drive and hope the software didn't branch out to effect the main hard drive or anything else.

BastetFurry · Post by **BastetFurry** » Sep 18, 2009 12:46

Use VirtualBox if you dont trust some piece of software and want to test it :)

Merick · Post by **Merick** » Sep 18, 2009 23:57

Or Virtual PC

BastetFurry · Post by **BastetFurry** » Sep 19, 2009 1:09

Cool, Microsoft released VPC for Linux? :)

Triopstor · Post by **Triopstor** » Sep 23, 2009 17:01

Thank you! I shall let you know how that works out.

Anybody know how to monitor your XP registry and files(both apparent and hidden files)?

Merick · Post by **Merick** » Sep 23, 2009 20:31

BastetFurry wrote:Cool, Microsoft released VPC for Linux? :)

Not recently, but back before MS bought it from Connectix (the original authors) there were versions for both Linux and MacOs

TheMG · Post by **TheMG** » Sep 23, 2009 21:23

If you're using Windows, you can create a system restore point before you use it, and return to this after. It should restore all system settings as they were before.

Triopstor · Post by **Triopstor** » Sep 24, 2009 17:12

Good. A system restore point in XP. I just have to research the algorhythm to do that. Hopefully this can not be bypassed by installation software. Thanks.

notthecheatr · Post by **notthecheatr** » Sep 24, 2009 19:47

Spybot Search and Destroy comes with something called the Teatimer, which will alert you any time something tries to change your registry, and asks your permission to make that change. You can enable programs you trust to make changes without your permission, and programs you don't trust you can keep control over like that.

You may also wish to make registry backups or system restore.

There are programs to clean the registry; presumably if you remove a program they would remove unnecessary registry keys associated with the program. Try CCleaner and Revo Uninstaller for starters.

There are others too, just Google it.