1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Discover what files a program is trying to access?

Discussion in 'Windows XP' started by jtrelfa, Nov 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. jtrelfa

    jtrelfa Thread Starter

    Joined:
    Nov 15, 2004
    Messages:
    2
    I have a program that *appears* to be spyware. My wife installed it on my machine and I want to figure out how in the world programs like spybot and adaware aren't able to get rid of it. I *suspect* it is doing some sort of check when it loads so that it can replicate itself. Possible scenario:

    1. Program starts
    2. Program checks for a special file somewhere in the system
    3. If the file doesn't exist, re-create it
    4. Keep on spying

    Is there some sort of "exe sniffer" or something that i can use to determine where a file is looking so I can delete all instances of this spyware?

    Thanks,

    Jon
     
  2. WhitPhil

    WhitPhil Gone but never forgotten Trusted Advisor

    Joined:
    Oct 4, 2000
    Messages:
    8,684
    First, Spybot can only detect foistware that it has in it's database. If this is a new one, or a home grown one, it won't be found.

    Try restarting to SAFE mode, do a Find > Files for the program in question, and delete it.

    If that doesn't help, go here, download, install and run HiJackThis.
    And, copy/paste the log file that it creates, back here for review.
     
  3. jtrelfa

    jtrelfa Thread Starter

    Joined:
    Nov 15, 2004
    Messages:
    2
    As it turns out, I was able to track down the program. There was a registry entry that was automatically launching the program that was causing the "spyware replication". Everything is cleared up now, thanks :)

    Jon

    By the way, IS there such as a thing as a program that logs which files/registry entries that an executable file reads/writes when it launches?
     
  4. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Yes, there are many.

    TakeControl will monitor all activity of any file:

    http://www.computersinmotion.com/

    Process Explorer does a good job of monitoring file activity and handles:

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

    RegMon monitors and records registry activity:

    http://www.sysinternals.com/ntw2k/source/regmon.shtml

    And FileMon does the same for files:

    http://www.sysinternals.com/ntw2k/source/filemon.shtml

    DiskMon monitors disk input/output:

    http://www.sysinternals.com/ntw2k/freeware/diskmon.shtml

    And programs like Resplendent Registrar can compare before and after snapshots of the registry:

    http://www.resplendence.com/

    ListDLL's will show all currently loaded dll's:

    http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml

    And Handle will show all open handles of all your files:

    http://www.sysinternals.com/ntw2k/freeware/handle.shtml
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Discover files program
  1. SilverSurf
    Replies:
    1
    Views:
    288
  2. Bill P
    Replies:
    3
    Views:
    326
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/296735

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice