Some of the tools in Sysinternals suite are very useful for securing as well as for identifying any malicious activities in Windows operating system.
I have listed the tools, that I frequently use for malware hunting.
Download windows Sysinternals suite and explore the listed tools for malware hunting and securing your windows system.
I have listed the tools, that I frequently use for malware hunting.
Download windows Sysinternals suite and explore the listed tools for malware hunting and securing your windows system.
Tools
|
Description
|
AccessEnum
|
This tool shows access permission of user accounts to the directories, files and Registry keys on the system. Users can use it to find ACL permission holes
|
EFSDump
|
View information for encrypted files
|
MoveFile
|
Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files
|
PendMoves
|
See what files are scheduled for delete or rename the next time the system boots
|
Process Monitor
|
Monitor file system, Registry, process, thread and DLL activity in real-time
|
Psfile
|
See what files are opened remotely
|
Sdelete
|
Securely overwrite your sensitive files and cleanse your free space of previously deleted files using this DoD-compliant secure delete program
|
ShareEnum
|
Scan file shares on your network and view their security settings to close security holes
|
Sigcheck
|
Dump file version information and verify that images on your system are digitally signed
|
Ping
|
Measures network performance
|
TCPview
|
Active socket command-line viewer
|
Whois
|
See who owns an Internet address
|
Autoruns
|
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
|
Handle
|
This handy command-line utility will show you what files are open by which processes, and much more
|
ListDLLs
|
List all the DLLs that are currently loaded, including where they are loaded and their version numbers. Version 2.0 prints the full path names of loaded
|
ProcDump
|
This new command-line utility is aimed at capturing process dumps of otherwise difficult to isolate and reproduce CPU spikes. It also serves as a general process dump creation utility and can also monitor and generate process dumps when a process has a hung window or unhandled exception
|
Process Explorer
|
Find out what files, registry keys, and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
|
Psexec
|
Execute processes remotely
|
Pskill
|
Terminate local or remote processes
|
Pslist
|
Show information about processes and threads
|
Psservice
|
View and control services
|
Pssuspend
|
Suspend and resume processes
|
Shellrunas
|
Launch programs as a different user via a convenient shell context-menu entry
|
Autologon
|
Bypass password screen during logon
|
LogonSessions
|
List active logon sessions
|
PsLoggedOn
|
Show users logged on to a system
|
Psinfo
|
Obtain information about a system
|
Strings
|
Search for ANSI and UNICODE strings in binary images.
|