How to figure out exactly what a program is doing on your PC

WellNow · 06-07-2008, 01:21 AM

Hi, I have a program written by a friend (from an IRC channel) that I think is trustworthy, but another friend is convinced that there is a rootkit/backdoor in it. I have scanned with everything imaginable (notable ones are RootkitRevealer, Blacklight and Avast Antirootkit), my antivirus is up to date and I find nothing, I have also uploaded the file to Virus Total and it was found clean. There is nothing odd in my HJT log, but I still wonder if there is a keylogger that runs within the program that sends anything back through the IRC protocol (it is a tool for use on the network) or if it gives file sharing access through the protocol on command.

What I want to know is if there is there something I can run with this program (or run the program within) that will list all the stuff it is trying to do to my PC, that will list what other programs/windows services it interacts with if any, I don't know where to begin looking for something like this. (I'm not looking for a packet sniffer for traffic, I have already looked over the traffic it sends/receives) I don't know if this is the appropriate place to ask, but I figure it is security related.

I would like to believe that my friend is trustworthy and the program does nothing malicious, but I need to confirm this.

06-07-2008, 01:21 AM	#1 (permalink)
WellNow Registered User Join Date: Jun 2008 Posts: 2 OS: Vista sp1	How to figure out exactly what a program is doing on your PC Hi, I have a program written by a friend (from an IRC channel) that I think is trustworthy, but another friend is convinced that there is a rootkit/backdoor in it. I have scanned with everything imaginable (notable ones are RootkitRevealer, Blacklight and Avast Antirootkit), my antivirus is up to date and I find nothing, I have also uploaded the file to Virus Total and it was found clean. There is nothing odd in my HJT log, but I still wonder if there is a keylogger that runs within the program that sends anything back through the IRC protocol (it is a tool for use on the network) or if it gives file sharing access through the protocol on command. What I want to know is if there is there something I can run with this program (or run the program within) that will list all the stuff it is trying to do to my PC, that will list what other programs/windows services it interacts with if any, I don't know where to begin looking for something like this. (I'm not looking for a packet sniffer for traffic, I have already looked over the traffic it sends/receives) I don't know if this is the appropriate place to ask, but I figure it is security related. I would like to believe that my friend is trustworthy and the program does nothing malicious, but I need to confirm this. Last edited by WellNow; 06-07-2008 at 01:33 AM.