i don't know if it's dangerous, how can i test it?

hi
i have a rar file , nod32 told me it's clean , virus total told me it's clean
it's an update rar file
i don't trust of it but i ran it
can somebody help me?
how can i be sure if it change my registry and change some of my files??
i have only nod32 & outpost

can sombody test it?

 

Tried Jotti or Virustotal ?

 

Mantra,

May I suggest next time monitoring both your file system and registry before deciding to run an update such as you describe. Start them both with *capturing* off, then *filtering* the amount of information they produce by selecting only log write's and log successes. Now enable *capturing* and run your file. Disable capturing immediately after execution, result's can then be saved to file. This procedure offer's a good idea of what has taken place across a wide area of your system.

Yes they both take some practice if you plan on becoming proficient in they're use, and it might help to keep as many other real time processes to a minimum so as not to cause confusion. There are many more way's to go about filtering, this cover's possibly the simplest.


GF

 

@bigbuck jotti told me is clean



@Global Force
thanks for the answer
i'm looking for a program that can monitor the activity of a program ,like open for write , delete files, change files and so on

it's not a important update , it's a small update 400k of a program that i download not from the official site but via p2p( yes i know it's dangerous , it's the first time that i downloaded from p2p)
could the 2 programs help me? really?

u know i did not understand what should i filtering?!?!?

by the way i'm downloading the 2 files , and i take care about your advises !
thanks

 

Your welcome Mantra.

If you have the RAM you might as well download this too. All three running together draw's a bit from my 256K setup so I need to exercise discretion in choosing what to run when. Make no mistake though, I feel once you get through the learning curve you'll be able to track occurences on your system without too much ado, much like Mark makes use.

Great program's they are!

PS - To start, forget about any window entries and stick what I bolded above.
I'm learning this monitoring bit myself finding it easiest to start basic.


GF

 

thanks

i believe that i understood

*capturing* off
*filtering* --> ad the name of the program ? like foobar.exe right?
enable ony log write's and log successes
*capturing* on
run the program
and look the log?


yes the programs are great software
only my last question
maybe it could be a good idea , have a program that do the same job but with the possibilty to alow or block an action right?
is there a software like this ? light & maybe free?? or shareware to trial for some days?


by the way really thanks

 

With Filemon you can select the process you wish to filter from the readout, then choose to include or exclude it. For Regmon select nothing to capture, it has more to do with *when* you enable it. If you know doing a particular operation is going to track say .... a hundred read's, set it's history depth to control output. For myself at the moment I find it easiest to "toggle" capturing on/off, then view result's.

As per your last question you'll need someone else to make a suggestion. App's on my system are chosen few, but select.


GF

 

thanks