Malware is getting smarter – many of today’s malicious programs have “learned” how to defend themselves against efforts to detect and/or clean them. I’m sure many readers are acquainted with Mark Russinovich’s Sysinternals tools, such as Process Explorer and Autoruns. These can be very useful in tracking down malware on an infected system – but how do you use Sysinternals tools in your malware hunt if one of the things the malware does is block Sysinternals tools?
In this blog post, Mark relates how a user got creative and used yet another Sysinternals utility – one that you normally wouldn’t think of in the context of tracking down malware – to solve the problem. If you haven’t already, check out The Case of the Sysinternals-blocking Malware here: