Neat tool: WinDiff

[RegEdit]

I read about this in a book about the Windows Registry. Suppose you want to test out what exact changes a virus makes to the registry. You would export the "before" REG file of your healthy test system. Then run the virus .exe file to install it. Maybe restart the computer to let the virus "marinate". Then export the "after" REG file of your infected test system. Then use WinDiff to compare the two. The differences that the tool finds are the changes made by the virus.

This might be helpful with newer viruses if you can pull the .exe install file off a customer's downloads folder.

You can use it to test just about anything to figure out what registry changes are made when you make any change to the computer.

WinDiff is one of the Windows Support Tools included on the Windows Installation CD.

 

[RegEdit]

Completed listings search of ebay:
0 results found for vista sp2 cd
0 results found for vista sp2 dvd

 

[RegEdit]

Completed listings search of ebay:
0 results found for vista sp2 cd
0 results found for vista sp2 dvd

disregard this post. Can't remove.

 

[Styxbound]

Reg difference

Interesting! I've often wondered why there wasn't a tool like that. Excuse my density, but how do you access it?

 

[iisjman07]

^^

http://www.grigsoft.com/download-windiff.htm ?

 

[Styxbound]

windiff

Downloaded and done. Thanks, iisjman07; one more tool added to a growing list of "to be learned".

 

[controlfreak]

cool this is good for network admin type situation on customer machine I just use process monitor and filter for process name of virus and capture registry access.

 

[DanB]

Regshot

Here is a portable app that might do the same thing. Will be checking out windiff. Can never have to many tools!

http://www.portablefreeware.com/index.php?id=297

 

[Styxbound]

regshot

Got that one too. Thanks, Dan.

 

[lgtechcomputers]

Interesting! I've often wondered why there wasn't a tool like that. Excuse my density, but how do you access it?

Should be part of the Win XP install disk.

Here are some links:
http://www.microsoft.com/downloads/...76-9BB9-4126-9761-BA8011FABF38&displaylang=en

http://support.microsoft.com/kb/159214

It is a pretty good tool to have.

There are alternatives to it.

WinMerge
http://winmerge.org/

http://scootersoftware.com/

 

[ExpletiveDeleted]

Too bad, you most likely on someones computer wont have a clean snap shot of the registry from before a virus or event.... This does seem like partly what system restore points might use though. If anything it might be useful as a tool to learn more abotu what programs do to the registry. Learn exactly how it works, when things are installed, uninstalled, etc.

 

[RegEdit]

You might be able to find the virus .exe file in their downloads folder. Pull it out and infect your test machine if you want to spend the time.