Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Jan 2013
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Batch file needed

    Hi Guys,

    I'm new here, I would like a batch file what write to me a txt file the last 5 copied / installed .exe (with path) file on C:/

    Thanks

  2. #2
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    2,854
    Thanks
    19
    Thanked 110 Times in 104 Posts
    Hello, and welcome!

    The NTFS file system really only has one reliable file timestamp, the "Date/Time Modified". The 'Created' and 'Accessed' times are not maintained by all programs in a reliable manner, and so are best avoided.

    How would you accurately determine "the last 5 copied/installed .exe" files? I know of no file system data which would provide this, so I don't think a BATch file can be written to give you what you appear to want. Sorry!
    BATcher

    Dear Diary, today the Hundred Years War started ...

  3. #3
    New Lounger
    Join Date
    Jan 2013
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I testing some dropper / trojan, they drop exe files to temp,appdata,etc but sometimes its really hard to find manually.

  4. #4
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,837
    Thanks
    7
    Thanked 253 Times in 238 Posts
    There is no simple way to do this as it's not something Windows monitors and there are lots of ways to copy / install files. You would need to monitor all disk write activity and log the changes.

    cheers, Paul

  5. #5
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Los Angeles, CA
    Posts
    798
    Thanks
    3
    Thanked 28 Times in 26 Posts
    The System Monitor tool from sysinternals might be able to do this for you. Usually it monitors and reports on everything, but you should be able to set up a filter to just report on .exe file writes.

  6. #6
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    U.K.
    Posts
    108
    Thanks
    0
    Thanked 17 Times in 13 Posts
    Try Regshot
    http://www.softpedia.com/get/Tweak/R...Reg-Shot.shtml

    It takes a snapshot of Registry and every file on the PC and you leave it running
    You drop a trojan or whatever you wish.
    You trigger a second snapshot and then a compare, and you get a text file that lists every change of registry key and file / folder.

  7. #7
    Star Lounger
    Join Date
    Feb 2010
    Location
    near Ottawa, Ontario, Canada
    Posts
    57
    Thanks
    65
    Thanked 12 Times in 11 Posts

    use SandBoxie for your trojan/dropper research?

    Hey nyinyara,

    How about doing all your work with virii/malware/trojans in Sandboxie. http://www.sandboxie.com/
    That project started out as a way to sandbox the IE browser to make it safer.
    It ended up with an amazing tool that can add safety to _any_ application.

    Steve Gibson (Gibson Research, Secutiry Now, SpinRite and Shields-up!) and Leo Laporte( Tech TV/Lab with Leo) discussed it, but I cannot find a link to the video now. However, here's a transcript:
    www.grc.com/sn/sn-172.pdf
    (starting on page 12 seems to have the best info)

    This method would give you two benefits:
    1) first, the bad stuff you are testing cannot affect your real OS
    2) second, SandBoxDiff can give you a list of files and registry items that were modified
    http://www.sandboxie.com/index.php?C...es#SandboxDiff

    You can also create multiple sandboxes; one for each project your working on.

    I have no financial stake in the company, I'm just a _very_ pleased customer.

    Brian

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •