Win API

Facebook Twitter
Using Procmon for finding malware The scenario is: you know you are infected, because you’ve identified a process associate with a malware, but you can’t figure out how that given process is getting launched. A variation of this is: you kill the process, remove the executable but it reappears after a given amount of time / after reboot / etc. A great tool to help you identify the source of the problems is Process Monitor (or Procmon for short) from Microsoft (formerly Sysinternals). Using Procmon for finding malware
:: The Undocumented Functions by NTinternals ::