1

My system is infected by a malware that keeps modifying a particular configuration file. Is there a way/tool to find out which program is making change to a particular file?

I am simply looking for a tool that can help monitor changes to a particular file. Not really a full fledged forensics response.

Prabhat
  • 173
  • 5

1 Answers1

4

Procmon out of the Microsoft Sysinternals suite should do the trick. You can filter the path or registry key or whatever you need.

Lenniey
  • 5,090
  • 2
  • 17
  • 28