Malware Watcher

This program takes snapshots before and after the execution of "malware." It displays newly added programs to the autorun list and any alterations to Windows Defender registry keys. It is not meant to replace an antivirus but rather to serve as an additional research tool.

Installation

Clone the repository

git clone https://github.com/rektile/Malware-Watcher.git

Go into the folder

cd ./Malware-Watcher

Install python requirements

pip install -r requirements.txt

Usage

Take snapshots

Run Main.py or MalwareWatcher.exe with admin privileges.
Wait till the first snapshot has been taken.
Run the "malware" and wait till it finishes
Press enter to take the second snapshot
You can find the logs in ./output and the changes file in ./change

Revert changes to registry

You can revert the changes made to the registry by using the .changes file that has been created.

MalwareWatcher.exe -c myChangesFile.changes

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
classes		classes
.gitignore		.gitignore
LICENSE		LICENSE
Main.py		Main.py
README.md		README.md
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Malware Watcher

Installation

Usage

Take snapshots

Revert changes to registry

About

Releases 4

Packages

Languages

License

rektile/Malware-Watcher

Folders and files

Latest commit

History

Repository files navigation

Malware Watcher

Installation

Usage

Take snapshots

Revert changes to registry

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 4

Packages 0

Languages

Packages