Monitor the WriteProcessMemory service to see whether or not inappropriate data is written to it, or other services attempt to hook APIs or inject DLLs.
- NoVirusThanks WPMSvc
- Version :1.0.0.0
- License :Trial
- OS :Windows All
- Publisher :NoVirusThanks.org Software
NoVirusThanks WPMSvc Description
Various malicious applications infect computers by forcefully injecting or hooking particular DLLs and sets of instructions. Sure enough an antivirus solution is the basic attempt at keeping a computer safe, but a virus can find its way in. Advanced users, however, can manually track computer changes in various areas, and NoVirusThanks WPMSvc logs activities related to the WriteProcessMonitor service.
One first note is that this isn’t a stand-alone application, but rather a service which sits in the background and constantly monitors and logs events. The package contains the necessary files to deploy the service on both x86 and x64 system architectures.
In order to properly install the service, the WPMSvc folder from the architecture of interest needs to be copied to the Windows root drive. The next step is to run the installer with administrator privileges so it can properly run and read info on the target service. A command prompt interface is brought up with installation status details.
NoVirusThanks WPMSvc can be found in the Services tab in Task Manager under the WPMSvc name. It also shows up under the same name in the Details tab. Uninstalling the service is done by running the uninstaller with administrator privileges.
All gathered details are automatically saved in a log file inside the source folder. It shows the date and hour of occurrence, process and target file, buffer length, buffer address, and actual buffer data.