The Hidden Treasures of Sysinternals

Barence writes "PC Pro contributing editor Jon Honeyball has written a nice feature on the latest treasures to be found on the Windows Sysinternals website. Among them are a tool for creating virtual hard disks from physical drives, a hard disk read-write monitoring tool, and a utility for putting ISO images onto flash drives. They're free, but they're effective."

Wonderful tools

[Sycraft-fu]

These have been available for a long time, used to just be from a site called Sysinternals run by Russonivich before Microsoft hired him. This guy is, literally, the person who wrote the book on Windows. Windows Internals is the current name, used to be called Inside Windows 2000. A wonderful technical document of the internal workings of Windows.

At any rate, Russonivich produces extremely useful tools. Not the sort of thing you want in the hands of inexperienced users, as many of them can break your system, but extremely powerful. I use them all the time in the course of my job, especially when there's manual malware removal that needs to be done. So far, malware is unaware of the ability to suspend a process, which Process Explorer will do. So you suspend the malware, its watcher process doesn't know to restart it. You then use autoruns to remove the startup entries. At that point you can reboot, it won't start, and you can clean up the residuals.