At a TechEd 2012 session earlier this week, Microsoft Fellow (SysInternals developer and author) Mark Russinovich presented. In the session, he used several Sysinternals tools to show their usefulness not only in just diagnosing and troubleshooting a Windows PC but also engaging in the hunt for malware.
This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by performing a live analysis of a Stuxnet infection’s system impact.
You can check out the session yourself with Silverlight or HTML5 from MSDN’s Channel9.