What are some techniques for checking a program for malware?

Lately, I've gotten my hands on some programs from a source that I
don't completely trust. I would very much like to make sure that, in
addition to what they overtly do, they don't also install some kind of
keylogger or botnet or any other malware. This is on a Windows XP box,
by the way.

All of these programs are standalone binaries. They aren't supposed to
install anything or set up any new services or startup tasks.

My initial plan is to start with a plain-vanilla XP install on a
VirtualBox or VMWare virtual machine. Then, I could take a registry
and file snapshot before running them and compare it with a snapshot
after. There are a variety of apps that can do this. Many registry-
editors do this, as well as Microsoft's SMS Installer, and probably
several uninstall tools. Additionally, I could use something which
monitors for registry changes (like SpyBot does).

But I'm trying to find out if I'm missing anything. Does anybody else
out there have a standard way of "vetting" programs that they're
unsure of?

- Joe

"Joe Emenaker" <> wrote in message news
> Lately, I've gotten my hands on some programs from a source that I
> don't completely trust. I would very much like to make sure that, in
> addition to what they overtly do, they don't also install some kind of
> keylogger or botnet or any other malware. This is on a Windows XP box,
> by the way.
>
snip
You can submit the files to www.virustotal.com

You can run scans with Spybot Search and destroy, and/or AdAware SE
personal, before and after you
run them.
And there's antivirus software you may have already.