Discussion on isolating an install and then analyzing the results

[JPMiller]

I have a possibly infected, custom "multi-installer" application, that I use on new builds.
It consists of a package containing freeware games, and it installs them as a batch and auto-creates icons.
I didn't create this but someone I trust did...
He hasn't had any issues using it, but lately when I've installed it on clients PC's, they end up getting various versions of scareware infestations.
It was on a USB thumbdrive that has been used hundreds of times to install security software and fixes for "compromised" machines so I'm guessing that is how this install has been corrupted.
What I'm asking is...
What are your suggestions for using a "sandbox" style install and then monitoring what its actually doing.
Has anyone done this sort of thing, and what did they use?
This could be helpful in many other instances as well.

[RicheemxX]

Hmm no replies yet, I was actually wondering if there was an easier way than what I was going to suggest.

What I usually do for software testing is run an install via either a VM (virtual box mainly) or a secondary HDD that can be sandboxed. If I use the 2nd HDD I simply disable the other drives in the machine from the bios so there is no chance of cross infection. Then for monitoring use sysinternals, process monitor and reg monitor.

Probably not the easiest way to go but it gives you a pretty good idea of what's going on. I've heard of a few pieces of software like InCtrl5, WhatChanged and InstallRite but most of those are older and not updated so I haven't tested them out.