185 replies to this topic

[dev00790]

Hi,

I notice that O38 - SubSystems is not mentioned in the OTL tutorial. Could this be added please?

dev00790

[emeraldnzl]

Yes, that together with a number of scan changes and another command are all either already written and in the pipeline (checking by the tool developer) or under preparation.

[dev00790]

Thanks

[Wing Man]

I have a student asking a question about OTL and a change made to the GUI.

Earler versions of OTL had an option under Modules called "Use Safe List" and at some point this was changed to "No Company Name".
Was this an effort to minimize the amount of "internal" processing as a "safelist" could have grown huge, possibly hindering overall processing time.

I looked at the OTL updates and did not really see anything regarding this change...

Edit:
Should this change be reflected in the tutorial, so the helpers know what the option provides?

Edited by Wing Man, 16 May 2012 - 08:06 AM.

[emeraldnzl]

Hello Wing Man,

I know you have received a detailed reply from OT at MRU.

For anyone else reading this thread the crux of OT's reply is that improvements/changes are constantly being made to OTL. Not all are commented on. This particular change was made over a year ago to streamline the scan. The form label was made to reflect the change.

[Wing Man]

Yes, OT did reply, thanks.

[fireblade77]

Hi there

I am dealing with a little bit of malware and have a random entry in the log which I am going to remove.

mRun: [audiowx] rundll32.exe "23drhl.dll",s

However, before I proceed - Can I ask what the ,s indicates on the end?

Thanks

[emeraldnzl]

Hello fireblade77,

Don't know what that is. Might be worth opening a topic in the Malware Forum and have someone there check it out.

[Wing Man]

OTL is just reporting what is found in the registry entry. It's probably a program parameter used to have the file run in "silent" mode or something along those lines.

[OldTimer]

@fireblade77: That is not a line from an OTL log. Questions regarding whatever tool is being used that produced that information will need to be addressed by the associated author. This topic is for OTL related questions.

Cheers.

OT

[azarl]

Hi there

I am dealing with a little bit of malware and have a random entry in the log which I am going to remove.

mRun: [audiowx] rundll32.exe "23drhl.dll",s

However, before I proceed - Can I ask what the ,s indicates on the end?

Thanks

That's a DDS entry not OTL. the 's' is the entry point within the module. Basically it means Run 23drhl.dll and start execution at the routine labelled 's'

[Wing Man]

Duh! I wasn't even looking at the mRun: notation... just the file.
Thanks azari, more I thought about it, a parameter would have probably been coded like:
mRun: [audiowx] rundll32.exe "23drhl.dll" /silent

[mgrzeg]

Hi there,
as I couldn't find any other place to post support question regarding OTL, I do it here
Some users complain, that OTL can't generate the Extras.txt file because of the "Win32 Error. Code: 23... (CRC)". There's a memory dump file created manually by one of ther users at the moment, when the error message box appears.
I tried to find some information about the reasons, but without .pdbs it's very hard.
Maybe you can help?

m.g.

[Dakeyras]

Hi and welcome to Geeks to Go.

That specific error relates to what is known as a Cyclic Redundancy Check and not something usually associated with malware, though feasible never actually encountered such myself. In some instances it can be caused by a faulting Hard-Drive(be it one in situ and or a network type etc) or a form of CD/DVD removable storage present when OTL is ran that may be damaged for example.

My best advice in this instance would be to seek further assistance in this part of the forum:-

Hardware, Components and Peripherals

Or if you genuinely feel malware may be the culprit:-

Malware and Spyware Cleaning Guide

[Valinorum]

Great and informative thread.It really helped me a lot.