Cheers.
OT
OTL Tutorial - How to use OldTimer ListIt
#31
- Group: Global Moderator
- Posts: 3,260
- Joined: 11-March 05
Posted 22 October 2010 - 08:01 AM
Cheers.
OT
#32
- Group: Visiting Consultant
- Posts: 41
- Joined: 02-November 09
Posted 12 November 2010 - 04:22 PM
This is a good tutorial, but unfortunately it is lacking examples on how to do the scripting.
For instance, lets say I have a services line in an OTL log that look like this:
Now, if this were ComboFix or The Avenger, obviously you would want to do this:
Or this:
However, there is no indication in the tutorial (at least none that I have been able to find) that this style is even remotely correct in OTL.
So, the real question, which (one again, as far as I have been able to tell) is not answered by the tutorial, is whether this is the correct method of using :Services:
Or whether this is the correct method of using :Services:
For instance, lets say I have a services line in an OTL log that look like this:
SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
Now, if this were ComboFix or The Avenger, obviously you would want to do this:
Driver:: waatservice
Or this:
Drivers to delete: waatservice
However, there is no indication in the tutorial (at least none that I have been able to find) that this style is even remotely correct in OTL.
So, the real question, which (one again, as far as I have been able to tell) is not answered by the tutorial, is whether this is the correct method of using :Services:
:Services waatservice
Or whether this is the correct method of using :Services:
:Services SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
#33
- Group: GeekU Moderator
- Posts: 55,405
- Joined: 31-May 06
Posted 12 November 2010 - 04:37 PM
Why not use
Quote
:OTL
SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
#34
- Group: Visiting Consultant
- Posts: 41
- Joined: 02-November 09
Posted 12 November 2010 - 05:10 PM
Essexboy said:
Why not use
Quote
:OTL
SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
SRV - [2008/07/22 12:44:14 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\waatservice.exe -- (waatservice)
Well, the section on the directives doesn't really say if :OTL works on services, and the presence of :Services leads one to assume that you would want to use it instead.
#35
- Group: GeekU Moderator
- Posts: 55,405
- Joined: 31-May 06
Posted 13 November 2010 - 05:10 AM
It gives you an option - If you know the service but it does not show in OTL (i.e. it is legit but causing you problems) under the srv heading then you can use :services
#36
- Group: Visiting Consultant
- Posts: 41
- Joined: 02-November 09
Posted 13 November 2010 - 07:12 AM
Essexboy said:
It gives you an option - If you know the service but it does not show in OTL (i.e. it is legit but causing you problems) under the srv heading then you can use :services
So then the usage for :Services would be similar to ComboFix and The Avenger, since you're only expected to know the name of the service?
#37
- Group: GeekU Moderator
- Posts: 55,405
- Joined: 31-May 06
Posted 13 November 2010 - 07:22 AM
Correct and if you know the related file that will go under the :files heading
#38
- Group: Visiting Consultant
- Posts: 41
- Joined: 02-November 09
Posted 13 November 2010 - 07:23 AM
Essexboy said:
Correct and if you know the related file that will go under the :files heading
Cool. Thank you.
#39
- Group: Member
- Posts: 10
- Joined: 05-December 10
Posted 05 December 2010 - 02:39 PM
After restarting of pc,OTL icon is no more?
Thus,I again downloaded from here...My system has to be reboot bcuz of an Installation,again OTL icon is missing.
do I need do download it again or is it common dear Admin?
-Thanks
Maggi
Thus,I again downloaded from here...My system has to be reboot bcuz of an Installation,again OTL icon is missing.
do I need do download it again or is it common dear Admin?
-Thanks
Maggi
#40
- Group: GeekU Moderator
- Posts: 14,381
- Joined: 19-November 07
Posted 17 December 2010 - 06:37 PM
Sorry for the delay in replying. Some glitches with the recent forum upgrade have resulted in some things being missed.
Now
Something wrong there, maybe malware or maybe something you did or even a system related problem.
Open a new topic in the Malware forum explaining the problem. Someone there should be able to have a look at it for you.
Now
Something wrong there, maybe malware or maybe something you did or even a system related problem.
Open a new topic in the Malware forum explaining the problem. Someone there should be able to have a look at it for you.
#41
- Group: Member
- Posts: 37
- Joined: 22-December 10
Posted 22 December 2010 - 08:02 PM
This is by far the best tutorial describing OTL I have ever seen.
#42
- Group: Member
- Posts: 5
- Joined: 28-April 11
Posted 29 April 2011 - 12:58 PM
Hello,
Just had a quick question re: OTL. It has been running for 2 hours on my machine and seems to be going in circles and keeps coming back to "checking for newly modified files" in my system32 folder. The scan is constantly scanning but everything I find online shows that this scan takes no more then 10 minutes. Should I stop it and restart? I cant seem to find anywhere online that discusses this particular problem.
Thanks,
Aarika
Just had a quick question re: OTL. It has been running for 2 hours on my machine and seems to be going in circles and keeps coming back to "checking for newly modified files" in my system32 folder. The scan is constantly scanning but everything I find online shows that this scan takes no more then 10 minutes. Should I stop it and restart? I cant seem to find anywhere online that discusses this particular problem.
Thanks,
Aarika
#43
- Group: Moderator
- Posts: 7,649
- Joined: 28-April 09
Posted 29 April 2011 - 01:36 PM
@aarikarenaa,
OTL shouldn't take that long to run a scan. You should exit out of the current scan and restart your computer and then attempt to run a new scan, and see if you have better luck then.
Kindest Regards,
ST.
OTL shouldn't take that long to run a scan. You should exit out of the current scan and restart your computer and then attempt to run a new scan, and see if you have better luck then.
Kindest Regards,
ST.
#44
- Group: Member
- Posts: 5
- Joined: 28-April 11
Posted 29 April 2011 - 01:59 PM
Thanks so much for the quick response. I was feeling as though I was slowly losing my mind and have a feeling I will see scan results in my dreams tonight haha. I kept wanting to stop it but it was actually progressing just now we are at a 3 hour point... *fingers are crossed*
Thanks again,
AarikaRenaa
*fingers are crossed* Thanks again,
AarikaRenaa
#45
- Group: Moderator
- Posts: 7,649
- Joined: 28-April 09
Posted 29 April 2011 - 02:00 PM
Please let me know if it freezes up on you again.
