Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

FRST Tutorial Comment

* * * * * 1 votes FRST farbar tutorial

  • Please log in to reply
189 replies to this topic

#31
Leplante

Leplante

    New Member

  • Member
  • Pip
  • 4 posts

Hello,

Using version 13-04-2015, with "Search files" option, i don't get the hash MD5 information, but only [File is signed]

Is there any chance to get the MD5 info ?

Thanks,

Best regards,

 

 


  • 0

Advertisements


#32
farbar

farbar

    Developer

  • Expert
  • 350 posts

Hi Leplante,

 

Normally the MD5 is listed when the "Search Files" option is used. So there could be something wrong with the system.


  • 0

#33
Leplante

Leplante

    New Member

  • Member
  • Pip
  • 4 posts

Hello Farbar,

Thanks for your reply !

 

I checked again : it's working fine on a Win7-64 bits VM (FRST64), not on the 32 bits version (removed & reinstalled FRST)

I also checked on a 8.1-32 VM :

C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_04af6079f0517dbb\winlogon.exe
[2014-12-02 16:21][2014-10-29 03:01] 0465408 ____A (Microsoft Corporation)  [File is signed]

(brand new FRST version)

Brgds


  • 0

#34
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,374 posts

Hi Farbar,

 

I can confirm the same result as Leplante on Windows 7 Enterprise x86 FRST v13.4.215.0, on Windows 7 x64 it's ok!


  • 0

#35
farbar

farbar

    Developer

  • Expert
  • 350 posts

Hi,

 

There was a bug in x86 version. It should be fixed now. Thank you for reporting it Leplante.

 

Also thank you SleepyDude for the extra confirmation.


  • 1

#36
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,374 posts

Hi,

 

There was a bug in x86 version. It should be fixed now. Thank you for reporting it Leplante.

 

Also thank you SleepyDude for the extra confirmation.

 

Thank you Farbar. All good now. :thumbsup:


  • 0

#37
JoeTheAllan

JoeTheAllan

    New Member

  • Member
  • Pip
  • 5 posts

You put a lot of effort into it, good job


  • 0

#38
Aura

Aura

    Special Ops

  • Malware Removal
  • 2,523 posts
Simple question, would it be possible to execute FRST on a remote computer using PsExec.exe? It would be used on a domain and my domain user have Admin Rights on the computers it would be used on.

Edit: Nevermind just realized I'm stupid, without CLI options it won't work.

Edited by Aura, 13 May 2015 - 04:18 PM.

  • 0

#39
diego_moicano

diego_moicano

    Visiting Consultant

  • Visiting Consultant
  • 11 posts

Hi Farbar

Thank you by excellent tool and tutorial. :thumbsup:

In tutorial:

AlternateDataStreams

Here (bold red):
 

If the ADS is on a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.

It would not be (bold blue):
 

If the ADS is no a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.

I have a doubt. :rolleyes:

 

To view the contents of a file, it would be only by CMD: directive, just like this:

CMD:type C:\windows\file.txt

If yes, one idea: create a directive, something like this:

FileContent:path

or

CatFile:path

I don't know if it would be interesting and functional.

 

Hugs :D


  • 0

#40
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Hello diego_moicano,
 
I am not exactly sure what you are questioning here?
 

If the ADS is no a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.


Perhaps you mean?
 

If the ADS is not a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.

 

In which case the ADS would not be on a legitimate file/folder and I don't think the fix would work but Farbar might have a comment.
 

To view the contents of a file, it would be only by CMD: directive, just like this:


I am also not sure what you are referring to with that comment. Are you suggesting a change to the existing directive?
 
There is already provision to view the contents of a file. See the tutorial:
 

File: and Folder:

Are used to see a file specifications or the content of a folder.
 

File: path
    Folder: path

 


  • 0

Advertisements


#41
farbar

farbar

    Developer

  • Expert
  • 350 posts

Hi diego_moicano,

 

If the ADS is on a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.

 

The statement is a correct one. In case the (bad) ADS is on a legitimate file/folder, you want to remove the ADS but leave the file/folder alone. Let's assume the ADS is on a bad file/folder, then you don't need to remove the ADS. Instead you can remove the file/folder itself so not only the bad file/folder is removed the ADS on it will be removed too.

 

AS far as the suggesion for FileContent: directive concerns, I'll consider adding it.

 

Thank you for your comment. :)


  • 0

#42
diego_moicano

diego_moicano

    Visiting Consultant

  • Visiting Consultant
  • 11 posts

Hi emeraldnzl

 

Thank you for return, :)

 

Yes, is it:

 

If the ADS is not a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.

 

 

Sorry my english... :blush:

 

Are you suggesting a change to the existing directive?

 

No...
 

 

Are used to see a file specifications or the content of a folder.

 

From what I understand the File: directive shows the specifications of the file and not the content... so I'm wrong?  :confused: 

 

Hugs :D


  • 0

#43
diego_moicano

diego_moicano

    Visiting Consultant

  • Visiting Consultant
  • 11 posts

Ok Farbar ... we wrote at the same time!

Thank you.
:thumbsup:


  • 0

#44
Clade

Clade

    Member

  • Member
  • PipPip
  • 10 posts
Hi!
 
I would like a little understanding as my language is not English (Portuguese)
 
By the observations of the corrections made by FRST it shows up as an excellent tool for OS fixes. . .
 
questioning:
 
1. What are the minimum prerequisites needed to be able to analyze log and be able to make necessary corrections?
 
2. In which cases can it not work?
 
Thank you for attention!

  • 0

#45
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Hello Clade,

 

 

What are the minimum prerequisites needed to be able to analyze log and be able to make necessary corrections?


Perhaps you can expand on what you mean.

If you mean what will FRST work with, then that is covered in the tutorial.

If you mean what qualifications do you need to analyze a log it depends whether you want to work/help on one of the sites that work with malware removal or analyze a log yourself.

All the approved sites, see here, require you to have qualified through one of their training schools. Geekstogo for instance is GeekU see here.

If it is your own computer and you have some experience then you can follow the tutorial but at your own risk. As mentioned in the tutorial it is strongly advised that you seek help from an expert if you are unsure about anything. If you were seeking help at Geekstogo you would open a topic in the Virus,Spyware,Malware removal forum here.
 

In which cases can it not work?


As stated in the tutorial FRST will work on viable Windows Operating Systems listed:
 

Farbar's Recovery Scan Tool is designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 Operating Systems. There are two versions, a 32-bit and a 64-bit version.
Note: FRST64 is not designed to run on XP 64-bit systems.


It won't work on other operating systems.


  • 0





Also tagged with one or more of these keywords: FRST, farbar, tutorial

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.