Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

FRST Tutorial Comment

* * * * * 1 votes FRST farbar tutorial

  • Please log in to reply
176 replies to this topic

#61
tekir06

tekir06

    Visiting Consultant

  • Visiting Consultant
  • 4 posts

Hello emeraldnzl,

 

Thanks for reply. No, It was not used in RC mode. Links are below:

 

http://www.techsuppo...tml#post6974609

http://www.techsuppo...tml#post6986489

 

Hello picasso,

 

Thanks for reply. I think I was like you wrote.

 

 

 

 


  • 0

Advertisements


#62
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

 

No, It was not used in RC mode. Links are below:

 

:thumbsup:


  • 0

#63
mrfixiter

mrfixiter

    New Member

  • Member
  • Pip
  • 9 posts

Hi :)
 
I was wondering if someone could elaborate on the One Month Created files and folders section of the log. I was helping a user and noticed that AdwCleaner had been recently downloaded.

2016-04-22 12:50 - 2016-04-22 12:50 - 03683904 _____ C:\Users\aroco\Downloads\adwcleaner_5.112.exe

However there was no AdwCleaner scan/text log entry in the One Month Created files and folders section. The only evidence was:

2016-04-23 09:24 - 2016-04-23 09:29 - 00000000 ____D C:\AdwCleaner

I then tried it on my own machine and the same thing happened. What exactly are the criteria for a file to be listed in the One Month Created files and folders?

 

Thanks for your assistance.

 

mrfixiter


  • 0

#64
farbar

farbar

    Developer

  • Expert
  • 392 posts

Hi mrfixiter,

 

AdwCleaner keeps its logs and back ups inside its folder on the system drive (C:\AdwCleaner). FRST doesn't look into custom folders. It only lists them. If the scan log was elsewhere like on the root of system drive or on the Desktop, FRST would list it.


  • 0

#65
mrfixiter

mrfixiter

    New Member

  • Member
  • Pip
  • 9 posts

Hi Farbar :)

If the scan log was elsewhere like on the root of system drive or on the Desktop, FRST would list it.

I think that is important information. Would you consider adding that to the tutorial?

Thanks for your assistance.

mrfixiter


  • 0

#66
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hello mrfixiter,

If it were me, I would just use the File: and Folder: directives if I wanted that sort of information. See the tutorial. :)


  • 0

#67
mrfixiter

mrfixiter

    New Member

  • Member
  • Pip
  • 9 posts

Hi emeraldnzl :)

 

My reason for posting was to point out a discrepancy between what the heading in the log, One Month Created/Modified files and folders says and what is actually displayed in that section. I think it is important to know in advance that it is not an all inclusive report. In other words, you can't just look at that section and say, this list includes every file and folder that was added or modified in the past month. Agreed?

 

polskamachina

 

 


  • 0

#68
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Thank you for the comment.

 

I will see if we can word the tutorial so that it better represents what is shown in the log. :)


  • 0

#69
Herman_Salim

Herman_Salim

    Member

  • Member
  • PipPip
  • 35 posts

Hello.. Everybody.. I know the farbar tools from MalwaretipsTwinHeadedEagle use it very well. As I don't have enough time to take a Malware Training Class, I learn to use this tool by Farbar tutorial page and Watch each Malware Removal Assistance's Thread. I very appreciate the Farbar developers for their quality time to make this tool.

I also use this tool for helping my friend and people that have malware problem in largest forum in my country (Indonesia).

I have a few questions:

  • The emptytemp command. Which folder's path or area does it attemp to delete? Does this also delete browser cache and cookies?
  • With farbar tutorial page, whether all of you don't afraid if some bad guy (Malware's maker) see this tutorial and maybe they make some malware that hard to be detect or remove by Farbar?
  • EXE Association, why don't make SCR, COM, PIF, CMD, or any executable file's association? Many malware does alter this all association too auto execute itself.

Sorry for my bad english and grammar  :yes:


  • 0

#70
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hello polskamachina,

 

 

The emptytemp command. Which folder's path or area does it attemp to delete? Does this also delete browser cache and cookies?

 

The tutorial states the directories the Emptytemp: command empties.

EmptyTemp:

The following directories are emptied:
- Windows Temp
- Users Temp folders
- Edge, IE, FF, Chrome and Opera cache, HTML5 Local Storage, Cookies and History (Note: FF history is not removed)
- Recently opened files cache
- Flash Player cache
- Java cache
- Steam HTML cache
- Explorer thumbnail cache
- BITS transfer queue (qmgr*.dat files)
- Recycle Bin

 

With farbar tutorial page, whether all of you don't afraid if some bad guy (Malware's maker) see this tutorial and maybe they make some malware that hard to be detect or remove by Farbar?

 

Other malware specialists will have a view about that but here are my thoughts.

 

There is always a risk that the "bad guys" gain some advantage but on balance I think it's better to make the tutorial public so that the "good guys" had a tool they can use. I think Farbar has similar views.

 

 

EXE Association, why don't make SCR, COM, PIF, CMD, or any executable file's association? Many malware does alter this all association too auto execute itself.

 

There is a scan listed under EXE Association in the tutorial. Does that help or were you wanting something else?


  • 1

Advertisements


#71
Herman_Salim

Herman_Salim

    Member

  • Member
  • PipPip
  • 35 posts

Thank you for answer itu clearly..

 

 

 

There is a scan listed under EXE Association in the tutorial. Does that help or were you wanting something else?

 

I mean, i have a suggestion for farbar nect time before release next update.

Maybe farbar recovery scan tool can add other scan area association, not just exe.

com, bat, scr, pif, reg, cmd. Those file association are favourite to be altered by malware, besides exe association.


  • 0

#72
farbar

farbar

    Developer

  • Expert
  • 392 posts

Hello Herman_Salim,

 

The suggestion will be considered. :thumbsup:


  • 0

#73
Herman_Salim

Herman_Salim

    Member

  • Member
  • PipPip
  • 35 posts

I have another question. Why do any Malware Removal Helper Team always ask to save Farbar to desktop before run it? Is it give a different result while we save farbar to another folder?

 

Hello Herman_Salim,

 

The suggestion will be considered. 

 

 

Thank you then..  :thumbsup:


  • 0

#74
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,154 posts

I'm unable to quote in this thread, but I can in others... is this just me?


  • 0

#75
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hi Dan,

 

It seems I can make a quote box appear:

 

 

 

 

 

Is that what you mean?

 

If it's persisting problem then maybe you should open a topic here.


  • 0





Also tagged with one or more of these keywords: FRST, farbar, tutorial

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.