#16
Posted 02 August 2010 - 06:09 AM
#17
Posted 07 August 2010 - 04:23 PM
I've tried the three different extensions but to no avail.
Anyone got any pointers or ideas? It would be much appreciated..
Sorry if this is posted in the wrong place.
Regards, Toker
#18
Posted 07 August 2010 - 04:31 PM
Might be malware preventing it. If you think it is, go to this link:
http://www.geekstogo...uide-t2852.html
follow the actions there and post a new topic here (with the relevant scan logs) if the problem persists.
#19
Posted 07 August 2010 - 04:44 PM
Hi Toker,
Might be malware preventing it. If you think it is, go to this link:
http://www.geekstogo...uide-t2852.html
follow the actions there and post a new topic here (with the relevant scan logs) if the problem persists.
High emeraldnzl..
Over the last few hours i've run lots of malware scans but everything is clean.
I've used both on and off line scans along with MBAM, SAS and Spybot.
I've even tried starting OTL in safe mode but to no avail.
Thank you for your reply..
#20
Posted 07 August 2010 - 05:04 PM
This is not the place to pursue this.
My previous suggestions stand. Something is preventing it running, this could be malware or your own anti-malware programs although I think that unlikely.
Why don't you post a topic in the malware forum with what logs you can provide... Malwarebytes etc. and see if someone can help you there.
#21
Posted 21 August 2010 - 11:03 AM
Edited by Rorschach112, 21 August 2010 - 11:11 AM.
#22
Posted 21 August 2010 - 11:12 AM
That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post an OTListIt log in THAT forum.
#23
Posted 12 September 2010 - 07:08 AM
Edit: I've run OTL on another machine and made a note of the settings. Extras Registry needs to be set to Use Safe List.
Edited by fjk61011, 12 September 2010 - 07:29 AM.
#24
Posted 12 September 2010 - 08:18 AM
Extra Registry - separate log automatically run on first OTL scan. Carries out the following scans and places the output in the Extras.txt log. This will only be automatically run the first time an OTL.exe scan is performed. After that, if you want to see this output you will need to instruct the user to select either the Use SafeList or All option in the Extra Registry group before performing the next scan:
#25
Posted 12 September 2010 - 10:21 AM
#26
Posted 12 September 2010 - 10:26 AM
Extra Registry - separate log automatically run on first OTL scan. Carries out the following scans and places the output in the Extras.txt log. This will only be automatically run the first time an OTL.exe scan is performed. After that, if you want to see this output you will need to instruct the user to select either the Use SafeList or All option in the Extra Registry group before performing the next scan:
Re-read the tutorial again. Found your quote.
Thanks for your help.
#27
Posted 18 October 2010 - 12:26 PM
OTL adds notations to certain log entries:
[2008/01/20 21:52:15 | 01,216,000 | ---- | M - the last character inside the brackets will either be M or C standing for Created or Modified.
All of the scans except the Files Created scan and the Files Created No Company Name scans will show the last modified date of the files. The two Created scans will show the file or folder's created date. A lot of malware will adjust the modified date to try and hide or blend in with other files or folders so seeing the created date helps in determining potential malware. If the file or folders shows a modified date in 2003 but was created in 2010 then it is an indication that it should be looked at a bit more closely. Look at the created scans very closely because they tend to quickly point out malware.
What you're saying is, it "could be" malware if the folder/file has a modified date that is older then the created date? Asking that, would the above example if changed to; [2008/01/20 21:52:15 | 2010/01/20 21:52:15 | 01,216,000 | ---- | M | C | , be condidered a possible malware?(Did I write that line Properly?) Am I correct in saying this is a modified file ?
Would you have to search the company name to be sure it isn't malware trying to hide, or is there a list of names that can be looked at to determine what is good and what is bad?[2010/03/15 18:25:02 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys - the four designators after the file size can be RHSD and stand for:
R - Readonly
H - Hidden
S - System
D - Directory
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () - denotes that there is not company name. The company name will appear inside the trailing parenthesis. Most malware will not have a company name (but some put one in there in an attempt to hide) but not all files without a company name are bad as this example shows.
Is this technet.microsoft-library a good place for info for further questions I will have, as I'm not too clear on the "file/folder and Directory explaination above? I will have more questions as I read further and just wanted to try and find the answers on my own first before posting any more.[2009/03/10 15:54:00 | 00,000,000 | ---D | M - this shows a Directory (D) that was Modified (M) on 2009/03/10.
In this case the example is a Directory and the date shown is the Modified date.
Directories will always have a file size of zero as this example shows. If it was a file then there would not be a D in that portion and the size of the file would normally be greater than zero although you may find files with a zero size as well, but in that case there still would not be a D value there. In this case the example is a Directory and the date shown is the modified date.
Thanks
Regards
BT
#28
Posted 19 October 2010 - 08:08 AM
There are very few if any absolutes when dealing with malware.No matter what scanner you use, it will simply show you what is present. It is up to you to determine whether something should be there or not. There are legitimate reasons why a file/folder might have a modified date prior to a created date. When you see that, it should simply make you say "Hmmm, I better look at that a little closer." You will never see a line like you created in an OTL log. Any files/folders that show dates will either show a modified date or a created date, depending on what scan the line is part of. Bot modified and created will never show up in the same line.What you're saying is, it "could be" malware if the folder/file has a modified date that is older then the created date? Asking that, would the above example if changed to; [2008/01/20 21:52:15 | 2010/01/20 21:52:15 | 01,216,000 | ---- | M | C | , be condidered a possible malware?(Did I write that line Properly?) Am I correct in saying this is a modified file ?
There are no certainties. A lot of malware has no company name, but not having a company name does not necesasrily mean a file is malware. Likewise, There is some malware that will use legitimate company names like Microsoft, or Intel, or IBM, or Real. And then there are patched files that have legitimate names, are in legitimate locations, but have different file sizes or MD5s. You'll get into all of that in your training.Would you have to search the company name to be sure it isn't malware trying to hide, or is there a list of names that can be looked at to determine what is good and what is bad?
For general computer questions it probably would be. I've never used it. But there are toms of sources on the Internet so if what you are looking for isn't there then Google is your friend.Is this technet.microsoft-library a good place for info for further questions I will have, as I'm not too clear on the "file/folder and Directory explaination above? I will have more questions as I read further and just wanted to try and find the answers on my own first before posting any more.
Also, your PL Instructors are great resources for these questions.
Cheers.
OT
#29
Posted 19 October 2010 - 10:03 AM
Google has become my top best friend for searching and questions. We're getting Real chummy.
For general computer questions it probably would be. I've never used it. But there are toms of sources on the Internet so if what you are looking for isn't there then Google is your friend.
I would but I'm waiting for the door to open. BUT, I'm in no hurry, have lots to read and try to comprehend right here.Also, your PL Instructors are great resources for these questions.
Cheers.
OT
Thank You so much for the explanations to my questions.
Regards
BT
#30
Posted 22 October 2010 - 07:44 AM
thanks for your advance response......
_______________________________________________
Edited by sari, 24 December 2010 - 06:39 AM.
Deleted spam links
Also tagged with one or more of these keywords: OTL, oldtimer, tutorial, how-to, scan
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users