184 replies to this topic

[mike_1]

Good evening. I wrote a script for the user, but when the executed script arises this error:

 

 

 

 

My script:

SearchScopes: HKU\S-1-5-21-3463515254-3693375673-316930619-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3463515254-3693375673-316930619-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> gosearch
CHR DefaultSearchURL: Default -> http://go-search.ru/search?q={searchTerms}
CHR Extension: (Adobe DTM Switch) - C:\Users\Ольга\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlgdemkdapolikbjimjajpmonpbpmipk [2014-12-20]
2014-12-19 19:32 - 2014-12-19 19:37 - 00000000 ____D () C:\Users\Ольга\AppData\Roaming\advPlugin
2014-12-19 19:32 - 2014-12-19 19:32 - 00000000 ____D () C:\Users\Ольга\AppData\Local\Поиcк в Интeрнете
2014-12-19 19:32 - 2014-12-19 19:32 - 00000000 ____D () C:\Users\Ольга\AppData\Local\Вoйти в Интeрнет 2inf.net
2014-12-19 17:10 - 2014-12-19 19:36 - 00000000 ____D () C:\Users\Ольга\AppData\Roaming\eTranslator
2014-12-19 17:10 - 2014-12-19 17:10 - 00000000 __SHD () C:\Users\Ольга\AppData\Local\EmieBrowserModeList
2014-12-19 17:08 - 2014-12-21 21:08 - 00000000 ____D () C:\Users\Ольга\AppData\Local\SystemDir
Task: {47C74A73-86FF-4E79-8CF5-329CDD853E0C} - \nethost task No Task File <==== ATTENTION
Task: {9036DDF8-DA3C-4A7F-9F75-A56EB2BE50C8} - \SystemScript No Task File <==== ATTENTION
EmptyTemp:
Reboot:

What's the problem?

 

Thanks. 

Edited by mike_1, 01 January 2015 - 01:27 PM.

[emeraldnzl]

This is a question about the use of FRST rather than about the tutorial.

 

Please open a topic in this Forum and an expert will help you with an answer.

 

Include a link to the users thread if you have one.

[mike_1]

Please open a topic in this Forum and an expert will help you with an answer.

My computer does not require treatment.

 

 

Include a link to the users thread if you have one.

 http://virusinfo.inf...ad.php?t=173235

[emeraldnzl]

I understand.

 

This is a question that would normally discussed in private malware expert forums.

 

Your question needs an expert to answer and that was the reason for the referral to that forum.

 

I will PM you separately.

 

Meantime, after looking at the thread I see that FRST was unable to interpret some items in Russian. To get around that try saving the fixlist.txt as unicode.

Edited by emeraldnzl, 01 January 2015 - 02:52 PM.
grammer

[farbar]

Hello mike_1,

 

Indeed this topic concerns FRST tutorial. And unfortunately at the moment we have no other topic to deal with this type of questions or error reporting. As far as the error concerns, there was a bug around the time that FRST produced the error on that topic. The bug had no effect on the fixing, and the fix would complete. Only the last line of the log ("End of Fixlog") would not be produced. The bug was fixed at the time.

[mike_1]

Clearly. Thanks for answers.

[MoNsTeReNeRgY22]

Does a FRST fix log need start on the first line and end on the last line?

[emeraldnzl]

Start and end in the fix are optional.

 

The only advantage in including it is that when the users copy and paste the script, they don't miss a part at the start or at the end.

 

Actually you will see any number of examples in the tutorial without start and end in the script.

[DanoNH]

Hi, I have a question about the logs generated by FRST. It seems that sometimes a space will be inserted into a log line, like this (note the space in "user.js" where it displays as "u ser.js"):

 

FF user.js: detected! => C:\Users\iselba\AppData\Roaming\Mozilla\Firefox\Profiles\gnw8ay56.default\u ser.js [2015-03-07]

 

Is this normal?  Why might this be happening? 

 

Also, if I come across this, is it best to use the line verbatim in a fix, or should I correct it, knowing full well that the file name is most likely "user.js"?

 

I didn't see this answered in my travels...  thanks!

[emeraldnzl]

I see that happen occasionally at TSG.

 

I don't know whether it is the forum software or something the user has done. Most likely the former but it should read without the space i.e. "user.js"

[DanoNH]

Thanks for the response, Alec.  I wish TSG would upgrade because their forum software seems a bit antiquated and all my canneds that work here have to be carefully edited for links, images, lists, etc. for use there if I dare copy my proposed fixes from here to there...

 

I can ask them at TSG about this.  Thanks.

[DanoNH]

Update: Known vBulletin issue.  Work-around: use CODE tags to wrap the content and fix up the spaces...

 

Cheers!

[emeraldnzl]

[peterracine]

Hello everyone, I was just curious as to what the term bamital stands for. I did find some info about a volsnap check however, I found no information about what bamital is  or stands for. No hurry on a response I was just curious. I would like to add that I love this tool and it has helped me with infected systems that were unresponsive with the usual cleaning methods. I do appreciate everyone that have created free available programs that help us to get rid of unwanted malware .

 

Sincerely,

 

Peter Racine 

[emeraldnzl]

Hello Peter,

Glad you like the tool.

Barmital is an infection delivered via a trojan horse, see links below:
 
http://www.microsoft...e=Win32/Bamital

http://krebsonsecuri...bamital-botnet/

http://www.symantec....5941-99&tabid=2

Edited by emeraldnzl, 10 March 2015 - 06:41 PM.
further link added