184 replies to this topic

[tekir06]

Hello emeraldnzl,

 

Thanks for reply. No, It was not used in RC mode. Links are below:

 

http://www.techsuppo...tml#post6974609

http://www.techsuppo...tml#post6986489

 

Hello picasso,

 

Thanks for reply. I think I was like you wrote.

 

 

 

 

[emeraldnzl]

 

No, It was not used in RC mode. Links are below:

 

[mrfixiter]

Hi
 
I was wondering if someone could elaborate on the One Month Created files and folders section of the log. I was helping a user and noticed that AdwCleaner had been recently downloaded.

2016-04-22 12:50 - 2016-04-22 12:50 - 03683904 _____ C:\Users\aroco\Downloads\adwcleaner_5.112.exe

However there was no AdwCleaner scan/text log entry in the One Month Created files and folders section. The only evidence was:

2016-04-23 09:24 - 2016-04-23 09:29 - 00000000 ____D C:\AdwCleaner

I then tried it on my own machine and the same thing happened. What exactly are the criteria for a file to be listed in the One Month Created files and folders?

 

Thanks for your assistance.

 

mrfixiter

[farbar]

Hi mrfixiter,

 

AdwCleaner keeps its logs and back ups inside its folder on the system drive (C:\AdwCleaner). FRST doesn't look into custom folders. It only lists them. If the scan log was elsewhere like on the root of system drive or on the Desktop, FRST would list it.

[mrfixiter]

Hi Farbar

If the scan log was elsewhere like on the root of system drive or on the Desktop, FRST would list it.

I think that is important information. Would you consider adding that to the tutorial?

Thanks for your assistance.

mrfixiter

[emeraldnzl]

Hello mrfixiter,

If it were me, I would just use the File: and Folder: directives if I wanted that sort of information. See the tutorial.

[mrfixiter]

Hi emeraldnzl

 

My reason for posting was to point out a discrepancy between what the heading in the log, One Month Created/Modified files and folders says and what is actually displayed in that section. I think it is important to know in advance that it is not an all inclusive report. In other words, you can't just look at that section and say, this list includes every file and folder that was added or modified in the past month. Agreed?

 

polskamachina

 

 

[emeraldnzl]

Thank you for the comment.

 

I will see if we can word the tutorial so that it better represents what is shown in the log.

[Herman_Salim]

Hello.. Everybody.. I know the farbar tools from Malwaretips, TwinHeadedEagle use it very well. As I don't have enough time to take a Malware Training Class, I learn to use this tool by Farbar tutorial page and Watch each Malware Removal Assistance's Thread. I very appreciate the Farbar developers for their quality time to make this tool.

I also use this tool for helping my friend and people that have malware problem in largest forum in my country (Indonesia).

I have a few questions:

• The emptytemp command. Which folder's path or area does it attemp to delete? Does this also delete browser cache and cookies?
• With farbar tutorial page, whether all of you don't afraid if some bad guy (Malware's maker) see this tutorial and maybe they make some malware that hard to be detect or remove by Farbar?
• EXE Association, why don't make SCR, COM, PIF, CMD, or any executable file's association? Many malware does alter this all association too auto execute itself.

Sorry for my bad english and grammar 

[emeraldnzl]

Hello polskamachina,

 

 

The emptytemp command. Which folder's path or area does it attemp to delete? Does this also delete browser cache and cookies?

 

The tutorial states the directories the Emptytemp: command empties.

EmptyTemp:

The following directories are emptied:
- Windows Temp
- Users Temp folders
- Edge, IE, FF, Chrome and Opera cache, HTML5 Local Storage, Cookies and History (Note: FF history is not removed)
- Recently opened files cache
- Flash Player cache
- Java cache
- Steam HTML cache
- Explorer thumbnail cache
- BITS transfer queue (qmgr*.dat files)
- Recycle Bin

 

With farbar tutorial page, whether all of you don't afraid if some bad guy (Malware's maker) see this tutorial and maybe they make some malware that hard to be detect or remove by Farbar?

 

Other malware specialists will have a view about that but here are my thoughts.

 

There is always a risk that the "bad guys" gain some advantage but on balance I think it's better to make the tutorial public so that the "good guys" had a tool they can use. I think Farbar has similar views.

 

 

EXE Association, why don't make SCR, COM, PIF, CMD, or any executable file's association? Many malware does alter this all association too auto execute itself.

 

There is a scan listed under EXE Association in the tutorial. Does that help or were you wanting something else?

[Herman_Salim]

Thank you for answer itu clearly..

 

 

 

There is a scan listed under EXE Association in the tutorial. Does that help or were you wanting something else?

 

I mean, i have a suggestion for farbar nect time before release next update.

Maybe farbar recovery scan tool can add other scan area association, not just exe.

com, bat, scr, pif, reg, cmd. Those file association are favourite to be altered by malware, besides exe association.

[farbar]

Hello Herman_Salim,

 

The suggestion will be considered.

[Herman_Salim]

I have another question. Why do any Malware Removal Helper Team always ask to save Farbar to desktop before run it? Is it give a different result while we save farbar to another folder?

 

Hello Herman_Salim,

 

The suggestion will be considered. 

 

 

Thank you then.. 

[DanoNH]

I'm unable to quote in this thread, but I can in others... is this just me?

[emeraldnzl]

Hi Dan,

 

It seems I can make a quote box appear:

 

 

 

 

 

Is that what you mean?

 

If it's persisting problem then maybe you should open a topic here.