ache
March 17, 2015, 11:44am
1
I am working on a “multiple log file analyzer” at the moment.
I’m trying to make it work with:
Farbar logs (FRST.txt and addition.txt)
HijackThis logs (hijackthis.log)
OTL logs
Other log files ?
I have the analyzing part for FRST.txt (kinda?) working.
Ofcourse the database is still very small, but it will grow
Things that I want/thinking of to add (in random order):
Detection for things in addition.txt (Farbar)
Completely rewritten HijackThis log analyzing part
OTL log file analyzing
Admin console
Settings file to customize some things
A sneak(y) preview can be found at:
http://www.ache.nl/cgi-bin/download.pl?file=Ala
To use it:
place FRST.txt in the same folder as you installed the analyzer and run ALA.exe
If you run it and get to see “You are using a old version of Farbar.”,
just change the end of the first line in FRST.txt to “11-03-2015”
Have I done something wrong Eddy ?
ache
March 17, 2015, 4:16pm
3
Yes, the log file need be named FRST.txt
fixt and now running
Where does it save the fixlist ?
ache
March 17, 2015, 6:09pm
5
In the same folder as the tool is installed.
Or at least it should do so ;D
Hmm did not appear there, I will do a search
Interesting, thanks for sharing Eddy.
Note: I got the following Avast warning. (See Screenshot)
ache
March 18, 2015, 11:28am
9
It is a false positive that I have reported to avast about 3 weeks ago already.
They still haven’t fixed it
It might help to PM Milos.
ache
March 21, 2015, 3:08pm
11
Project update:
1]
Added analyzing for addition.txt
2]
Made a (small) start on the analyzing part for HijackThis log files.
ache
March 26, 2015, 5:32pm
12
Added checking for things in addition.txt
Added detection for Poweliks! in addition.txt
Added detection for items in the Farbar logfile
Fixed a bug where Addition.txt wasn’t scanned.
http://www.ache.nl/cgi-bin/download.pl?file=Ala-B10
NOTE:
The tool is still under development and is released for testing purposes only.
Avast still doesn’t like it Eddy … Nor does windows smart filter
ache
March 26, 2015, 6:08pm
14
Only avast detects it.
Reported it through the contact form.
Reported it multiple times by submitting through the UI.
Still not fixed by avast
https://www.virustotal.com/en/file/2f807a9aded209ed5c04061b0a582f813d5bedf2516634d02a292703eca604b9/analysis/1427392091/
http://www.virscan.org/scan/b3a9b0fb57560700c31202e71dba10fd
Little information about the current development status (Hijackthis part):
Routine for checking which Hijackthis version is used is ready.
Routine for checking what OS/SP is used is ready.
These are ready but not implemented yet.
ache
March 27, 2015, 7:52am
16
I already was informed by my host that they are installing PHP 5.4 next month.
It is supposed to have all things needed to smoothly update to the upcoming PHP 7 version.
ache
March 27, 2015, 12:33pm
17
Dropped a line on Milos.
Could take a while till it is fixed.
I dropped a heavy anchor chain on him to make sure he noticed the line ;D
ache
March 30, 2015, 7:11pm
18
Reply from avast about the false positive:
The problem is, what we detect is this string: "AUTOIT3EXECUTESCRIPT C:\\GOOGLE\\GOOGLEUPDATE". That is in all the infected lnk files, but unfortunatelly in your .dat file as well. I suppose you are changing the file quite often, so whitelisting (which is hash-based) would not help much, right? (I whitelisted it now anyway.) I will try to change the detection so it does not flag your file...
New test version is now online:
Added detection for items in the farbar log
Added detection for things in addition.txt
Added the first (small) things to support checking the Hijackthis log
Added colors
http://www.ache.nl/cgi-bin/download.pl?file=MFLA
I could use some HJT logs from people who are running Windows 7, 8.1 and the preview of version 10.
All updates must be installed, not only for Windows but also for IE and such.
Windows 10 build 10049
Using Spartan as my browser
ache
March 31, 2015, 7:53pm
20
Thank you essexboy,
I see your system is really badly infected with the Essexboy virus ;D
I was asking for HijackThis logs