Navigation section
Log files
- Thread starter Peterr
- Start date
Can you elaborate on what you want to document? Are you referring to trying to capture malware in the act of installing, or documenting detail of what is currently installed and/or running that can be compared to a standard to identify anomalies, or recording what the AV software is looked at and what it's found? Or is the answer, "yes, any/all"?
- Thread Author
- #3
I recently had a bug I could remove but it would come back. I did find a way to remove it for good. I have MBAM so found that they will go over a log file to see how or if one should remove a file, without removing a good file with it.
Also, and in my search for such a service, MG's replied that they also do this.
So I have 2 services I can send a log file to be analyzed if I am unsure what to do with an infection.
If you know of any site I would like to know about it as these things can take time and can overwhelm a site.
Thank you
Peter
Also, and in my search for such a service, MG's replied that they also do this.
So I have 2 services I can send a log file to be analyzed if I am unsure what to do with an infection.
If you know of any site I would like to know about it as these things can take time and can overwhelm a site.
Thank you
Peter
What you're looking for is other services that do this? I think many of the AV companies do this, although I have never used that service. There are many places you can go online to get information on specific malware files that might be disguised as a legit program. If you do a Google search on the suspect filename, you can find information on the profile. The disguised programs are almost never the exact size as the legit file and often reside in a different directory.
Another giveaway is associated files. If it isn't masquerading as a Windows file, you can look at what program the legit file would be associated with and see if you even have that program installed. Also, malware often has several component files that aren't disguised as something else and you can see if any of the component files are on your computer.
If you are in doubt about deleting a file, move it to a temporary directory and change its filename extension. If it was a legit file and important, its absence should be noted. You can also run sfc /scannow if it was a Windows file or reinstall or repair non-Windows software to replace the file with a known good one.
Another giveaway is associated files. If it isn't masquerading as a Windows file, you can look at what program the legit file would be associated with and see if you even have that program installed. Also, malware often has several component files that aren't disguised as something else and you can see if any of the component files are on your computer.
If you are in doubt about deleting a file, move it to a temporary directory and change its filename extension. If it was a legit file and important, its absence should be noted. You can also run sfc /scannow if it was a Windows file or reinstall or repair non-Windows software to replace the file with a known good one.
Similar threads
- Featured
- Article
- Featured
- Article
- Solved