Hello,
Using version 13-04-2015, with "Search files" option, i don't get the hash MD5 information, but only [File is signed]
Is there any chance to get the MD5 info ?
Thanks,
Best regards,
Back to top
#32
Posted 14 April 2015 - 11:51 AM
farbar
-
- Expert
-
- 503 posts
Developer
Hi Leplante,
Normally the MD5 is listed when the "Search Files" option is used. So there could be something wrong with the system.
#33
Posted 14 April 2015 - 12:29 PM
Leplante
-
- Member
-
- 4 posts
New Member
Hello Farbar,
Thanks for your reply !
I checked again : it's working fine on a Win7-64 bits VM (FRST64), not on the 32 bits version (removed & reinstalled FRST)
I also checked on a 8.1-32 VM :
C:\Windows\WinSxS\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_04af6079f0517dbb\winlogon.exe [2014-12-02 16:21][2014-10-29 03:01] 0465408 ____A (Microsoft Corporation) [File is signed]
(brand new FRST version)
Brgds
#34
Posted 14 April 2015 - 01:08 PM
SleepyDude
-
- Malware Removal
-
- 4,991 posts
Trusted Helper
Hi Farbar,
I can confirm the same result as Leplante on Windows 7 Enterprise x86 FRST v13.4.215.0, on Windows 7 x64 it's ok!
#35
Posted 14 April 2015 - 02:37 PM
farbar
-
- Expert
-
- 503 posts
Developer
Hi,
There was a bug in x86 version. It should be fixed now. Thank you for reporting it Leplante.
Also thank you SleepyDude for the extra confirmation.
#36
Posted 14 April 2015 - 03:27 PM
SleepyDude
-
- Malware Removal
-
- 4,991 posts
Trusted Helper
Hi,
There was a bug in x86 version. It should be fixed now. Thank you for reporting it Leplante.
Also thank you SleepyDude for the extra confirmation.
Thank you Farbar. All good now. 
#37
Posted 27 April 2015 - 05:19 PM
JoeTheAllan
-
- Member
-
- 5 posts
New Member
You put a lot of effort into it, good job
#38
Posted 13 May 2015 - 07:35 AM
Aura
-
- Malware Removal
-
- 2,563 posts
Special Ops
Simple question, would it be possible to execute FRST on a remote computer using PsExec.exe? It would be used on a domain and my domain user have Admin Rights on the computers it would be used on.
Edit: Nevermind just realized I'm stupid, without CLI options it won't work.
Edit: Nevermind just realized I'm stupid, without CLI options it won't work.
Edited by Aura, 13 May 2015 - 04:18 PM.
#39
Posted 29 May 2015 - 07:09 AM
diego_moicano
-
- Visiting Consultant
-
- 11 posts
Visiting Consultant
Hi Farbar
Thank you by excellent tool and tutorial.
In tutorial:
AlternateDataStreams
Here (bold red):
If the ADS is on a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
It would not be (bold blue):
If the ADS is no a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
I have a doubt. 
To view the contents of a file, it would be only by CMD: directive, just like this:
CMD:type C:\windows\file.txt
If yes, one idea: create a directive, something like this:
FileContent:path
or
CatFile:path
I don't know if it would be interesting and functional.
Hugs 
#40
Posted 29 May 2015 - 03:27 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello diego_moicano,
I am not exactly sure what you are questioning here?
If the ADS is no a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
Perhaps you mean?
If the ADS is not a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
In which case the ADS would not be on a legitimate file/folder and I don't think the fix would work but Farbar might have a comment.
To view the contents of a file, it would be only by CMD: directive, just like this:
I am also not sure what you are referring to with that comment. Are you suggesting a change to the existing directive?
There is already provision to view the contents of a file. See the tutorial:
File: and Folder:
Are used to see a file specifications or the content of a folder.
File: path
Folder: path
#41
Posted 29 May 2015 - 03:56 PM
farbar
-
- Expert
-
- 503 posts
Developer
Hi diego_moicano,
If the ADS is on a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
The statement is a correct one. In case the (bad) ADS is on a legitimate file/folder, you want to remove the ADS but leave the file/folder alone. Let's assume the ADS is on a bad file/folder, then you don't need to remove the ADS. Instead you can remove the file/folder itself so not only the bad file/folder is removed the ADS on it will be removed too.
AS far as the suggesion for FileContent: directive concerns, I'll consider adding it.
Thank you for your comment. 
#42
Posted 29 May 2015 - 04:07 PM
diego_moicano
-
- Visiting Consultant
-
- 11 posts
Visiting Consultant
Hi emeraldnzl
Thank you for return,
Yes, is it:
If the ADS is not a legitimate file/folder the fix will be copy and paste the whole line from the log into the fixlist.
Sorry my english... 
Are you suggesting a change to the existing directive?
No...
Are used to see a file specifications or the content of a folder.
From what I understand the File: directive shows the specifications of the file and not the content... so I'm wrong? 
Hugs
#43
Posted 29 May 2015 - 04:09 PM
diego_moicano
-
- Visiting Consultant
-
- 11 posts
Visiting Consultant
Ok Farbar ... we wrote at the same time!
Thank you.
#44
Posted 25 June 2015 - 02:22 PM
Clade
-
- Member
-
- 10 posts
Member
Hi!
I would like a little understanding as my language is not English (Portuguese)
By the observations of the corrections made by FRST it shows up as an excellent tool for OS fixes. . .
questioning:
1. What are the minimum prerequisites needed to be able to analyze log and be able to make necessary corrections?
2. In which cases can it not work?
Thank you for attention!
#45
Posted 25 June 2015 - 04:06 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Clade,
What are the minimum prerequisites needed to be able to analyze log and be able to make necessary corrections?
Perhaps you can expand on what you mean.
If you mean what will FRST work with, then that is covered in the tutorial.
If you mean what qualifications do you need to analyze a log it depends whether you want to work/help on one of the sites that work with malware removal or analyze a log yourself.
All the approved sites, see here, require you to have qualified through one of their training schools. Geekstogo for instance is GeekU see here.
If it is your own computer and you have some experience then you can follow the tutorial but at your own risk. As mentioned in the tutorial it is strongly advised that you seek help from an expert if you are unsure about anything. If you were seeking help at Geekstogo you would open a topic in the Virus,Spyware,Malware removal forum here.
In which cases can it not work?
As stated in the tutorial FRST will work on viable Windows Operating Systems listed:
Farbar's Recovery Scan Tool is designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 Operating Systems. There are two versions, a 32-bit and a 64-bit version.
Note: FRST64 is not designed to run on XP 64-bit systems.
It won't work on other operating systems.
Also tagged with one or more of these keywords: FRST, farbar, tutorial
![Help w/FRST logs...NEWBIE [Closed] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
![Infected with EneTechIo - Have Done Farbar Scan Logs Below [Closed] - last post by icotonev](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-324986.jpg?_r=1553332826)
![anyone able to read farbar files and make sense of them [Closed] - last post by iMacg3](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-423723.jpg?_r=1581638836)
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
