Farbar (frst), OTL, HijackThis log analyzing

[Eddy]

I am working on a "multiple log file analyzer" at the moment.

I'm trying to make it work with:
- Farbar logs (FRST.txt and addition.txt)
- HijackThis logs (hijackthis.log)
- OTL logs
- Other log files ?

I have the analyzing part for FRST.txt (kinda?) working.
Ofcourse the database is still very small, but it will grow :-)

Things that I want/thinking of to add (in random order):
- Detection for things in addition.txt (Farbar)
- Completely rewritten HijackThis log analyzing part
- OTL log file analyzing
- Admin console
- Settings file to customize some things

A sneak(y) preview can be found at:
http://www.ache.nl/cgi-bin/download.pl?file=Ala

To use it:
place FRST.txt in the same folder as you installed the analyzer and run ALA.exe

If you run it and get to see "You are using a old version of Farbar.",
just change the end of the first line in FRST.txt to "11-03-2015"

[essexboy]

Have I done something wrong Eddy ?

[Eddy]

Yes, the log file need be named FRST.txt

[essexboy]

fixt and now running

Where does it save the fixlist ?

[Eddy]

In the same folder as the tool is installed.
Or at least it should do so 

[essexboy]

Hmm did not appear there, I will do a search

[Asyn]

I am working on a "multiple log file analyzer" at the moment.

Interesting, thanks for sharing Eddy.

[Asyn]

A sneak(y) preview can be found at:
http://www.ache.nl/cgi-bin/download.pl?file=Ala

Note: I got the following Avast warning. (See Screenshot)

[Eddy]

It is a false positive that I have reported to avast about 3 weeks ago already.
They still haven't fixed it 

[Asyn]

It is a false positive that I have reported to avast about 3 weeks ago already.
They still haven't fixed it 

It might help to PM Milos.

[Eddy]

Project update:

1]
Added analyzing for addition.txt

2]
Made a (small) start on the analyzing part for HijackThis log files.

[Eddy]

- Added checking for things in addition.txt
- Added detection for Poweliks! in addition.txt
- Added detection for items in the Farbar logfile
- Fixed a bug where Addition.txt wasn't scanned.

http://www.ache.nl/cgi-bin/download.pl?file=Ala-B10

NOTE:
The tool is still under development and is released for testing purposes only.

[essexboy]

Avast still doesn't like it Eddy .. Nor does windows smart filter

[Eddy]

Only avast detects it.
Reported it through the contact form.
Reported it multiple times by submitting through the UI.
Still not fixed by avast 

https://www.virustotal.com/en/file/2f807a9aded209ed5c04061b0a582f813d5bedf2516634d02a292703eca604b9/analysis/1427392091/
http://www.virscan.org/scan/b3a9b0fb57560700c31202e71dba10fd

Little information about the current development status (Hijackthis part):
- Routine for checking which Hijackthis version is used is ready.
- Routine for checking what OS/SP is used is ready.

These are ready but not implemented yet.

[Asyn]

Only avast detects it.
Reported it through the contact form.
Reported it multiple times by submitting through the UI.
Still not fixed by avast 

As said, best you drop Milos a line.
-> http://sitecheck.sucuri.net/results/downloads.ache.nl/ala-b10-20150327.exe
-> http://zulu.zscaler.com/submission/show/b9a720aeeed53f58fa33d78c43fee7ff-1427430583

PS: Seems your Apache sever needs an update.