Status
Not open for further replies.

Nico@FMA

Level 27
I found couple of malware in some LOGS but this is kind a slow.

View attachment 57195

With other programs (like FRST) you can find staff much faster.

That is true for a untrained eye, also there are some tools can can automate the search (Just do not know out of the top of my head which one) But yeah forensic work takes time specially if you have to digg trough loads of logs, yet the information provided exceeds anything on the market, i know that much as this has been checked and validated.
Anyway nice work keep it going.
 

Nico@FMA

Level 27
Simply put, the Swiss Army knife idea has my vote, speaking as a home user and side tech that is always in search of powerful, all-in-one tools "preferably portable".

Thanks for your reply.
Yes the army knife thing is something i will take into consideration as this has my vote to. But i want to see what the other guys say.
 
  • Like
Reactions: illumination

Nico@FMA

Level 27
They have been having bundle ware issues.

Well i just got accepted on Download.com (CNET) which is by far the largest site to publish your software.
And while they have a very respectable name, even they bundle your software and give the developer money per download IF and only IF you choose so. (I did not)
Filehippo has software on it that is not bundled, so its not their fault... its the choice by the publisher to participate in their ad system.

Cheers
 

frogboy

In memoriam 1961-2018
Well i just got accepted on Download.com (CNET) which is by far the largest site to publish your software.
And while they have a very respectable name, even they bundle your software and give the developer money per download IF and only IF you choose so. (I did not)
Filehippo has software on it that is not bundled, so its not their fault... its the choice by the publisher to participate in their ad system.

Cheers
That will do me. Thanks.
 
  • Like
Reactions: Cats-4_Owners-2

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
That is true for a untrained eye, also there are some tools can can automate the search (Just do not know out of the top of my head which one) But yeah forensic work takes time specially if you have to digg trough loads of logs, yet the information provided exceeds anything on the market, i know that much as this has been checked and validated.
Anyway nice work keep it going.

How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.
 
  • Like
Reactions: Cats-4_Owners-2

hacheafleur

New Member
Hi Nico@FMA,

I do not doubt the effectiveness of the software and I'm really surpri by its very detailed reports

Do not blame the app engine please, for the 04 steps he made them in 3 hours and 10 minutes. He started at 2:23 Wmi-software to end up all-crypted at 5:33.

no mistake of the event viewer

My config is: Windows 7 Pro x64, Intel Pentium CPU 3GHZ, 3gGB

Otherwise I just wanted to know is what it takes for a license?
Thanks for your report about PPA. (Point to Point Analysis)
No its not normal for PPA to run for 7 Hours. However on a very poorly maintained computer with loads and loads of residue of old files and register keys it can take up a hour or even 2 hours. The situation becomes much worse if your config has serious issues.
PPA is designed to literally cross reference each file, key, process, driver and every single config setting you have.
So if this is a mess then yes PPA can take up to lets say max 3 hours on a 4GB 2GHZ Windows box.

But 7 hours? Naah then it crashed for whatever reason or keeps looping due to the windows core not being able to process the data correctly.
If i may ask could you tell me what PC you have and the config? Because PPA is known to have a problem with Home versions of Windows 7.
I just want to eliminate some things before blaming PPA engine as so far you are the first to report this.
Also did you run the scans 1 by 1 starting from 1 to step 4 and did you allow them to properly finish (They will close by them self after finish) Also do not open the logs during scans this can crash individual modules.
You might also check the Windows event viewer and see the error code why PPA stopped working.

In regards to the 34,1MB folder called logs which has 64 files yes that's normal as CCSU spits out a serious amount of data.

So please provide some more info.

Kind Regards
Nico
 

Xtwillight

Level 6
Malware Tester
Hello Nico and excuse me,
Currently have little time
I a have a training
bye schooling with members unite against malware of the German trojanerboard.de

If I have more time again, I will make again more
for FMA.

Even our old forum Board has been deleted
by the operator.

As are now new Online
under http://pc-service-hilfe.de

mfg Dark
 

Nico@FMA

Level 27
Hi Nico@FMA,

I do not doubt the effectiveness of the software and I'm really surpri by its very detailed reports

Do not blame the app engine please, for the 04 steps he made them in 3 hours and 10 minutes. He started at 2:23 Wmi-software to end up all-crypted at 5:33.

no mistake of the event viewer

My config is: Windows 7 Pro x64, Intel Pentium CPU 3GHZ, 3gGB

Otherwise I just wanted to know is what it takes for a license?

Alright let do this: Put all the log files into a rar archive (Give it a password) upload the rar archive to a free host, give me the link and send me by pm the pass and i will have look myself and see whats wrong. Or upload the logs to our own servers: http://fma-is.com/research/

We have 19 computers here and 5 research servers. I did put CCSU on all night to see if i can reproduce the scanning times.
On one computer we managed to have it scan for little over 3 hours (3 hours and 7 minutes) but i am at a loss here i cannot determine what makes the scan take so long.
So if you send me the logs then i will check them and see what the logs tell me.
And do not worry about your private data, i will not share this keep in mind i do this for a living.
However if something proves to be wrong then ill contact @TwinHeadedEagle or @argus for you and they can help you further.
Again i do not doubt your claims, i am just poised to find out why as really 7 hours is WAY to much.

Can you do that for me?
Kind regards nico
 
  • Like
Reactions: Cats-4_Owners-2

Nico@FMA

Level 27
How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.

Yes thats a good idea but thats NOT easy done as the logs all have a different structure.
We have been trying to do this for more then 5 months now, and trust me its not as easy as it would seem.
So usually we use a third-party....program, yet the program we use to use has gone backrupt...
So we are back at square one...
 

Nico@FMA

Level 27
@hacheafleur

First of all thanks for the logs, i have taken a good look and so far everything seems reasonable clean.
I did found some spyware & adware traces (But nothing special) and a bunch of traces of old software and bad removal.
Other then that your pc is fine.
However i did see you are running:
ESET-IS, MBAM, Windows defender while ok. ESET and MBAM both like to scan every single thing my program does, which is ok.
But it also does dramatically increase the time my program needs to scan everything.
And as such some scans where blocked by ESET and my program kept trying. Just for the record our program does work fine next to AV programs and Internet Security solutions, but usually its a better thing to white-list it so that functions within my program get not scanned continuously, some functions run a command PER exe file or PER dll. Which means that a process which should take less then a 2 seconds might take much more as every time the process gets scanned.
That said the logs are far from complete and this is also the reason why it took so long. Some functions where blocked or denied.

I hope this helps, your logs are being deleted from our system.

If you require more information contact me anytime.

Kind Regards
Nico
 

Vipersd

Level 6
Verified
Avast gives FP.
 

Attachments

  • Avast FP.JPG
    Avast FP.JPG
    41.2 KB · Views: 264

Nico@FMA

Level 27
How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.

Hi m8 how is that review coming?
 

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
I still get acquainted with the program, but I do not have much time.
I think I'll record a short video that would show how the program looks like, what options there are, and so on.
When I record it the first'll give it to you having a look and tell me if it is OK or not.
 

Nico@FMA

Level 27
I still get acquainted with the program, but I do not have much time.
I think I'll record a short video that would show how the program looks like, what options there are, and so on.
When I record it the first'll give it to you having a look and tell me if it is OK or not.

Thats ok m8, actually thats very good.
 

Nico@FMA

Level 27
@Umbra Polaris @Huracan @Jack @exterminator20 @BoraMurdar @Littlebits @Viking @Av Gurus @Cats-4_Owners-2 @illumination @Xtwillight @Fedora @viktik @Malware1 @Terry Ganzi @kram7750 @Kardo Kristal @Dani Santos @MikeV and all others who replied.
Alright i have made up my mind, i will make a Swiss Army Knife edition based upon CCSU.
This will mean it will have extended features yet its not going to be a Glarytool V2 obviously.
It will focus on security analysis, system diagnostic's and repair tools based upon the previous 2 abilities.

So what features do you guys like to see (realistic) and do not mention hips, behavioral blocker and such crap as this is by no means part of such edition and neither does it fit in the scope of the program. So please tell me what features you would like to see in it.
And more important what must these features be able to do. Also hyper advanced features are nice, but simplicity and usefulness is the key here and future options will be based upon this principle.

Also tell me how it should be called: CCSU ............... fill in the dots. (Or a VERY original name)
I encourage ANYONE reading this to come up with feedback, suggestions and idea's.
Also when i am going to make this version (Which i will) this also means that you guys will test it and help me trouble shoot things if needed.


Kind Regards,
Nico
 
Last edited:
Status
Not open for further replies.
Top