OaksLabs Removal Tool.

Status
Not open for further replies.
S

Smith83

Thread author
Homepage:
Code:
http://www.oakslabs.com/index.html

What is ORT?
ORT is a free tool for speeding up anti-malware scan times. This is done via the killing of background processes, and the deletion of temporary files. ORT has some general malware fighting provisions as well, and can be used for home and commercial use--but be warned, it is a powerful tool, and should be used with care.

So what does ORT do?
In no particular order, ORT:
  • Creates a System Restore point (after System Restore is turned on)
  • Kills known PUP related malware processes
  • Checks for encrypting malware (only detects file system elements)
  • Kills known malware services
  • Kills all other processes created by the current user (including non-malicious ones)
  • Deletes the contents of the scheduled tasks folder
  • Cleans out temp files (now including the %temp% folder)
  • Deletes the contents of the startup folder
  • Removes the program files of targeted PUPs
  • Removes the desktop icons of targeted PUPs
  • Removes the start menu entries of targeted PUPs
  • Flushes the DNS cache
  • Rebuilds the HOSTS file
  • Makes hidden files in the users folder visible (not if they are set as system files)
  • Resets the .exe file association
  • Resets Windows Update
  • Sets "Local Area Connection" to DHCP (DNS will be reset also)
  • Resets TCP/IP
  • Cleans out IE temp files
  • Rebuilds the icon cache
  • Resets the Google Chrome browser to factory state (while keeping bookmarks, history, and some saved passwords)
  • Resets the Firefox browser to factory state (while keeping bookmarks, history, and some saved passwords)
  • Makes a log of all of the above


 
Last edited by a moderator:

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
TrafficLight also blocked the web site. :confused:
 
N

Noxx

Thread author
I have no doubt they were all false positives. Looks like an interesting program.
 

Morvotron

Level 7
Verified
Mar 24, 2015
307
Hello @Smith83 , I need your assistance lol..

I installed the software and ran it.. A CMD window popped up and started delivering lots of commands followed by *access denied* or *error*.

The system rebooted and went pretty much f***** up. I restored to a previous point since the restore point it should have created didn't exist.

My question is, what may have caused this? Maybe Comodo Firewall blocked it? Or is it not compatible with Win8?
 
Last edited by a moderator:

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Hello @Smith83 , I need your assistance lol..

I installed the software and ran it.. A CMD window popped up and started delivering lots of commands followed by *access denied* or *error*.

The system rebooted and went pretty much #####ed up. I restored to a previous point since the restore point it should have created didn't exist.

My question is, what may have caused this? Maybe Comodo Firewall blocked it? Or is it not compatible with Win8?
That does not sound very good a bad experience indeed. :eek:
 
S

Smith83

Thread author
The system rebooted and went pretty much #####ed up.


What was bad about it? I did not develop the software, I only tested it in a VM and it seemed to do pretty well there.

Or is it not compatible with Win8?

Win 8 is a bit buggy on it's own... Not defending the software or anything, I had windows 8 and did not care for it at all.

A CMD window popped up and started delivering lots of commands followed by *access denied* or *error*.

I saw a few access denied errors in the Virtual Machine, but everything was stable after running the tool.
 
  • Like
Reactions: safe1st and frogboy
S

Smith83

Thread author
@Morvotron

Can I also ask what prompted you to run the tool? Did you have some malware on your machine, or having issues?

Maybe I will try and contact the developer through their youtube channel, perhaps they would be interested in developing the tool a bit more... Maybe I can get them to respond to this thread.
 
Last edited by a moderator:

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Tested this on my Virtual Machine. Run some adware, browser hijackers and PUP's then scanned with ORT.
It didn't seem to do much... Adware still there, browser is redirected.
upload_2016-3-6_8-44-32.png


4.jpg


1.jpg

Here is what Malwarebytes has detected after the ORT scan.

134.jpg



Doesn't seem that it did much to clean the system.. For what is worth in the log I saw that they advise me to run Combofix or Malwarebytes...
 
D

Deleted Member 333v73x

Thread author
GData, Bitdefender TrafficLight, Web of Trust and Virgin Media VirusSafe blocked it:
vrssfe.PNG
 
S

Smith83

Thread author
Yeah, I am very much certain it is not malware, the developer is small and prolly could care less about sending his tool to e whitelisted. Many mawlare removal tools have issues with FP after being developed.
 

OaksLabs

Level 1
Mar 28, 2016
6
Is this a safe product? Anyone tested? WoT categorizes as poor rep website..

EDIT: GData blocks the download

Howdy, I'm Jeremy (aka OaksLabs), and I'm the developer of this utility. I detailed in my intro post (Hello from OaksLabs) the reasons why ORT gets flagged by AV/AM software. In addition to those reasons, I do close explorer.exe during the execution of ORT, along with the editing of proxy and DNS settings -- all of which is malicious if those settings were being altered. I happen to be clearing out those settings, but AV/AM scanners only see the modifications, and they can't determine if those modifications are malicious or not.

Hello @Smith83 , I need your assistance lol..
I installed the software and ran it.. A CMD window popped up and started delivering lots of commands followed by *access denied* or *error*.
The system rebooted and went pretty much f***** up. I restored to a previous point since the restore point it should have created didn't exist.
My question is, what may have caused this? Maybe Comodo Firewall blocked it? Or is it not compatible with Win8?

First, the "access denied" errors are most likely caused from not running ORT as an administrator. ORT needs administrator privileges to fix things under the hood. However, to make ORT run faster, I skip the checking for existence of folders and I just attempt to delete them -- so a whole bunch of "error" messages are a good thing! All of those represent an infection you don't have!

ORT is compatible with all Windows OS'es from Vista to 10. However, if an AV/AM program blocks ORT (or the actions ORT tries to do), I can't predict what will happen. ORT is stand alone, so a firewall that scans network traffic won't affect anything. However, if it is also performing real time monitoring then it might cause issues.

ORT uses powershell to create a restore point, so if powershell is not working on your PC or if malware is blocking system restore (ORT tries to turn it on, but advanced malware could block this), the restore point won't be created.


Yeah, I am very much certain it is not malware, the developer is small and prolly could care less about sending his tool to e whitelisted. Many mawlare removal tools have issues with FP after being developed.

Yes, I am a one man operation. I much prefer to spend time developing than trying to convince AV vendors that I'm legitimate -- it's kind of a losing proposition because of how often ORT changes.

I'm very much interested in hearing feedback about ORT, and making improvements to it! Please, don't be shy about asking questions or suggesting features!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top