Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a tutorial for Minitoolbox.exe ? anywhere


  • Please log in to reply
18 replies to this topic

#1 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:50 PM

Posted 26 November 2014 - 12:40 PM

Is there a tutorial anywhere on this site for how to understand minitolbox logs? I found something nasty looking in one and have posted it in "am i infected" but it would be helpful if i could find enough information to begin interpreting it until someone responds on my thread. Such a tutorial would probably also be helpful to many other people who have run minitoolbox and understand some of the things it is saying but not everything it lists in the log. I know it wouldn't be a substitute for a trained virus removal person to read the log but it might help users recognise issues more easily so thye have more knowledge of what i wrong when they make their reports. Just a tutorial to point out what sort of things should be considered worrying and what is harmless, especially stuff to do with "code integrity errors". Is there one anywhere, i couldn't find one on this site. I alos know that minitoolbox.exe s just a scanner, not a problem fixing program so there wouldn't be any risk form users knowing more about the logs. It's not the sort of program where user mistakes could lead to problems because all it does is list current specifications/configurations/setups and it can't alter anything.

Edited by rp88, 26 November 2014 - 12:41 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:50 AM

Posted 26 November 2014 - 01:50 PM

MiniToolBox is a specialized utility created by BC Security Developer Farbar for the Malware Response Team (MRT), BC 1st Responders and Malware Removal Experts at other sites who are assisting members with troubleshooting Internet connection problems and malware related issues. They instruct folks to run the tool and post its log output for them to analyze and investigate various aspects of the operating system, settings and software. As such, any information as to how it works, what it can or cannot do, what the log results mean, etc, are only available in private discussion areas not intended for the general public to read.

If learning about specialized fix tools like MiniToolBox is something you are interested in, please read BleepingComputer's Malware Removal Training Program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:50 PM

Posted 07 April 2015 - 02:43 PM

Just on the subject of minitoolbox, It is currently being detected by AVAST, and blocked from running. I think the detection is of a "heuristic" type where the antivirus sees what the program does and finds it suspicious, rather than of the blacklist type where the antivirus recognises a program as a known nasty. I have reported the false positive to avast with the option which appeared when the blocking prompt came up. It happened this afternoon when I tried to run a version of minitoolbox from a few days ago, avast had the most up-to-date avast definitions so blocked minitoolbox before it could open (before the UAC prompt even).


Thought this would be the best place to report that, it seems to be the only thread about minitoolbox.

Edited by rp88, 07 April 2015 - 02:43 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:50 AM

Posted 07 April 2015 - 02:55 PM

It is a false positive.

Certain embedded files that are part of legitimate programs and specialized fix tools (like MiniToolBox ), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:50 PM

Posted 07 April 2015 - 04:07 PM

avast is giving the same false positive on the download as well, but not on an older version I have lying around on my hard drive. I thought it would be useful to report the false positive here as well as filling in the little form which appeared when the program was blocked from running.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:50 AM

Posted 07 April 2015 - 04:12 PM

I understand and we appreciate you reporting. But as I said, there is really nothing that can be done about the detection...it is up to avast to correct it.

BTW, ESET and EAM both say the file is clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:50 AM

Posted 07 April 2015 - 04:41 PM

Just a side note for you rp, avast! is known to detect a lot of tools used here for troubleshooting and malware removal as malicious, but they are false positives. I know that since I used to do remote malware removal and everytime I was downloaded AdwCleaner, JRT, MiniToolBox, RKill, etc. on a system with avast! installed, it would block them. Just be sure that whatever you download on BleepingComputer from the Downloads section, it's safe and the detection is a false positive. Also, here's the VirusTotal report for MiniToolBox (that I just downloaded).

https://www.virustotal.com/fr/file/04505690d3a8c561ada2c87568627a7abb2d3ab0937bfd853652d3c61621aa57/analysis/1428442734/

No one detects it except Trend Micro and even there, it's a "suspicious" generic detection, not a formal infection.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:50 AM

Posted 07 April 2015 - 04:46 PM

I know that too which is why I provided the detailed explanation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 slade911

slade911

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 14 August 2015 - 05:32 PM

so where can i upload minitoolbox log for help with 0000007a kernal_data_inpage_error?



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:50 AM

Posted 14 August 2015 - 05:33 PM

If you need help with BSODs issues, you need to post in the Windows Crashes, BSOD, and Hangs Help and Support section and follow the instructions in the preparation guide below.

http://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 14 August 2015 - 08:59 PM

I agree with you rp88 ,  it would be very helpful to have tutorials for the general public on using these more advanced security and malware removal tools .

 

  Why? Because people are going to ALWAYS use them regardless of whether they are supposed to or not , Combofix and some of the other more advanced tools are some of the most downloaded tools on BC and have been for quite some time.

 

Combofix alone accounts for nearly a quarter million downloads a week , every week , you think Malware removal experts are responsible for that , i think not.  

 

 If their going to use it might as well have some instruction , i believe CF has some instruction already but it's a scary tool and you really can screw up your computer but by the ridiculous amount of downloads it appears some people don't care that much.

 

I believe RogueKiller and Rkill have some info for guidance which is available to the general public,    MTB should have some data to read but it is what it is.

 

 

Try keeping youngsters these days from engaging in intimate behavior , their going to do it no matter how many times you tell them they shouldn't and some have realized that and are pro active in providing contraceptive protection for that reason alone .   

 

Just my opinion of course and i know many will disagree

 

 



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:50 AM

Posted 14 August 2015 - 09:19 PM

Why? Because people are going to ALWAYS use them regardless of whether they are supposed to or not , Combofix and some of the other more advanced tools are some of the most downloaded tools on BC and have been for quite some time.

Combofix alone accounts for nearly a quarter million downloads a week , every week , you think Malware removal experts are responsible for that , i think not.


And do you know how many users break their system completely by doing that? There's a reason why these tools shouldn't be used without proper training or without the supervision of a malware removal expert. There's a public tutorial for FRST on GeeksToGo, but it's more than understanding malware removal, but the Windows OS as a whole. The tutorials will mostly teach you how to use the tools and a bit of meaning behind the entries that are logged, but for the rest, you have to learn by yourself. There's already been a whole thread dedicated to that subject (make malware removal tools tutorials and malware removal trainings content public) and there was no follow-up, so my guess is that it won't happen and it's a good thing. If you need assistance to the point where ComboFix is needed (because you're not the one calling the shots on that, the MRT member that will help you will), then trust me, you'll be able that they guide you throught the process :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:50 PM

Posted 15 August 2015 - 03:12 AM

Just my experience, but FRST has a public tutorial - and I worked with someone here on BC who broke his Windows using FRST. Having a tutorial doesn't mean people isn't going to mess up their machines with those tools, they are only for trained MRT members for a reason.

Try keeping youngsters these days from engaging in intimate behavior , their going to do it no matter how many times you tell them they shouldn't and some have realized that and are pro active in providing contraceptive protection for that reason alone .

I think a more apt comparison would be open heart surgery. When you need it, do you perform it by yourself or do you let a doctor trained in cardiology and surgery do it? :)

Edited by Alexstrasza, 15 August 2015 - 03:18 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:50 AM

Posted 15 August 2015 - 06:33 AM

Some of the specialized tools we use are created specifically for malware removal experts to help victims of infection. While BC hosts download links which makes them easier to find, it is up to the developer of such tools to decide if they want to write a public tutorial.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 15 August 2015 - 08:23 AM

 

Why? Because people are going to ALWAYS use them regardless of whether they are supposed to or not , Combofix and some of the other more advanced tools are some of the most downloaded tools on BC and have been for quite some time.

Combofix alone accounts for nearly a quarter million downloads a week , every week , you think Malware removal experts are responsible for that , i think not.


And do you know how many users break their system completely by doing that? There's a reason why these tools shouldn't be used without proper training or without the supervision of a malware removal expert. There's a public tutorial for FRST on GeeksToGo, but it's more than understanding malware removal, but the Windows OS as a whole. The tutorials will mostly teach you how to use the tools and a bit of meaning behind the entries that are logged, but for the rest, you have to learn by yourself. There's already been a whole thread dedicated to that subject (make malware removal tools tutorials and malware removal trainings content public) and there was no follow-up, so my guess is that it won't happen and it's a good thing. If you need assistance to the point where ComboFix is needed (because you're not the one calling the shots on that, the MRT member that will help you will), then trust me, you'll be able that they guide you throught the process :)

 

 

I bet there's a lot that do but there's also a lot that use these tools with no issue but i get what your saying , malware removal helpers are always swamped  and i scratch my head why they continue to do this work .

 

I  would bet a good majority  still continue to surf dangerously and continue to come back and ask for help ,  that would aggravate me for sure but you can only advise and can't make them listen.

 

People who voluntarily help should get a lot more credit than they do.


Edited by herbman, 15 August 2015 - 08:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users