Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JRT error reporting completeness


  • Please log in to reply
19 replies to this topic

#1 GLykos

GLykos

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 14 May 2015 - 08:10 PM

This started out in response to "Help Improve JRT" on webpage thisisudax.blogspot.com but couldn't figure out where to go from there so am trying here...


Have been using JRT for a few months, most recently 6.7.1 as of today - thanks.

Have regularly been encountering error message:
 Checking Folders
 Directory of C:\ProgramData\B0FFCDD9-5261-e459-B29A-17A4FABDEBAB
File Not Found

Just started encountering another error message:
 Checking Registry
ERROR: Access is denied. (six occurrences)
 
Sure would be helpful if the session displayed in the Cmd window were captured in the log file, and if the specific items such as keys and full file path with issues were recorded there in context.
 
In the meantime, as a work-around, I'm looking around to see how to scan the registry looking for keys to which I don't have access...
 
Thanks, and regards,
George

Edited by Queen-Evie, 14 May 2015 - 08:17 PM.
moved from Bleeping Computer Announcements, Comments, & Suggestions


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:07 AM

Posted 14 May 2015 - 08:17 PM

Hi GLykos :)

About that weirdly named folder in ProgramData, did you check if it indeed existed or not? In your Folder Options, make sure that Show hidden files, folders and drives is checked, and that Hide protected operating system files (recommended) is unchecked.
When you're running JRT, are you running it from the Desktop?
When you're running JRT, do you right-click on it and select Run as Administrator?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 14 May 2015 - 08:35 PM

Thanks for your prompt reply and suggestions.  Was just checking back here after having thought of another work-around.

 

Running JRT as System (not Administrator this time), the log now shows the following -

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

 

Am going to loop back and re-run JRT as admin (my normal level) and see what happens, but wanted to send this before my browswer gets snapped shut.

 

And no, the directory reported in conjunction with the file-not-found msg indicated above doesn't exist - so what file was it looking for?

 

Regards.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:07 AM

Posted 14 May 2015 - 08:38 PM

So it's looking for a ghost directory. Alright, if it still doesn't work with Admin Rights, but works with SYSTEM rights, you might have messed up permissions. I'll give you instructions on how to fix that after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 14 May 2015 - 08:58 PM

So rebooted and re-ran JRT after the fixes reported above, this time back as Admin (normal).  No errors were reported fixed in the published log so the registry issues (if that was in fact the extent of the root problem) were apparently cleaned up once JRT had sufficient access - yay!

 

Stepped outside while JRT was running, didn't observe the Cmd window ouput so don't know if any execution errors (beyond the expected ghost directory) were reported there and then discarded.

 

Regards.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:07 AM

Posted 14 May 2015 - 09:03 PM

You have to run JRT with Admin Rights, otherwise it won't be able to access all the locations it needs to check, nor perform the removal/reset actions. Is your UAC enabled and at least at the Default level? Also, maybe adding a "debugging" log output to JRT could be useful. I know that I would have needed it around 3 weeks ago. If everything works great right now, then there's nothing to worry about. Just remember to:
  • Always run JRT from the Desktop - Otherwise it can have FP (false positives) and/or not behave properly;
  • Always run JRT (and every other malware removal tools/programs) with Admin Rights - Right-click and select "Run as Administrator";
If even when doing that, you're getting errors, then maybe the issue is located somewhere else.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 14 May 2015 - 09:12 PM

Right.  Running as System is a more potent access level than Admin - it is accomplished via "RunAsSystem" (see Google).  Interspersing the run-time error events in the log file would make use of existing mechanisms and put it all in one place - just a thought.  Thanks for your support and guidance!



#8 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 14 May 2015 - 09:13 PM


And no, UAC is disabled, and this is current Vista 32b.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:07 AM

Posted 14 May 2015 - 09:15 PM

There's also the GiveMePower utility on BleepingComputer :)

http://www.bleepingcomputer.com/download/givemepower/

As long as it works for you, it's good. But usually, running JRT, AdwCleaner, Malwarebytes, etc. doesn't require SYSTEM persmissions. If something can only be accomplished by the SYSTEM, it's for a reason, and using a program with SYSTEM rights when it shouldn't have them could be dangerous, just keep that in mind :)

And no, UAC is disabled, and this is current Vista 32b.


For security purposes, I suggest you to enable the UAC. It can easily save you from an infection.

Edited by Aura., 14 May 2015 - 09:16 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 15 May 2015 - 12:00 AM

Right.  Running JTW as System was a one-shot buzz-saw method of going after its reported but unnamed registry issues, which I've found to be perniciously persistant/resistant to resolve.  If the registry keys determined to be at issue had been enumerated, I would've gone after them manually.  Your caution about normal program usage and potential issues with abnormal usage scope is understood.  Thanks again.



#11 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 15 May 2015 - 12:08 AM

P.S.  Running JRT as System and seeing it report fixes in the log was the first time I'd seen it do that (every previous time the resulting log file has not indicated any events, which in those cases were limited to unnamed run-time errors), so was educational to see what it looks like in normal intended operation when resolving issues.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:07 AM

Posted 15 May 2015 - 06:02 AM

There is no need to speculate or try workarounds when the developer is readily available to answer questions and welcomes feedback.

I have reported the issue to thisisu, the developer of JRT with a link to this topic.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:07 AM

Posted 15 May 2015 - 07:23 AM

No problem GLykos, my pleasure :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:07 AM

Posted 15 May 2015 - 07:34 AM

@ GLykos

Please be patient. Although I reported this topic, Staff and Security Experts are all volunteers who assist members as time permits. No one is paid for their work or assistance to members of our community. We have jobs in the real world, families and other commitments which take priority over anything we do here....so we are not logged into the forums all day long.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 GLykos

GLykos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 15 May 2015 - 01:00 PM

Am sorry if anything I mentioned in this thread suggested being critical or impatient.  I appreciated having the use of JRT in working to clean up my computer.  I shared my recent observations in the spirit of providing perhaps useful feedback.  I was not expecting, and was then pleasantly surprised, by the prompt and useful related responses including cautions on Bleeping Computer.  In the meantime I was proceeding to fumble along (as usual) in resolving my local issues - there was no expectation of immediate assistance from others.  Thanks all for your interest in and support of the community!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users