After talking to Aura, Grinler and reading this topic, I'm going to create a product topic for a tool I have created and that might be useful for the "helpers".
Therefore I think that this is the sub-forum where this topic belongs, but if that is not, please be free to contact me or to move this topic at the right place.
Let's start with a little overview of the tool:
During the disinfection of a computer, you need to find what is doing all that mess, to do that, you use different tools that list a lot of computers files.
Thoses tools (OTL, FRST, ZHPDiag, CF, ...) are pretty useful, they find a lot of files that might be corrupt.
But they mostly don't have a database big enough to tell you if they really are corrupt, therefore they actually write their MD5 in their logfile.
Then, when you read the logfile, I you suspect something, you have to check on VirusTotal every MD5 to see if they match with a malware or a safe file.
Finally, you only need a VirusTotal API key and a few seconds to analyze a long report that can contains 50 different md5s.
Where can I found it?
The first goal of the project was to build this for a Linux environment. Therefore it's in Python and free.
But as a majority of the helpers, the real users, are on Windows, I've made a version that don't need a Python environment.
You can download it from here (it's just the Python script that have been "compiled" into an exe with py2exe).
How can I install it?
For Linux and Mac users, please refer to the GitHub page or contact me.
For Windows users:
- First you will need a VirusTotal public ApiKey, you can have one if you sign up on there web site. If you don't want to create an account, contact me and I will lend you mine.
- Obviously you need to download the project.
- It is composed of an executable file, and a reg file.
- The executable contains the Python code.
- The reg file create two new keys in the register in order to be able to execute the script just by using a contextual menu while using right click on a log file.
- After merging the reg file with your registry, you have to go to HKEY_CLASSES_ROOT\txtfile\shell\VT_Scan\command and edit the value to add the path to the executable and your apikey.
- That's it!
How can I use it?
There are different way, but the easiest is:
- Right click on a .txt file and choose "Analyze with VT_Scan".
- After a few second, a logfile will open in your default browser.
For the other ways, please refer to the GitHub page or contact me.
I think that this tool can save a lot of time for the helpers. Therefore I really want everybody to be able to use it, and for that, they have to know that this exist and that is the first purpose of this message.
So just ask me if you need any other details.
The second purpose of this message is that this tools can be improve, but for that, I need your feedback, to fit to the real users needs.