How do I create a log for detecting the presence of malicious files?
This discussion has a more recent version.
This article in other languages: Finnish, Swedish, Danish, Norwegian, German, French, Italian, Japanese, Dutch, Polish.
To create logs to detect presence of malicious files, run the following tools:
- Download the Autoruns tool from https://technet.microsoft.com/en-us/sysinternals/bb963902.
- Execute the Autoruns.exe tool.
- When the tool opens, it automatically scans and shows you what programs are configured to run during a system boot up or log in. Allow the tool to finish scanning.
- Once done, click Options, and tick Hide Microsoft entries.
- Save the log as *.arn (File > Save) on your desktop.
- Download the GMER tool from http://www.gmer.net/gmer.zip.
- Execute the GMER.exe tool.
- When the tool opens, it starts the scan automatically. Allow the tool to finish scanning.
- Once done, click the Save... button to save the log file as *.log on your desktop.
- Download HiJackThis tool from http://sourceforge.net/projects/hjt/
- Execute the HijackThis.exe tool with administrator privileges.
- Select the option to Do a system scan and save a logfile.
- Combine all generated log files in a password-protected archive. Use the password:
- Submit the zip file in your next reply to our analysts.