Windows 10: Event Viewer Cleaning Solved

Page 2 of 3 FirstFirst 123 LastLast
  1.    27 Feb 2018 #11

    Callender said: View Post
    I just use this. It's the script compiled as an executable. It's unsigned.
    Why would you do that?

    What is the point in compiling a script that anyone can check what it does into an .exe where they can't.

    It doesn't work better.

    No way would I run an unsigned .exe with the promise "it does the same as the script".

    I'm sure you are an honest person but, honestly, would you download your .exe and run it if you didn't write it yourself?
      My ComputerSystem Spec

  2.    27 Feb 2018 #12

    RickC said: View Post
    As a matter of interest, what BAT compiler do you use? I can't find one that *doesn't* trigger all sorts of false positives on VirusTotal. (AV heuristics these days just seems to be a euphemism for "we have no idea".)
    This one: h**p://www.f2ko.de/en/b2e.php

    Click image for larger version. 

Name:	SigcheckGUI.jpg 
Views:	2 
Size:	40.5 KB 
ID:	178834

    https://www.virustotal.com/en/file/a...5fbe/analysis/


    Click image for larger version. 

Name:	2Browse - The Technician's Web Browser and File Explorer.jpg 
Views:	2 
Size:	76.2 KB 
ID:	178835
      My ComputerSystem Spec

  3.    27 Feb 2018 #13

    lx07 said: View Post
    Why would you do that?

    What is the point in compiling a script that anyone can check what it does into an .exe where they can't.

    It doesn't work better.

    No way would I run an unsigned .exe with the promise "it does the same as the script".

    I'm sure you are an honest person but, honestly, would you download your .exe and run it if you didn't write it yourself?
    Why? For simplicity. I just click to run with no messing about. Obviously I wouldn't expect anyone to trust an unsigned self created file but many forum users have created such files.

    What's in it? Take a look:

    Click image for larger version. 

Name:	LogCleaner.jpg 
Views:	1 
Size:	143.5 KB 
ID:	178837

    Click image for larger version. 

Name:	LogCleaner 2.jpg 
Views:	1 
Size:	84.2 KB 
ID:	178838
      My ComputerSystem Spec

  4.    27 Feb 2018 #14

    Callender said: View Post
    What's in it? Take a look:
    I never knew you could do that. Thanks - it is really interesting.
      My ComputerSystem Spec

  5.    27 Feb 2018 #15

    If you want to check what's in an executable here's a couple of tools I use:

    This one also checks VirusTotal:

    pestudio

    The other one I use:

    MiTeC Homepage

    Obviously unsigned files need checking.
    Last edited by Callender; 27 Feb 2018 at 18:49. Reason: spelling
      My ComputerSystem Spec

  6.    27 Feb 2018 #16

    Callender said: View Post
    This one: h**p://www.f2ko.de/en/b2e.php
    Many thanks. That look like the one that I was using, i.e. v2.4.8 portable which shows the 1 VirusTotal warning from Cylance.

    I'm now using v3.0.8.0 portable (which shows no VirusTotal warnings) but the compiled results do.

    For example... I compiled this 2-line BAT (with an .ico file):
    Code:
    echo This is a test
    pause
    VirusTotal shows 25 warnings out of 68!. I tested again without including an icon... different hash (obviously) but still 25 warnings out of 68.

    EDIT: I've just checked again and it looks like you're actually using v3.0.9 portable. I'll try that one.

    EDIT: Almost the same result with v3.0.9 portable... 22 warnings out of 63 yet with wildly different result descriptions from v3.0.8 portable, even though it was the same 2-line BAT.

    Many thanks for the info about the 2 tools you use to explore inside. That was helpful.
    Last edited by RickC; 27 Feb 2018 at 19:21.
      My ComputerSystem Spec

  7.    27 Feb 2018 #17

    RickC said: View Post

    For example... I compiled this 2-line BAT (with an .ico file):
    Code:
    echo This is a test
    pause
    VirusTotal shows 25 warnings out of 68!. I tested again without including an icon... different hash (obviously) but still 25 warnings out of 68.

    EDIT: I've just checked again and it looks like you're actually using v3.0.9 portable. I'll try that one.

    EDIT: Almost the same result with v3.0.9 portable... 22 warnings out of 63 yet with wildly different result descriptions from v3.0.8 portable, even though it was the same 2-line BAT.
    If you compile a brand new unsigned executable it will always show detections if uploaded to virus scanners. It's a new unknown and unsigned file. They'd be crazy to avise that it's safe without running it in a sandbox and analyzing it.

    You'd have to pay for testing and get a signature if you were a software developer.
      My ComputerSystem Spec

  8.    27 Feb 2018 #18

    Look here's a lot of old unsigned Firefox extensions. They've been around for ages and have been in common use so they've been submitted multiple times and scan clean. New files would likely get flagged up as suspicious.

    Click image for larger version. 

Name:	SigcheckGUI.jpg 
Views:	1 
Size:	106.2 KB 
ID:	178847
      My ComputerSystem Spec

  9.    27 Feb 2018 #19

    Callender said:
    If you compile a brand new unsigned executable it will always show detections if uploaded to virus scanners.
    I understand that. What I don't understand is that, after downloading your LogCleaner.exe (82 KB), I can see the BAT file's text strings within it using Mitec EXE Explorer. However, when I use the same compiler (v3.0.9 portable) as you on the same BAT file (from Brink), I get an 89 KB exe (bigger, even though I didn't use an icon) and I cannot see the BAT file's text strings in Mitec EXE Explorer.

    So, I used a different VM, carried out the test again... with the same result. No visible text strings. I think I'll try a clean install of a Win 10 VM and test again.
      My ComputerSystem Spec

  10.    28 Feb 2018 #20

    Actually I just worked out that I used an old version.

    Click image for larger version. 

Name:	Bat_To_Exe_Converter Properties.jpg 
Views:	1 
Size:	64.5 KB 
ID:	178877
      My ComputerSystem Spec


 
Page 2 of 3 FirstFirst 123 LastLast

Related Threads
Performance & Maintenance Clear All Event Logs in Event Viewer in Windows in Tutorials
How to Clear All Event Logs in Event Viewer in Windows Event Viewer is a tool that displays detailed information as event logs about significant events on your PC. Event logs are special files that record significant events on your PC,...
Not sure if this is the right section, if not please move to the correct one. Under the details tab in Event Viewer when a logged event has a GUID that shows up in the registry under HKEYLM > System >...
Hi. I have noticed that during the long duration my PC is on (18 hours), several apps keep getting crash. Even after I restart these apps, they will eventually crash. PC is still functioning. The apps that are crashing are: Asus AI Suite 2 (I...
Hello everyone, I keep seeing this error appear several times a day, even during idle, in my Event Viewer. I did a clean install of build 10586 less than a month ago. I'm not having any overt issues yet, but the error is disturbing. ...
EDIT: ARGH, sorry, meant to post this in General Discussion forum, I have no idea if it is a network issue. Hello everyone, I keep seeing this error appear several times a day, even during idle, in my Event Viewer. I did a clean install of...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:15.
Find Us