Windows 10: Event Viewer Cleaning

I never knew you could do that. Thanks - it is really interesting.

 

If you want to check what's in an executable here's a couple of tools I use:

This one also checks VirusTotal:

pestudio

The other one I use:

MiTeC Homepage

Obviously unsigned files need checking.

 

Many thanks. That look like the one that I was using, i.e. v2.4.8 portable which shows the 1 VirusTotal warning from Cylance.

I'm now using v3.0.8.0 portable (which shows no VirusTotal warnings) but the compiled results do. *Sad

For example... I compiled this 2-line BAT (with an .ico file):
Code: echo This is a test pause[/quote] VirusTotal shows 25 warnings out of 68!. I tested again without including an icon... different hash (obviously) but still 25 warnings out of 68.

EDIT: I've just checked again and it looks like you're actually using v3.0.9 portable. I'll try that one.

EDIT: Almost the same result with v3.0.9 portable... 22 warnings out of 63 yet with wildly different result descriptions from v3.0.8 portable, even though it was the same 2-line BAT.

Many thanks for the info about the 2 tools you use to explore inside. That was helpful.

 

VirusTotal shows 25 warnings out of 68!. I tested again without including an icon... different hash (obviously) but still 25 warnings out of 68.

EDIT: I've just checked again and it looks like you're actually using v3.0.9 portable. I'll try that one.

EDIT: Almost the same result with v3.0.9 portable... 22 warnings out of 63 yet with wildly different result descriptions from v3.0.8 portable, even though it was the same 2-line BAT.[/quote] If you compile a brand new unsigned executable it will always show detections if uploaded to virus scanners. It's a new unknown and unsigned file. They'd be crazy to avise that it's safe without running it in a sandbox and analyzing it.

You'd have to pay for testing and get a signature if you were a software developer.

 

Look here's a lot of old unsigned Firefox extensions. They've been around for ages and have been in common use so they've been submitted multiple times and scan clean. New files would likely get flagged up as suspicious.

 

I understand that. What I don't understand is that, after downloading your LogCleaner.exe (82 KB), I can see the BAT file's text strings within it using Mitec EXE Explorer. However, when I use the same compiler (v3.0.9 portable) as you on the same BAT file (from Brink), I get an 89 KB exe (bigger, even though I didn't use an icon) and I cannot see the BAT file's text strings in Mitec EXE Explorer.

So, I used a different VM, carried out the test again... with the same result. No visible text strings. I think I'll try a clean install of a Win 10 VM and test again.

 

Actually I just worked out that I used an old version.

 

Okay I've just done the same test as you and get the same result. The original file I use was created using v1.6.0.0 and uploaded here:

Event Viewer One Click Clear - Page 8 - Windows 7 Help Forums

With the new version of bat to exe converter and no icon I get this:




And no visible strings.

Also the original was created using Windows 7.

I've just run the old version of bat to exe converter on Windows 10 but it still shows no strings in the compiled file. I can't explain it. There must be differences in the way the program works on windows 10 vs Windows 7.

 

ROFL. No wonder I couldn't duplicate the results.