Otl.exe Fake Or Not

[zooid]

Hi, all

have you ever heard about a tool called OTL.exe (OTL OldTimer's List-It) it is supposed to be a spyware cleanup tool, although I don't really think so. If you google "OTL.exe" you'll get lots of links either to the page of its creator, or the tutorial on how-to use it. Several months ago I've downloaded to my laptop that tool because I suspected it was infected. I followed the tutorial, I didn't find anything wrong with the computer. And then the strage thing started. The OTL.exe was downloaded and started on my desktop, a couple of days ago after boot up OTL.exe appeared again. scan my PC with ZoneAlarm Extreme Security, RootRepeal, GMER etc. I even tried they didn't find anything wrong. I am desperate, I don't know what to do this thing is really annoying. Please If anyone has encounter this same thing give me some help. Another thing, using PEiD I found the packer it was used, and the second I unpack it ZoneAlarm and AntiMalware alarm that it is a "bad Mothaf***". Is there a way without re-installing the OS that I can stop this file from "reviving" on my desktop. My OS is Windows 7 Ultimate x64.

Thanks in advance.

[Infiltrator]

1) Try out these tools Malwarebyte, Spyware-Search and Destroy and Avast.

2) Go to your start menu, type Msconfig in the search field, go to the startup tab and under the start up item take notice of any item that has a reference to OTL.exe and disable it.

3) Go to your start up folder and make sure the OTL.exe file is not there, C:\Users\<userID>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

4) Check the following key in your registry, and make sure it's not there.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

5) If none of the above methods work, try Hijackthis

Edited November 30, 2011 by Infiltrator

[digip]

Or rewind to a restore point BEFORE the file was installed. Don't run no-name tools that have the potential to be malware. Chances are, your machine was fine, and this program infected it, possibly disabling scanners and detection. if all else fails, boot off of live media, backup all files, and reinstall windows.

By the way, it is malware: http://www.virustotal.com/file-scan/report.html?id=851a1822872f6c47711ff5377f46d3063c4ac94422fb83d38226b8d080f7a044-1322632617

Edited November 30, 2011 by digip

[Infiltrator]

By the way, it is malware: http://www.virustotal.com/file-scan/report.html?id=851a1822872f6c47711ff5377f46d3063c4ac94422fb83d38226b8d080f7a044-1322632617

Its funny how all the major av companies are not picking up this sucker.

It must be implemented with some kind of sophisticated Rootkit to make it FUD.

Edited December 1, 2011 by Infiltrator

[digip]

Or, its false positives, which is possible, but I've seen it on several different sites, with different MD5's, some with .exe and some .scr extensions (*why screen saver extention, I don't know but malware will run as exe if in scr on older machines) so my guess, is he got a rouge variant and not a legit copy, or all of them are rouge software.

[Infiltrator]

I've seen that before a malware with a .scr extension. Even though, It didn't cause any damage, it dramatically slowed the system down. The whole CPU usage was at 100%.

Getting rid of it, was just a matter of locating it and deleting it.

Edited December 1, 2011 by Infiltrator