Jump to content

Otl.exe Fake Or Not


zooid
 Share

Recommended Posts

Hi, all

have you ever heard about a tool called OTL.exe (OTL OldTimer's List-It) it is supposed to be a spyware cleanup tool, although I don't really think so. If you google "OTL.exe" you'll get lots of links either to the page of its creator, or the tutorial on how-to use it. Several months ago I've downloaded to my laptop that tool because I suspected it was infected. I followed the tutorial, I didn't find anything wrong with the computer. And then the strage thing started. The OTL.exe was downloaded and started on my desktop, a couple of days ago after boot up OTL.exe appeared again. scan my PC with ZoneAlarm Extreme Security, RootRepeal, GMER etc. I even tried they didn't find anything wrong. I am desperate, I don't know what to do this thing is really annoying. Please If anyone has encounter this same thing give me some help. Another thing, using PEiD I found the packer it was used, and the second I unpack it ZoneAlarm and AntiMalware alarm that it is a "bad Mothaf***". Is there a way without re-installing the OS that I can stop this file from "reviving" on my desktop. My OS is Windows 7 Ultimate x64.

Thanks in advance.

Link to comment
Share on other sites

1) Try out these tools Malwarebyte, Spyware-Search and Destroy and Avast.

2) Go to your start menu, type Msconfig in the search field, go to the startup tab and under the start up item take notice of any item that has a reference to OTL.exe and disable it.

3) Go to your start up folder and make sure the OTL.exe file is not there, C:\Users\<userID>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

4) Check the following key in your registry, and make sure it's not there.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

5) If none of the above methods work, try Hijackthis

Edited by Infiltrator
Link to comment
Share on other sites

Or rewind to a restore point BEFORE the file was installed. Don't run no-name tools that have the potential to be malware. Chances are, your machine was fine, and this program infected it, possibly disabling scanners and detection. if all else fails, boot off of live media, backup all files, and reinstall windows.

By the way, it is malware: http://www.virustotal.com/file-scan/report.html?id=851a1822872f6c47711ff5377f46d3063c4ac94422fb83d38226b8d080f7a044-1322632617

Edited by digip
Link to comment
Share on other sites

Its funny how all the major av companies are not picking up this sucker.

It must be implemented with some kind of sophisticated Rootkit to make it FUD.

Edited by Infiltrator
Link to comment
Share on other sites

Or, its false positives, which is possible, but I've seen it on several different sites, with different MD5's, some with .exe and some .scr extensions (*why screen saver extention, I don't know but malware will run as exe if in scr on older machines) so my guess, is he got a rouge variant and not a legit copy, or all of them are rouge software.

Link to comment
Share on other sites

I've seen that before a malware with a .scr extension. Even though, It didn't cause any damage, it dramatically slowed the system down. The whole CPU usage was at 100%.

Getting rid of it, was just a matter of locating it and deleting it.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...