Character count limits

[kritius]

How come this is one of the few boards that cannot have a complete OTL log in one post?

In other forums I can fit the OTL log, Extras log plus a ComboFix log. HijackThis is no longer adequate for Malware Removal, many of the complex infections do not even show in HJT, this is why we need to use better tools which as a consequence need longer logs.

More than likely TechSpot will not move with the times and embrace this but at least it has been mentioned.

On with the blasting of this then.

 

[kimsland]

HJT Logs are just the preliminary starting logs that we ask for
The support member can certainly then further ask for other scans and logs to be completed (and attached) during the course of the support process

Vbulletin forums usually have "Character count limits" on consecutive amount of continuous characters, within the posting area. Is this what you are referring to?

Actually just doing a test it seems to be gone (in the preview window anyway - I'll have to submit the post to confirm )

abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz01234567890abcdefghijklmnopqrstuvwxyz01234567890abcdefghijklmnopqrstuvwxyz01234567890

EDIT
Are you talking about the 200Kb limit on attachments?

 

[kritius]

No,

I mean in other forums people who I am helping can copy and paste an OTL log and it will fit into the one post, not have to split it up over several.

Attaching logs is nowhere near as convenient for researching entires, also the creators of these tools include BBCode into the logs because they are meant to be pasted in.

 

[kimsland]

Oh

I've been out looking at OTL logs online, and I see the BB Code as well

But this post (as an example) https://www.techspot.com/vb/post818964-23.html
Doesn't have color corrected in our BB Code here
Also, why was that members post much longer than other OTL logs that I've seen online?

 

[mailpup]

Can't one post a long log using "code brackets" like I'm trying to test here?


OTL log (part 1)
OTL logfile created on: 17/11/2009 17:30:52 - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Tony Collins\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.16 Mb Total Physical Memory | 633.95 Mb Available Physical Memory | 62.02% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 45.15 Gb Total Space | 30.18 Gb Free Space | 66.83% Space Free | Partition Type: FAT32
Drive D: | 45.54 Gb Total Space | 42.04 Gb Free Space | 92.32% Space Free | Partition Type: FAT32
Drive E: | 203.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-684C9A655D
Current User Name: Tony Collins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Documents and Settings\Tony Collins\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.)
PRC - C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\WButton.exe ()
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\Powerkey.exe ()
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Documents and Settings\Tony Collins\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Program Files\Trusteer\Rapport\bin\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper .dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.2 2319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (gupdate1ca56935cbf11cc) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (GFIBckHAtt) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe (GFI Software Ltd.)
SRV - (GFIBckHSched) -- C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe (GFI Software Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)

I've never actually had to do it myself but what if you use "

text[ /code]" (w/o space).

 

[kimsland]

We have a 10,000 character limit here. EVEN on "Code" replies (ie with or without Code box)

 

[mailpup]

Too bad. I thought I was on to something.

 

[kimsland]

Sorry
But kritius is though
ie He may be right

 

[kimsland]

I'm still waiting for your answer to this kritius

Also, why was that members post much longer than other OTL logs that I've seen online?

Also what is the character limit on "other forums"?
Obviously 10,000 isn't enough, what would be enough?

 

[kritius]

That OP for some reason cut it down and then pasted in double lots for a few of them.

ie,
part 1 some data
part 2 the same data
part 3 some data
part 4 the same data

Also, there may be have been a lot of files modified if any updates had have taken place, (sp3 is not as crucial an update as sp2 and can be left till the end). There was a LOT of updates and modified files on the 26/10/09

250,000 is what is set on some forums.

 

[DelJo63]

Personally, I've never liked the COPY/PASTE solution for logs as that clouds the results for search engines like Goolge with tons of useless junk.
Using attachments keeps the TS threads readable, neat and avoids the character count issue, or at least moves it to a different 'object', ie attachment size vs posting limits.

 

[kimsland]

250,000 is what is set on some forums.

Thanks

And regarding pasting in files, I'm slowly but surely fully understanding the concept
But, again the BB Code here does not match up with OTL anyway. Therefore Attaching would have the exact same result. (except for online diagnosis of course )

This is a dilemma, as it is better to paste, and it would be easier to analyze
But without the correct BB Code, then we need to fix that first. Plus increase to 250K
Oh dear, what's Bobbye's take on this?

 

[DelJo63]

This is a dilemma, as it is better to paste, ...

not if it's not fractured across multiple postings :wink:
IMO, the BBcode is just eye candy and we shouldn't be dependent upon it.

 

[Julio Franco]

Let me clarify my stand regarding this post length issue, not without first saying that I'm less than familiar with the process of log checking and analysis.

Furthermore, the reason the VM removal section exists on TechSpot is due to the community's own desire and need for it.

Now, coming back to my comment where I told kritius we wouldn't support long pasted logs, I was referring to the specific scenario that upon his request the user had posted 16 consecutive replies here - I found that overly exaggerated and not needed when you have the option of attaching the large log.

Correct me if I'm wrong, from your later replies I understand the user pasted repeated information that could be fit in two posts max?

If that's the case I propose the solution of using the CODE tags for pasting logs, and removing them from the overall post character count, thus making them an effective solution to your request.

Let me know if that works.

 

[LookinAround]

Personally, I've never liked the COPY/PASTE solution for logs as that clouds the results for search engines like Goolge with tons of useless junk.
Using attachments keeps the TS threads readable, neat and avoids the character count issue, or at least moves it to a different 'object', ie attachment size vs posting limits.

From the "end user's" point of view
1) i absolutely agree with jobeard on that point. Googling on file names or other search criteria often brings up lots and lots of useless junk as hit-after-hit merely finds references to the items in posted online logs

2) Also from a user's view, i find it very difficult scrolling through a thread to read individual posts when each post can be very, very long (and i want skip past and find the next one)

But from the malware helper's point of view...?
Kritius, could you please explain just what functionality or user interface issues cause you grief when post size is restricted? (what do you need to do? what steps are being hindered?) It may help to first understand the functional problem before trying to tackle a specific implementation

 

[Julio Franco]

@LookinAround

The nice thing about the code tags is that it will put all text inside a scrollable box, in fact I think I can customize that to be wider and shorter to better fit our site's design. This box would do away with the issues that you mention but I'm not totally sure is the kind of solution malware helpers are looking for.

 

[kimsland]

The Issue(s)

After further investigation kritius is correct in saying we need to "move with the times" and look at HJT logs as possibly a first reference only (simple small logs) But OTL is now preferred
That being said, it has been discussed that HJT may commonly miss known malwares entries, this generally because the malware makers themselves have found ways to bypass this simple log and entries, plus because OTL is more thorough and, well, better.

Another concern is the now "Code" proposal (that by the sounds of it, can have an extended character amount placed on it). But then I read a recent thread with Bobbye supporting, repeatedly trying to help the OP paste in the logs, of which the simple task of Copy/Paste is beyond the OP. So to ask the OP to then select "Code" and not "Quote" and not directly "Paste" into a message, is just going to make an even more of a headache, for supporting Users who do not know.

Then we have the issue (yes it still goes on) that links are not allowed by new members with extremely low post count (ie 1 post) But these logs also show specific URLs in the log, which will then vanish if the OP pastes their log in, or will error message the OP with "Not enough posts"

Then we have the BBCode issue that is not in line with OTL, and will show all these entries of color=(some number) or [noparse]some text[/noparse] That just looks annoying, and makes a log that more difficult to read

Oh and we still have the limit on character length presently
And, as stated by jobeard and LookinAround, basically these Log Posts, are going to fill a Thread and possibly (likely) have many of these Log Posts (pasted in) during the course of the thread. Let alone others posting in their logs, essentially hijacking a thread, possibly making it even confusing for the OP.


So....

The fix?

Is TechSpot willing to take all this on?
And if so, then there may be more than one change (as above)
And if not, then should we just do minimal help with continuing with HJT logs, and basically get the OP to a possible workable stage before sending them somewhere else for more attention
And if not at all, then maybe no Malware removal at TechSpot.

Regarding the last point above. I do believe there is a place for Malware support, else many BSoD posts and Windows posts, and really every forum post, may have no where to go if Malware is suspected.


Oh, regarding why Paste in the first place, "what do you need to do"? (as asked by LookinAround)
Well it seems that pasted logs are easier diagnosed, by tools such as THIS, and will also allow support not to even log on to originally review the logs.


So this is a dilemma.


The real fix?
Keep it the same as it is
But posts logs can be pasted, across 1 or 2 posts
Larger posts > attached
Although I can already see the confusion in that too
Edit: Oh, I mean that's where we are at right now!



Edit2:
Lets just go with kritius original idea/request and allow posts to have larger character post count in the Malware removal forum
Anyway, that's what he asked for to begin with

How about that Julio?
ie No Code box, just extension on character amount kritius mentioned: 250,000

 

[Bobbye]

Let's keep this simple, please- or better- KISS:

1. There are only two of us doing malware cleaning on TS at this point. kritius is much more advanced than I am, but I am surely way ahead of those who tell the posted to have HJT remove the AV entries!

2. The reason I want the HJT log pasted in is because it allows me to search any part of an entry directly from the pasted log, using the Malware add-on I have in Firefox. That cuts down on the amount of time it takes to review entries and it allows me to help more members.

3. I checked the contents in a Code box and the content appears to be available for the browser search from there-for my purpose. It may not be for kritius.

4. The OTL log of 16 posts was not a normal OTL log. The poster repeated some entries which lengthened the total.

5. A recent incident from one member of having a problem pasting a log was a specific problem to her with the copy and paste feature. We don't know what caused it yet, but it is NOT a problem caused by the V&M forum.

6. Summary:
The V&M forum is unique and should allow some features that do not need to be available on the other forums.

Stop trying to group that forum with the activities on other forums.

Give us any help that you can to make out job easier and allow us to help the most members.

In other words, KISS.

Happy Holiday!

 

[kritius]

Thanks kimsland and Bobbye,

The only logs that I would need to be attached are logs such as OTS, GMER, RootRepeal, SysProt, etc. These logs require attaching as they can get very very long.

Logs such as SystemLook, ComboFix, OTL, DDS, HJT (I very rarely use this now though) and Kaspersky can be easily pasted in.

Virus and malware removal is obviously a specialised case, this would not have to be repeated for the other forums.

I would also love to see some mod capabilities for malware helpers, such as the ability to close threads and edit posts but that is a seperate discussion.

 

[Bobbye]

kritius, I've been working on the thread closing- it's actually part of the ongoing discussion about the malware forum being unique. I had previously requested Julio to consider this and recently revisited him on the subject.

Hopefully, maybe there will be some progress after the holidays.