Solved: check your own hjt log here

[smash]

i think this should have its own place on the front page

scan your own hjt log here
http://www.hijackthis.de/index.php?langselect=english

 

[Flrman1]

We do not support that HJT log analyzer here and neither do any reputable security forums or experts. Please do not recommend it at this site again or use it here to analyze others Hijack This logs. If you are qualified to analyze HJT logs, please feel free to do so, but do not post responses to logs copied and pasted from the hijackthis.de Hijack This log analysis in this forum again.

 

[flavallee]

I gave it a try with a sample HijackThis log. I have to question some of its test results.

 

[flavallee]

Thanks, Flrman1. You just reconfirmed my suspicion about that site.

 

[smash]

did it say they were nasty i personally thought it did a pretty good job as long as you know what should be running i'm sorry if my help and time stuffed anything up but i doubt it

 

[smash]

We do not support that HJT log analyzer here and neither do any reputable security forums or experts. Please do not recommend

so is there one you would recommend?

 

[flavallee]

Smash:

One of the purposes of the "Security" forum is to analyze the HijackThis logs that are posted.

I, for one, am still learning how to analyze them, so I don't consider myself an expert. I rely on the real experts here to analyze them.

I wouldn't count on an on-line analyzer doing a 100% accurate job.

 

[smash]

thats true but i was putting it up for those who know enough about it heres my log i know i have bearsharelite p2p but i reckon its pretty clean don't you sorry but i was trying to help!

Logfile of HijackThis v1.99.1
Scan saved at 10:36:38 PM, on 9/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} -
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105426732878
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{576AF01C-22C3-4373-9C1A-76054B94FD15}: NameServer = 203.87.88.1 203.87.88.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

 

[flavallee]

J2RE 1.4.2.06 is very outdated. 1.5.0.04(5.0 Update 4) is the current version. You can get it here. It's the third link down from the top.

Download and save the new version, uninstall the old version, reboot, then install the new version.

----------------------------------------------------------------

 

[smash]

see what i mean yes i know my java is old but otherwise clean eh

 

[Flrman1]

Thanks, Flrman1. You just reconfirmed my suspicion about that site.

You're welcome. That one has been around for quite some time and I've seen more than one person screw things up using the results from it's log analysis.

We do not support that HJT log analyzer here and neither do any reputable security forums or experts. Please do not recommend

so is there one you would recommend?

No there is not. There is no substitute for the expertise of the trained human eye and there never will be.

I have two automated HJT log analyzers that were developed by qualified experts that I don't even use. One was developed by Javacool, the developer of SpywareBlaster and is only available privately to qualified helpers. It comes with a strong warning that even it's results are not to be totally relied on and should be scrutinized and interpreted by qualified analysts. It's main purpose is for "Helpers in training". I do use it occassionally to look up an unknown Toolbar or BHO in the database, but that's it. Neither one of them can spot all the nasties that I can spot. I can spot what's in the log and formulate a course of action in less time than it takes me to paste the log in the analyzer and then interpret those results.

The complexity of many of the hijackers and other malware has increased to the point that the days of "one simple fix" are long gone. Much of what used to be considered spyware or adware has evolved to the point that they would be best described or categorized as backdoor Trojans, if you will. They open the door and download a host of other malware. Take the dreaded VX2/L2M malware for example. Before one can even begin to remove all the other malware it has downloaded and installed, L2M must be removed then the rest of the malware that shows in the HJT log can be removed. You can scan with Anti-Spyware apps, antiviruses and fix entries in the Hijack This log until you are blue in the face and have little or no affect until L2M is removed.

Here is an example of a log that has L2M and Aurora/Nail etc... Until those two are removed using tools specifically developed by various experts to remove them, all other efforts to remove what shows in the Hijack This log are futile.

These days there is an ever growing list of various forms of malware that little or nothing at all will even show up in a Hijack This log. There are multiple tools required now to identify the files and registry entries that need to be removed to kill these type of beasts. The Hijack This log is simpy the first step in what has all too often become a long and tedious process.

The only way to become one who is qualified to help with the Hijack This logs is no different than any other field of expertise that one might choose. First you have to have a certain amount of desire and love for the art, if I may refer to it as such, and a sincere disdain in your heart for malware and those who author such crapware.

I have always despised bullies and that's what these guys are. They are just like the bully in the schoolyard that used to steal the milk money from the nerd on his way to school and then push him down in the mud. As a kid, I was one of those guys that saw the bullies pushing around the defenseless and came to their aid. Through the years, I’ve traded punches with more than my share of them. If push comes to shove, I’ll still square off with one today. It was a natural progression for me to end up here in the 21st century coming to the aid of those who are being pushed around by these "Cyber Bullies".

Next there is the preparation. There are an enormous amount of hours of research and study required to be able to identify what malware is in a Hijack This log and know what steps are necessary to remove it. I spent months following around the experts at the various forums watching what they did, taking notes and compiling lists of known baddies before I was confident enough to even begin helping with the Hijack This logs. Since the tactics of the bad guys are constantly changing and the removal methods are becoming more complex, the hours of research required remains a prerequisite of anyone who wants to remain, and continue to be, an effective soldier in this war we wage against those cyber bullies.

As George Harrison wrote, “Got to pay your dues if you want to sing the blues, and you know it don’t come easy”.

I’ll shut up now!

 

[MFDnNC]

Well said Mark!!!! - WRT to the analyzers, does The blind leading the blind come to mind???

 

[smash]

i play the blues paid my dues i just thought it was a good scanner for people who can read

 

[Flrman1]

i play the blues paid my dues i just thought it was a good scanner for people who can read

It sounds to me like you still don't get it!

 

[smash]

oh i get it alright you just don't understand that some people like to look for themselves and then google anything they're unsure of we all learn in different ways otherwise we'd be forever asking the same question i have no questions because i always find an answer it might not be the answer you would give but i keep all of my friends computers running smoothly and fix all the problems caused by downloading the wrong stuff i also build them and have never had a unresolved problem anyway if you don't like the help i offer i don't really care