What to do from now on with HJT logs

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
We cannot in all fairness recommend you rely on that analyser

it has just too many false positives and misses quite a few baddies

by all means do a preliminary exam there & see what it says but don't rely on it fixing your computer, I have seen far too many computers fixed by their advice that have resulted in a complete format & reinstall to fix the problems that wrong advice has caused
 
Joined
Dec 23, 2003
Messages
262
hi forddude, this looks like it could be a very useful site - but just wondering if you can recommend it from personal experience - i.e. does it usefully and accurately interpret HijackThis logs, what sort of output does it produce and can you point us to other reviews and recommendations of this site? i'm not being sceptical but as always its just useful to know more background before diving in - sorry if its already well-known, its just that i've not seen it mentioned on this forum before.

having said that, it seems like an excellent concept, i was kind of wondering if some cool developer would produce an automated or semi-automated Hijack This log interpreter to make it easier for non-experts to at least filter out the kosher entries from the obviously suspect ones, and this looks as if it could be just that - if it works! :cool:
 
Joined
Dec 23, 2003
Messages
262
dvk01 you beat me to it whilst i was writing my post! - thanks for the information on this - that was exactly what i was wondering, i.e. whether it was truly reliable or not in terms of false negatives/positives, and from what you say its obviously no substitute at all for an experienced hjt reviewer. :)
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
hi Kris---Yes, this thing in one form or another has been around awhile. For instance> it will simply list unknowns as just that (doesn't make up your mind for you) and it doesn't make using HJT any easier by having you remove ONLY what it detects as "nasty" positive hits...when in fact, you would have to bite the bullet and remove ALL the junk hopefully in just a few runs...
There are just too many "probably bads" and fence sitting...to be of much use. I wonder what it gives for the newer CWS about:blank hijacks....

EDIT: Just ran an about:blank CWS log through and it did flag everything but only said to "fix these entries with HJT"
so that is not good...
 
Joined
Dec 23, 2003
Messages
262
Hi Byteman - thanks for the additional information, I didn't realise it had been around for a while already. That was why I was a little wary of the unqualified recommendation, I was thinking that if the site was really that good it would have been referenced frequently in all sorts of security forums. It did strike me that in order to accurately interpret the HijackThis logs, this site would need a development and support effort equivalent to that required for a good quality AV or anti-spyware app - and there are not many individuals/organisations who have the skills/resources to do that outside of the commerical sector and some exceptional people like Pepi MK and Merijn - hence my caution. Really, there is no subsitute for security forums like this one where many pairs of experienced eyes can be recruited to help in fixing malware problems! :) (y)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
As an example I just ran the 1st logfile frommthis thread through it
http://forums.techguy.org/t263682.html

in one section it says mesenger plus is a baddy and the next it's a good one

it says M$ office is a baddy
about:blank as safe when it's a definite indication of a cws hijack in this case

this as bad C:\COMPAQ\INTERNET\CISRVR.EXE when it is compaq internet set up to use compaq internet services

Altnets points manger as safe
and P2P networking as safe in one part and bad in another

and this a s safe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing) when it's a definite cws hijack


No I can not reccomend it at this time
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
forddude

I am going to suggest you edit your signature line to remove that link.

Thank you.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top