1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

What to do from now on with HJT logs

Discussion in 'Virus & Other Malware Removal' started by forddude, Aug 31, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. forddude

    forddude Thread Starter

    Joined:
    Jul 13, 2004
    Messages:
    51
    Hello Non-techs,
    From now on with hijackthis logs please go here:

    http://www.hijackthis.de/index.php?langselect=english

    Trust me, it WILL save you time. Just a reccommendation. Still post hijackthis logs if you wish, it's just that this is a lot easier way to do things.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    We cannot in all fairness recommend you rely on that analyser

    it has just too many false positives and misses quite a few baddies

    by all means do a preliminary exam there & see what it says but don't rely on it fixing your computer, I have seen far too many computers fixed by their advice that have resulted in a complete format & reinstall to fix the problems that wrong advice has caused
     
  3. KrashedKris

    KrashedKris

    Joined:
    Dec 23, 2003
    Messages:
    262
    hi forddude, this looks like it could be a very useful site - but just wondering if you can recommend it from personal experience - i.e. does it usefully and accurately interpret HijackThis logs, what sort of output does it produce and can you point us to other reviews and recommendations of this site? i'm not being sceptical but as always its just useful to know more background before diving in - sorry if its already well-known, its just that i've not seen it mentioned on this forum before.

    having said that, it seems like an excellent concept, i was kind of wondering if some cool developer would produce an automated or semi-automated Hijack This log interpreter to make it easier for non-experts to at least filter out the kosher entries from the obviously suspect ones, and this looks as if it could be just that - if it works! :cool:
     
  4. KrashedKris

    KrashedKris

    Joined:
    Dec 23, 2003
    Messages:
    262
    dvk01 you beat me to it whilst i was writing my post! - thanks for the information on this - that was exactly what i was wondering, i.e. whether it was truly reliable or not in terms of false negatives/positives, and from what you say its obviously no substitute at all for an experienced hjt reviewer. :)
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    hi Kris---Yes, this thing in one form or another has been around awhile. For instance> it will simply list unknowns as just that (doesn't make up your mind for you) and it doesn't make using HJT any easier by having you remove ONLY what it detects as "nasty" positive hits...when in fact, you would have to bite the bullet and remove ALL the junk hopefully in just a few runs...
    There are just too many "probably bads" and fence sitting...to be of much use. I wonder what it gives for the newer CWS about:blank hijacks....

    EDIT: Just ran an about:blank CWS log through and it did flag everything but only said to "fix these entries with HJT"
    so that is not good...
     
  6. KrashedKris

    KrashedKris

    Joined:
    Dec 23, 2003
    Messages:
    262
    Hi Byteman - thanks for the additional information, I didn't realise it had been around for a while already. That was why I was a little wary of the unqualified recommendation, I was thinking that if the site was really that good it would have been referenced frequently in all sorts of security forums. It did strike me that in order to accurately interpret the HijackThis logs, this site would need a development and support effort equivalent to that required for a good quality AV or anti-spyware app - and there are not many individuals/organisations who have the skills/resources to do that outside of the commerical sector and some exceptional people like Pepi MK and Merijn - hence my caution. Really, there is no subsitute for security forums like this one where many pairs of experienced eyes can be recruited to help in fixing malware problems! :) (y)
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    As an example I just ran the 1st logfile frommthis thread through it
    http://forums.techguy.org/t263682.html

    in one section it says mesenger plus is a baddy and the next it's a good one

    it says M$ office is a baddy
    about:blank as safe when it's a definite indication of a cws hijack in this case

    this as bad C:\COMPAQ\INTERNET\CISRVR.EXE when it is compaq internet set up to use compaq internet services

    Altnets points manger as safe
    and P2P networking as safe in one part and bad in another

    and this a s safe
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing) when it's a definite cws hijack


    No I can not reccomend it at this time
     
  8. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    forddude

    I am going to suggest you edit your signature line to remove that link.

    Thank you.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/268822

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice