Hi Spiritsongs,
We have the HijackThis expertise here as well. Merijn, this was the Dutchman who originally developed this tool:
http://www.spywareinfo.com/~merijn/htlogtutorial.htmlBe aware there are rogue variants for everything.
The expertise that is needed is not really that high class magic.
You have to have a clear understanding of what processes and files should be running on your computer, and what sort of things should not be there or better not. There are online sources to get this information: fileadvisor is a nice one, there are online sources for processes, dll, bho's that are safe or not. The System Spyware Interrogator analyzes this for you automatically. The only thing a malware fighter needs is some time at hand to guide the process of cleaning preferably in one go. It is a good thing to use some Startup Apps for this goal: you can get it here:
http://www.niksoft.at/download/startdreck.htm (cleansing tool under the guidance of Profis), together with a new one:
under development but rewarding tool: dotomyco, available from here:
http://www.niksoft.at/download/dotomyco.htm.
Most sites that learn this have people assist and whenever they developed the skills have them have a go at it. There is even an English acadamy for it, where you can learn to be a malware fighter.
For information on pests and removal I often go here:
http://www3.ca.com/securityadvisor/pest/, just when I get a red alert on siteadvisor or from the DrWeb pre-hyperlink scanner plug-in, I go there and to other sources. I always like to be informed what I am up against.
We do a lot of this stuff at the Dutch ASO site, it just needs strict routine and some expertise. malware fighting is an attitude, and you learn it while doing it.
-----------
With dotomyco you can get a log file like this:
--------------
2006-04-25 19:32:40 start E:\DOTOMYCO\DOTOMYCO\DOTOMYCO.exe
2006-04-25 19:32:40 Dotomyco (v1.0.4n public beta)
2006-04-25 19:32:42 ready!
2006-04-25 19:32:58 notice: RunDialog
2006-04-25 19:33:13 checking...
2006-04-25 19:33:13 #1 memory...
2006-04-25 19:33:31 #2 processes...
2006-04-25 19:33:42 #3 NT-Services...
2006-04-25 19:33:42 #4 Run-Keys...
2006-04-25 19:33:42 HKLM\RunServices/*StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe FOUND: suspicious run-entry
2006-04-25 19:33:43 #5 BHO...
2006-04-25 19:33:43 #6 AppInit_DLLs...
2006-04-25 19:33:43 reg#2: AppInit_DLLs
2006-04-25 19:33:43 #7 hosts file...
2006-04-25 19:33:44 C:\WINDOWS\hosts ERROR(53): File not found
2006-04-25 19:33:44 ready!
2006-04-25 19:34:37 quit
-------------
Analysis nothing wrong here because this executable file is normal for Win ME:
statemgr.exe is a component of the Microsoft Windows ME Oparating System. this process monitors and verifies window's system directory integrity. If any problems are found with files StateMGR can restore settings to the last restore point. Often named stmgr.exe, this program is important for the stable and secure running of your computer and should not be terminated.
---------------------------
Mind you the Dotomyco program needs VB40032.DLL and is only free for personal use. Very handy for malware fighters as an extra tool in our toolbox, allthough it is still under development and in beta. Cheers Tony Klein for this nice German program.
polonus