Author Topic: Combine hjt with X-RayPc (Read 3674 times)

polonus · « **on:** July 29, 2006, 11:33:40 PM »

Hi Malware Fighters,

We all are using HiLoA, Eddy's hjt analyzing program, we go to online analyzing pages for a quick and dirty. HijackThis log is the name of the game. For specialists only or the advanced user and malware fighter, to be learned through special moderators and ritualized in various style, a piece of to-days High Internet Magick.

The hjt log analyzer from the Anti-Malware Universities that are online get their training to do it all according fixed routines, and with some special uninstall tools alongside hijackthis. But manually and the routines according fixed schemes, a lot to be learned by heart.

But there are more things to be taken into the bargain when building a nice uninstalling or removal routine for the nasties to be found on the Net or in your mailbox. Dll-conflicts (do dlls do what your software requires or you cannot have the full functionality, do the modules or processes have the right checksums, are the file binaries analyzed, the packers known.
So part of it should also be automated (it is now standard used inside a-squared anti-malware 2.0 with the heuristics, only for the experts as the makers of a-squared add in their instructions) Nice is a combination of XRayPc Spyware Remover Process Analyzing program, also know as XRayPC from http://www.x-raypc.com/ Use the logs of this proggie to use it inside a hjt analysis, The logs can also go to your local hjt analyst, together with the SmartDreck log, the Process Explorer log, the VSB runner log, etc.
People have to use all, not only fountain-pens for gurus, also processors for the geeks,

Yours truly,

polonus

drhayden1 · « **Reply #1 on:** July 29, 2006, 11:53:22 PM »

hey polonus...i've used X-ray pc on my system for quite some time now...very good and useful "free" program and its by the same people that also make a cleaner called X-cleaner(free version available)i don't use anymore
since i have Ccleaner and Webroots Window Washer on my laptop...
http://www.xblock.com/
click on try now under X-cleaner and goes to page that has info for free version of X-cleaner..

polonus · « **Reply #2 on:** July 29, 2006, 11:55:33 PM »

Hi drhayden1.

See what it can find: http://www.x-raypc.com/product_list_full.php

1660 and still counting,

polonus

drhayden1 · « **Reply #3 on:** July 30, 2006, 12:15:55 AM »

http://www.x-raypc.com/help.php

just ran it polonus and all mine were good or undetermined under the triage section

polonus · « **Reply #4 on:** July 30, 2006, 01:12:11 AM »

Hi drhayden1,

The undetermined can be found up using online resources of which there are several on the big anti malware forums, you just check the names given and the checksums. One good thing to do always is have a free checksum program, run that on installing a new OS, when new things appear that you did not self install, there you could have a relative problem.
Well you have the files that keep changing all the time, you have to make all unhidden, and the malware artists does not make it easy for ye, legit things that are malware in other places, malware that looks or sounds similar to legit M$ dll or process, suggestions to delete vital dll's to disrupt the functioning of your computer. Well summa summarum there is a whole list to be considered: good bho, bad bho, good startup files, bad startupfiles, good registry settings, bad registry add-ons, good hooks, bad hooks. But as a comfort to you, all the apropriate information to decide if something should be there or rather should not, can be determined from sources on the Internet, known to be reliable.

polonus

DavidR · « **Reply #5 on:** July 30, 2006, 01:34:22 AM »

Sounds like another useful tool in the armoury.

drhayden1 · « **Reply #6 on:** July 30, 2006, 02:03:54 AM »

hi davidr

i checked on the undetermined programs and i recognized all of them and most of them are applications and etc that are on my laptop

DavidR · « **Reply #7 on:** July 30, 2006, 01:53:05 PM »

Well it took some time to actually manage to get through to the triage server (lots of error connecting to triage server pop-ups) to do the on-line analysis and having managed to I find that there are huge holes in its knowledge base. Whilst I have no Red entries there are large numbers of Undetermined entries and not just for obscure programs (all of which I know are OK).

I can't believe msimn.exe (outlook express), firefox.exe, mailwasher.exe, nvsvc32.exe (nvidia display driver helper service), these are just some which being popular programs there is no excuse for not having recognised. It recognises many of the avast providers but not ashdisp.exe and aswupdsv.exe. It also fails to recognise several windows services, primarily when there are switches after the path, e.g. -k rpcss.

So there is definitely room for improvement.

drhayden1 · « **Reply #8 on:** July 30, 2006, 02:45:21 PM »

hey davidr...since you mentioned that i noticed some of the app's i have were not recognized-thanks for noticing that

have a good one avast! world

Author Topic: Combine hjt with X-RayPc (Read 3674 times)

polonus

Combine hjt with X-RayPc

drhayden1

Re: Combine hjt with X-RayPc

polonus

Re: Combine hjt with X-RayPc

drhayden1

Re: Combine hjt with X-RayPc

polonus

Re: Combine hjt with X-RayPc

DavidR

Re: Combine hjt with X-RayPc

drhayden1

Re: Combine hjt with X-RayPc

DavidR

Re: Combine hjt with X-RayPc

drhayden1

Re: Combine hjt with X-RayPc