Author Topic: hijackthis log analyzer  (Read 18549 times)

0 Members and 1 Guest are viewing this topic.

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
hijackthis log analyzer
« on: March 25, 2007, 09:26:20 PM »
Hi friends!
I need a good online hijackthis log analyzer.
What can you suggest to me?
Let the God & The forces of Light will guiding you.

Offline Spyros

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1140
Re: hijackthis log analyzer
« Reply #1 on: March 25, 2007, 09:40:42 PM »
http://hijackthis.de/
But double-check everything on google before you do anything drastic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29950
  • malware fighter
Re: hijackthis log analyzer
« Reply #2 on: March 25, 2007, 09:48:24 PM »
Halio avatar2005,

Tools like FreeFixer, and the one that validates online like there is X-RayPC have all come along in the slipstream of HijackThis, and I consider them programs to be able to work better cleansing routines.
There are online sources to evaluate the outcome of FreeFixer or its reports rather, and they have a very interesting forum to discuss the findings of FreeFixer. You also have to note that FreeFixer is still in beta. But I have installed it, and it seems a valuable addition in finding things that should not be on a malware-free computer. It is nice that you can work the logs of X-RayPC to cleanse in a similar way as you handle the HJT-logs. These aren't programs for the meek, and certainly not to be used without help of an expert.
You can search the file database here: http://www.kephyr.com/filedb/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Spiritsongs

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1758
  • Ad-aware orientated Support forum(s)
Re: hijackthis log analyzer
« Reply #3 on: March 25, 2007, 09:50:20 PM »
 :) Hi :

    As far as I am concerned, they do NOT exist ; much more trustworthy
    is the EXPERIENCE of 2 Malware Experts and what they shared at
    www.landzdown.com/index.php?topic=438.0  .
For the Best in what counts in Life :
www.tacf.org

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29950
  • malware fighter
Re: hijackthis log analyzer
« Reply #4 on: March 25, 2007, 09:58:48 PM »
Hi Spiritsongs,

We have experts here as well. I know essexboy has the same qualifications as the people you advertise for. And then we have noadfear among the members of our webforum, developer of may special cleansing tools himself.. Why should not avatar2005 not learn to work these specific tools himself as well, He can go to sites and analyse particular cleansing routines at majorgeeks, analyse cleansing routines we have solved here etc. He can ask essexboy how he did it, and essexboy will be too glad to instruct him how it is done.
I cannot see why the folks at landzdown should have the exclusivety, while we have competent people here as well, and like essexboy got the training, why avatar2005 couldn't is beyond me.
I'd like to say to avatar2005: "Naboj!",

Also consider this nice program Brute Force Uninstaller: http://metallica.geekstogo.com/BFUinstructions.html

polonus
« Last Edit: March 25, 2007, 10:11:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 79179
  • No support PMs thanks
Re: hijackthis log analyzer
« Reply #5 on: March 25, 2007, 10:11:44 PM »
There really is nothing wrong with using an on-line analyser, provided you don't take what it says as gospel and check those that are indicated as nasty, potentially nasty and unknown. Using google on the file names to see if that confirms the analysis.

Also at hijackthis.de you can even upload the suspect file for scanning not to mention the suspect files can be uploaded to virustotal and or jotti for scanning.

With the best will in the world not everyone who needs to use HJT and as you keep saying go to landzdown.com they couldn't possibly cope with the load. So using an on-line analysis tool as outlined above will break the back of the task and any further questions, etc. can be asked here, 'avast users helping avast users.'
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 17.8.2318/ Outpost Firewall Pro9.3/ Firefox 52.4.0 ESR, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29950
  • malware fighter
Re: hijackthis log analyzer
« Reply #6 on: March 25, 2007, 10:23:14 PM »
Hi DavidR,

I fully agree here with you. We like to share our expertise amongst ourselves, and help our fellow forum members as best as we can. This is a good information database to evaluate the hijackthis logs:
http://www.short-media.com/forum/showthread.php?t=35982

You can view and search the database here:
http://spywareshooter.com/search/search.php

Or the quick URL:
http://spywareshooter.com/entrylist.html


polonus
« Last Edit: March 25, 2007, 10:30:03 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: hijackthis log analyzer
« Reply #7 on: March 25, 2007, 10:34:28 PM »
As far as I am concerned, they do NOT exist ...
You must have missed Spyros' post.  Its just a couple above yours.

Use it as part of a learning process and it will show you much.  Temper it with good sense and it will help you out of some difficulties and save you a little time.

Or do you mean to imply that the experts never, ever have occasion to double check themselves?
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29950
  • malware fighter
Re: hijackthis log analyzer
« Reply #8 on: March 25, 2007, 10:42:34 PM »
Hi mauserme,

Especially when the malware does not seem to come out of the book, it is an evolving process. Also hijackthis is an ever changing tool, well anyway it better stays that way. You have various online databases for executables, processes, dll's etc. etc. to check and re-check. What I like especially and always renders best results is co-operation in a cleansing procedure. You would not believe how much I learned from simple being into it. The so-called experts had to go through the very same routines, and if they can almost "sniff out" the baddies only comes with time and experience. You must be very accurate, and keep to the prescribed routines,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40641
  • Dragons by Sasha
    • Malware fixes
Re: hijackthis log analyzer
« Reply #9 on: March 25, 2007, 10:44:09 PM »
Quote
Or do you mean to imply that the experts never, ever have occasion to double check themselves?
No I never double check, triple or quadruple yes, but never double  ;D

But as the links say many types of malware now have protection routines built in along with morphing dll/exe files.  All the tools out there are only as good as the mind wielding them, which is where the analysis tools like silent runners, DSS and Winpfind come in

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
Re: hijackthis log analyzer
« Reply #10 on: March 25, 2007, 10:46:46 PM »
After some searching & looking to provided links I'm wondering why HiJackThis  shows PC Tools firewall plus service as " Possible nasty" ??? ::)
Let the God & The forces of Light will guiding you.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: hijackthis log analyzer
« Reply #11 on: March 25, 2007, 11:30:45 PM »
Was it an unknown process?  It is kind of new so if that's all it said don't read too much into it.

If there's more to it than simply an unknown process post what it did say about it.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 79179
  • No support PMs thanks
Re: hijackthis log analyzer
« Reply #12 on: March 25, 2007, 11:40:30 PM »
Quote from: avatar2005
After some searching & looking to provided links I'm wondering why HiJackThis  shows PC Tools firewall plus service as " Possible nasty"

Because it is possible that you are running it from a different location, hence reference to where it might normally be installed. It is also saying 'do you know this process' if so and you installed it then there is less likelihood of it being nasty. That is what we mean by checking and don't take everything as gospel, they to advise scanning with and AV if you are suspicious, etc.

There is also a means of adding user input to state that it is a safe program, etc.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 17.8.2318/ Outpost Firewall Pro9.3/ Firefox 52.4.0 ESR, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: hijackthis log analyzer
« Reply #13 on: March 26, 2007, 12:43:09 AM »
Strange that the HiJackThis does not 'discover' the path by the Registry and not only the 'default' location: this way you does not the freedom to install an application in any other path than the dafault one... am I wrong?
The best things in life are free.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: hijackthis log analyzer
« Reply #14 on: March 26, 2007, 01:25:24 AM »
HijackThis does show the actual path.  But if the installation path is not the default, or at least not something the online analyzer expects, it gets reported as possibly nasty or unknown or whatever.  That's one reason human input is so important.

It makes more sense if you think of in terms of something like lsass.exe.  If the path is c:\windows\system32 its normally ok and the analyzer will report it as such.  If its c:\program files\temp its reported as possibly nasty because lsass.exe is a name known to be used by malware and its not the right path for the lsass.exe that's known to be good.  Doesn't mean its absolutely bad, but it needs closer scrutiny.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)