« previous next »
Pages: [1]   Go Down

Author Topic: Evaluating a hijackthis log, some valuable links!  (Read 2341 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33913
  • malware fighter
Evaluating a hijackthis log, some valuable links!
« on: March 21, 2008, 09:21:42 PM »
Hi malware fighters,

Sometimes you see victims asked to post a hjt log.txt as an attachment to a posting in our virus and worms section. Then the malware fighters start to analyze a possible malware infection, a good raw pre-evaluation can be found here: http://www.hijackthis.de/
Together with this: http://www.prevx.com/hijackthis.asp
Then there are other online resources:
overview:
http://www.castlecops.com/HijackThis.html
for checking 04 entries and running processes:
http://www.sysinfo.org/startuplist.php
for checking 02 and 03 entries:
http://computercops.us/CLSID.html
or checking 010 entries:
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
for checking R0 and R1 entries to see if they are CoolWebSearch related:
http://users.skynet.be/bk136527/CWS/CWSdomains.htm

Use this for 02's & 03's in the log:
http://www.computercops.biz/CLSID.html
Tony Klein's BHO's
http://www.sysinfo.org/
for 04's:
http://www.bleepingcomputer.com/tutorials/tutorial42.html

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
Start-up appl.:
http://members.shaw.ca/austin.powers/
windows start-up location
http://windowsstartup.com/wso/search.php
start-up programss:
http://www.rockymountain.com/ref_startup.htm

for 016's:
http://www.javacoolsoftware.com/spywareblaster.html
and don't forget the best resource of them all:
http://www.google.com/

Hijackthis is a formidable tool, use it wisely and best in the hands of the trained malware fighter,
because used in the wrong hands it could ruin your OS beyond restore.
If you are a power user and know what you are doing you can also use it as kind of a crap cleaner
for empty entries or items that are no longer necessary or things you do not want/need any longer, but again also in the hands of those that are enough computer savvy to know what they are doing.

Some forms of malware has risen up to the effects of what hjt can do, and now there are tools that go further like ComboFix, and Malwarebytes' Anti-Malware also known as MBAM, and a whole row of special purpose tools and scanners,

polonus (malware fighter)
« Last Edit: March 21, 2008, 09:47:09 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »