Understanding HijackThis

[thathagat]

well......
here are a few HJT tutorials:
HijackThis Tutorial
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
HJT Tutorial - DO NOT POST HIJACKTHIS LOGS - MajorGeeks Support Forums
PC Hell: HijackThis Tutorial for Removing Spyware

and this
to get a direct online HJT analysis

HijackThis Logfileauswertung

 

[Corrine]

All of the public HJT tutorials are based on the original Bleeping Computer tutorial and have been around for many years. That said, HijackThis is no longer relied on by security experts as providing much more than a general overview. It just doesn't provide enough information to fully analyze the extent of a malware infection.

Warning: Online HijackThis analysis tools should be used with extreme caution as f/p's are very common.

 

[Victek]

All of the public HJT tutorials are based on the original Bleeping Computer tutorial and have been around for many years. That said, HijackThis is no longer relied on by security experts as providing much more than a general overview. It just doesn't provide enough information to fully analyze the extent of a malware infection.

Warning: Online HijackThis analysis tools should be used with extreme caution as f/p's are very common.

.
Is there anything better at the moment?

 

[Corrine]

Hi, Victek. I'm not sure if you mean better than HijackThis or better than the tutorials.

As to the tutorials, as far as they go, they explain what the results of the log are showing. The thing is that it requires experience and research to know if what is in the log is safe or malicious. There is something that is in the final stages of review prior to posting that may be helpful in that regard. However, until it is public, I cannot say anything more about it.

As to the logs, due to the current state of malware/rootkits, most security forums request an ARK (anti-rootkit) log and, depending on their preference, a DDS, OTL or RSIT log. As an example, Unknown Infection, Possibly Malware/Worm shows both DDS and OTL logs, although the supplemental logs are attachments to the thread. You can see how much more in-depth those logs are.

 

[thathagat]

HijackThis is no longer relied on by security experts as providing much more than a general overview. It just doesn't provide enough information to fully analyze the extent of a malware infection.

its still a key tool in forums dealing in helping people with manual malware removal

Online HijackThis analysis tools should be used with extreme caution as f/p's are very common.

well it is all about an analysis.....pointing to what could be unsafe/bad/unknown ....that's it....and i've seen fps at expert malware removal forums leave aside online hjt analysis

one more online hjt analysis site is of emsisoft creators of A2
http:///www.hijackfree.com/en/upload/

Is there anything better at the moment?

ummm......there were/are of the likes of RunScanner,AutoRuns,X-RayPc Spyware Process Analyzer but HJT still rules

 

[Victek]

Hi, Victek. I'm not sure if you mean better than HijackThis or better than the tutorials.

As to the tutorials, as far as they go, they explain what the results of the log are showing. The thing is that it requires experience and research to know if what is in the log is safe or malicious. There is something that is in the final stages of review prior to posting that may be helpful in that regard. However, until it is public, I cannot say anything more about it.

As to the logs, due to the current state of malware/rootkits, most security forums request an ARK (anti-rootkit) log and, depending on their preference, a DDS, OTL or RSIT log. As an example, Unknown Infection, Possibly Malware/Worm shows both DDS and OTL logs, although the supplemental logs are attachments to the thread. You can see how much more in-depth those logs are.

.
Thanks for the additional information. Re my comment, I meant is there anything better then HiJackThis at the moment. Usually if a system is bootable a combination of on-demand scanners, e.g. MBAM, Hitman Pro, etc, will clean it up without needing to get into a detailed analysis. Occasionally though these programs aren't sufficient and something like HiJackThis is necessary. Being able to use HJT in combination with online analysis tools might result in a successful cleanup without having to submit logs to a security forum and wait for feedback.

 

[Jacee]

If you don't know how to do an in depth analyzing and cleaning, then it is best to ask in a forum where security advisor's have been trained. This is voluntary, free help. Or you could pay a couple hundred dollars to a PC shop.

 

[thathagat]

If you don't know how to do an in depth analyzing and cleaning, then it is best to ask in a forum where security advisor's have been trained.

A few examples of such forums:
Malware Removal - MajorGeeks Support Forums
Malwarebytes Forum -> Malware Removal - HijackThis Logs
Security Cleanup forum - dslreports.com broadband community
BleepingComputer.com -> Virus, Trojan, Spyware, and Malware Removal Logs
MalWare Removal • View forum - Malware Removal
SpywareInfo Forum -> Malware Removal

 

[Jacee]

A couple more
What the Tech - Tech Answers
Geeks to Go! Tech experts answer your questions

 

[Corrine]

Here's a fairly comprehensive list of sites providing help by trained analysts:

ASAP Member Forums Providing Log Analysis

Dansk - Danish
Spywarefri

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (german-language sites to get help from):
a-squared Anti-Malware Sie haben Probleme mit a-squared Anti-Malware? Fragen Sie hier unsere Experten!

English
247Fixes
5 Star Support
a-squared Anti-Malware If you have problems with a-squared Anti-Malware?
Amazingtechs
Atribune.org
BestTechie
Bluetack Internet Security Solutions
CyberAnswers.org
D-A-L Computer Help
Freedomlist
Gladiator Security
LandzDown
Lockergnome
Log'N'Rock
MalwareBytes
MalWare Removal
NutnWorks
Security Cadets
Security Central
Smokey's Security Forums
SpyWare BeWare!
SpywareInfoForum
Techmonkeys
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
The Spykiller
TnT - Tips 'n' Tricks
WhatTheTech
Windows Forum

Español - Spanish Sitios de ayuda contra el spyware en idioma español
a-squared Anti-Malware Tiene problemas con a-squared, con la página de inicio de a-squared o con algún Malware en especial? Siéntase libre de pedir ayuda.
InfoSpyware
ForoSpyware

Finnish Suomalaisia sivuja mistä saada malwaren poisto-apua (Finnish sites to get help from):
Virustorjunta

Français - French Voici des forums français sur lesquels vous trouverez une aide rapide et efficace :
a-squared Anti-Malware Vous avez des problèmes avec a-squared Anti-Malware ou avec certain Malware? Demandez ici à nos experts!
Assiste.com
Zebulon

Italiano - Italian
a-squared Anti-Malware Hai problemi con a-squared Anti-Malware o con malware speciale? Chiedi pure aiuto.
Alground Research Center

Nederlandstalig - Dutch Op deze Nederlandstalige forums wordt U snel en efficiënt geholpen :
Hijackthis.nl
Nucia / Anti Spyware Offensief
PCHelper

Portuguese
Linha Defensiva

Serbian/Croatian
MyCity


non-ASAP Forums Providing Log Analisis

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (German-language sites to get help from):
HijackThis.de Support Board
Protecus
Rokop Security
TrojanBoard

English
Asksomeone.net
Aumha.org
BleepingComputer
Dell Community Forum - HJT room
DSL Reports
Geeks to Go
MajorGeeks
PC Pitstop Forums
Safer-Networking
SpywareHammer
Spyware Warrior

Français - French
IDN - Infos-Du-Net
Vista-XP.fr
FS - Futura-Sciences
PCA - PC-Astuces
Génération Nouvelles Technologies
Telecharger.Com/01net

Nederlandstalig - Dutch
BlueMedicine
Minatica.be

 

[Jacee]

Also PC Pitstop Forums?
The question mark is part of the address ... not a question

 

[Corrine]

Yup, I missed PCP. Added a link to the Viruses, Spyware, Adware forum.

 

[whs]

Hmm, I am so glad I always have yesterdays image and do not have to jump thru all those hoops.

 

[Corrine]

As you know, whs, most people are not that organized or diligent. At the sites that I administer, I ask that the posted logs include an ARK scan and also t hat ERUNT be installed to ensure there is a valid registry backup.

(Although not active at all of the listed sites, I bet that between Jacee and myself we are most likely a member of most of the listed sites -- at least the English language sites and some of the non-English sites that have private forums for the security community.)

 

[whs]

Corrine, with that being said, I will continue telling people that frequent imaging is their best protection. Apart from a $50 to $70 external disk, it takes so little that everybody should really do it.

 

[Victek]

If you don't know how to do an in depth analyzing and cleaning, then it is best to ask in a forum where security adviser's have been trained. This is voluntary, free help. Or you could pay a couple hundred dollars to a PC shop.

.
Free log analysis from pro security advisers is a terrific resource, however sometimes there isn't enough time to make use of it. In the field I often have 3-4 hours max to get a system up. If I can't clean it in an hour I have to move on to data backup and re-installation of the OS. I was thinking that maybe HiJackThis combined with automated log analysis could be "Plan B" when on demand scanners fail, but it sounds like the automated analysis can't be relied on (?)

 

[Corrine]

Hi, Victek.

Nothing beats a visual inspection and too much can be hidden from HJT -- or just not available for evaluation.

 

[whs]

If I can't clean it in an hour I have to move on to data backup and re-installation of the OS.

How come you are not using imaging? That would be a lot faster. Or are those customers on which you have no influence on what they are doing.

 

[Victek]

If I can't clean it in an hour I have to move on to data backup and re-installation of the OS.

How come you are not using imaging? That would be a lot faster. Or are those customers on which you have no influence on what they are doing.

.
Unfortunately these are not personal customers that I can educate over time and setup on a proper backup/imaging schedule. They are folks that I help through an "on call" tech service I accept work from. I go to them and can't remove their systems. It's a small time window that limits my cleanup options

 

[Corrine]

Since you working via a tech service, Victek, perhaps you would find it advantageous to obtain a Malwarebytes' Anti-Malware Technician's License. It is an annually renewable subscription. With that license, you can install MBAM on disk or USB key or both and then update the rules.ref file from your own copy on your own computer to take to your customer's computer. There is a license restriction that you can use it on only one computer at any given time and that it must be uninstalled before using it on another computer.

Inquires can be made about the Technician's License here: Corporate Licensing : Malwarebytes