Jump to content


Photo

Analyze your own HijackThis log


  • This topic is locked This topic is locked
128 replies to this topic

#1 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 26 June 2004 - 12:13 PM

I have written the following tutorial to show you how to analyse your own hijackThis log-

hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm"]hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm[/url]

Tutorial Mirror (mirror located at spywarewarrior.com)

//hometown.aol.co.uk/JRMC137/hjttutorial/tutorial.pdf"]PDF Version[/url]

(All of the links above point to the same tutorial but are located on a different servers. These mirrors have been made available because some people were experiencing difficulty accessing the site. If you have problems with one link then try another.)

It will tell you how and where to look up and research each item in your log, which tools and databases you will need and where to get them. It will show you how to tell which items are good or bad and how to know which items need fixing with HijackThis.

It will also show you what these items represent in graphical form or provide a link to further information on the items so that you will know exactly what you are fixing.

Please note that not all problems can be fixed with HijackThis alone. In some cases you may need further help. In the tuturial I have tried to point out which cases this might relate to. If you find that your problem isn't solved by following the above tutorial or I have suggested in the tutorial that you may need further help then post your log in the forum.

Edit to disable links that may be hacked... Please use caution for links in the tutorial...

Specifically, do not use hxxp://www.allsecpros.com, that site is compromised, if you wish to research file-names etc. please use http://www.systemlookup.com/ -jedi

Edited by jedi, 31 December 2008 - 07:37 AM.

ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#2 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 15 July 2004 - 05:34 PM

Hello Acsell :wave: I must commend you for a very very informative site you should get a Medal for it. It has answered a lot of question's for me it is now in my Favorites

Thank You :D

#3 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 16 July 2004 - 10:12 AM

Thanks roadrage, I'm glad you've found it useful :)
ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#4 SWCS

SWCS

    Advanced Member

  • Full Member
  • PipPipPip
  • 131 posts

Posted 18 July 2004 - 09:10 PM

I wanted to get to your tutorial but my son's filter blocked it out for "porn and recreational nudity". :unsure:

#5 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 18 July 2004 - 09:24 PM

That's odd, is there any way to temporarily disable the filter? If not, try this-

If you register at spyware warriors here-

http://spywarewarrior.com

Then you will be able to access a mirror of the tutorial here-

http://spywarewarrio...opic.php?t=3624
ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#6 DawsonV5

DawsonV5

    The Lurvely

  • Retired Staff - Helper
  • PipPipPip
  • 230 posts

Posted 18 July 2004 - 11:06 PM

Thankyou for the great site. I definetly will use it

#7 maxnik

maxnik

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 26 July 2004 - 07:23 PM

Great site,
looking through it just helped me to get started fighting spyware. Excellent job.

Anyone who starts learning spyware should read it.

Thanks

Maksym

#8 ron wilson

ron wilson

    Member

  • New Member
  • Pip
  • 1 posts

Posted 27 July 2004 - 09:54 AM

TY, the tutorial was amazing. Very comprehensive , exact and to the point.
It is in my favorites too.

#9 Piatan

Piatan

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,982 posts

Posted 27 July 2004 - 12:24 PM

Excellent Tutorial !
Should be required reading for every Helper Trainee.
I have a link to it, on my quick launch tool bar.
Congratulations , you assume no previous experience by the user.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

#10 Jumper

Jumper

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 28 July 2004 - 12:44 PM

I have to agree with Piatan, I have seen tutorials that were pretty helpful, but yours is very easy to understand and straight forward. You give great examples too.

#11 soxrok

soxrok

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 29 July 2004 - 08:55 AM

best tutorial ive read in a long time, really good job

#12 haknbush

haknbush

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 30 July 2004 - 11:59 AM

thank you, thank you, thank you a thousand times over

im a former IT professional so when all of my friends and family get these issues im the first one they turn too, this tutorial has enabled me to help them much quicker and more fully remove all the malware from their systems, Hijackthis is such a powerful tool but i had only just begun to fully understand how to best use it, this tutorial alows me to jump ahead and skip the rest of the learnign curve :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup: :thumbsup:

#13 Dragonslore

Dragonslore

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 230 posts

Posted 30 July 2004 - 08:11 PM

Nice write up as I'm sure it'll help many users in the fight against these parasites.

I've been successfully fighting spyware for a long time now and I find we need as many trained people as possible to help combat this menace.

Although personally, when I work on a system, I prefer to work directly on the system instead of trying to talk someone through it remotely as I find it to be easier for me than to try to explain what to do. :)


- Excuse the Writing, I've Got a Dyslexic Keyboard

#14 Luna

Luna

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 July 2004 - 11:08 PM

I registered JUST so i could say THANK YOU THANK YOU THANK YOU for this tutorial, it was a BIG help and i haven't had any stealthy :ph34r: popups since (not to jinx it :oops: )...

You are THE bomb diggety and a half. :thumbsup:

Also a hats off in general to all the people who rack their brain and spend their energy helping us malware-ridden users.

:love:

#15 guysiner

guysiner

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 31 July 2004 - 08:04 AM

Thank you thank you. I learned a lot - and fixed my own problems.

A bit scared of trying a new browser after weeks of hijacker-induced misery - but I will as a small 'thank you'.

Regards,

Guy Siner

#16 funkdocrx

funkdocrx

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 31 July 2004 - 08:02 PM

thats a great tutorial but i have one huge problem i use to i saved the log and when i click on it to post it in a thread my computer will not open it i think my brother messed up and deleted excuse him for he knows not what he does but know i need to know where i can download the notepad application i was wondering if any of you can help me

thanks in advance
mike

#17 jsky

jsky

    Old TTV Junky

  • Full Member
  • Pip
  • 8 posts

Posted 01 August 2004 - 10:06 PM

Thanks For the site info. Started classes at Tom Coyotes awhile back, and this really helps.

#18 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 07 August 2004 - 03:05 PM

@xoxo_babygurl_xoxo
@tiffanyross

If you have a question or coment relating to the HJT tutorial, then post it here. If you need your log analyzed then please start new threads (topics) of your own in Malware removal.

#19 wojo629

wojo629

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 18 August 2004 - 12:50 PM

very nice, very helpful...thanks!!

#20 Titanium22

Titanium22

    Member

  • New Member
  • Pip
  • 4 posts

Posted 18 August 2004 - 04:55 PM

Thank You...very very much

I was hit with - Home Search Assistent , Search Extender , and Shopping Wizard

In my final steps of wrapping this up, I saw your information and it was a huge help.


Thanks!

Titanium22
(Dallas, TX)

[I have read all the instructions/FAQs about using this site, and where to actually post issues. }

#21 laly_1988

laly_1988

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 26 August 2004 - 10:42 AM

I have written the following tutorial to show you how to analyse your own hijackThis log-

http://hometown.aol....al/tutorial.htm

It will tell you how and where to look up and research each item in your log, which tools and databases you will need and where to get them. It will show you how to tell which items are good or bad and how to know which items need fixing with HijackThis.

It will also show you what these items represent in graphical form or provide a link to further information on the items so that you will know exactly what you are fixing.

Please note that not all problems can be fixed with HijackThis alone. In some cases you may need further help. In the tuturial I have tried to point out which cases this might relate to. If you find that your problem isn't solved by following the above tutorial or I have suggested in the tutorial that you may need further help then post your log in the forum.

How do you set it up step by step i had a problem installing it.... :scratchhead:

#22 ACSampaio

ACSampaio

    Member

  • New Member
  • Pip
  • 1 posts

Posted 29 August 2004 - 06:17 PM

Acsell

I'm writting from Brazil. You are great!!!!!!!
Thank you so much.

#23 Melissa30

Melissa30

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 03 September 2004 - 11:14 PM

Just wanted to let you know that your site was very helpful to me. I, of course saved it to my favorites and will study it. You wouldn't happen to know by any chance how to permantly uninstall the "Home search Assistent" and its friends from a pc after they are unwelcomingly installed? Just checking to see if there is a sure fire way. ( case you already had experience with it). I posted a log on Sept 2nd and 3rd for help and got no responses. Thank you

#24 ShuttleAU

ShuttleAU

    Member

  • New Member
  • Pip
  • 1 posts

Posted 11 September 2004 - 06:53 AM

Hi Acsell

I have just used your tutorial on reading HIjackThis to fix my wfie's PC

Many thanks , it was a great help and fixing IE6 was farily easy with the
tutorial.

Bob C

#25 TexasSasquatch

TexasSasquatch

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 September 2004 - 10:36 AM

Allow me to add my thanks as well.

#26 xekral

xekral

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 September 2004 - 01:12 AM

I must say, this is an excellent tutorial! I'm a NetAdmin at the University of North Carolina at Wilmington, and this has helped me to diagnose and fix dozens of problems related to spyware/adware/browsers. I can't thank you enough for how comprehensive it is, how straight-forward and non-supposing. Kudos to you! :cool:

#27 jarvic2000

jarvic2000

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 September 2004 - 08:18 PM

Succinct & to the point. exactly what I was looking for. Thank you very much.

#28 gpham99

gpham99

    Member

  • New Member
  • Pip
  • 2 posts

Posted 26 September 2004 - 08:04 PM

I am sorry, but I can't get to he page, it said they can't find it or it doesn't exist. Where can I find this log?

Thanks!

#29 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 27 September 2004 - 07:38 AM

I am sorry, but I can't get to he page, it said they can't find it or it doesn't exist. Where can I find this log?

Thanks!

View Post


sorry, I've fixed it now. I updated it last night and renamed the page incorrectly.

Thank you all for your comments :D ,

Acsell
ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#30 icerefjm1

icerefjm1

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 October 2004 - 03:02 PM

Here's a site I found while trying to get rid of a nasty one. Think it's related to the z1.adserver hijacker. Donno for sure, cause ZoneAlarm is blocking the run dll as an app from running it, but all scans, Ad-Aware SE, Spybot S & D & PestPatrol are all coming up clean!

Anyhow, here's the link:

HijackThis log file analysis

Had a few false alarms, but had to "google" many, many fewer hits! :D

#31 jandm

jandm

    Member

  • New Member
  • Pip
  • 3 posts

Posted 06 October 2004 - 03:26 PM

Thank you for the great site! I definatly will use it! It has lots of killer information that anyone can use right away!

#32 Guest_Joey1_*

Guest_Joey1_*
  • Guests

Posted 07 October 2004 - 08:47 PM

@ jandm: http://www.spywarewa...nti-spyware.htm

Please change your signature ;)
Thanks for pointing this out. I have removed that signature which pointed to a site pushing software that is definitely not recommended by us. cnm

Edited by cnm, 07 October 2004 - 10:25 PM.


#33 jimmylost

jimmylost

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 11 October 2004 - 12:35 AM

Thanks for the great page. I think I am going to try and join the good fight. I am not completely illiterate, it's just been a really long time. I think that this will help more people solve their problems on their own. Thanks again for the great tutorial.

JimmyLost :blink:

#34 aykuts

aykuts

    Member

  • New Member
  • Pip
  • 3 posts

Posted 14 October 2004 - 05:43 AM

i read but i dont find a way to remove my f****** trojans:(((((

pls read my log..

http://www.spywarein...showtopic=30656

#35 Ranger2225

Ranger2225

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 15 October 2004 - 09:17 AM

Acsell, thank you for creating the tutorial, which was comprehensive and easy to use, and I'm sure took a significant amount of time to produce. I had posted a problem here, but after working through your tutorial and reviewing solutions posted here to similar problems, I think I was able to rid my computer of the malware (I then immediately downloaded Firefox and will use that as my browser going forward, as suggested by Mike Healan). I didn't realize these kinds of forums existed until I started researching the problem I had, and commend you and the other "helpers" for your efforts. In some sense, these forums are a kind of nexus where the best of the internet, people selflessly helping others, meets the worst of the internet, malware creators violating others. Thank you again.

#36 LDYGTR22

LDYGTR22

    Member

  • New Member
  • Pip
  • 1 posts

Posted 17 October 2004 - 12:16 PM

How do I analyze my log? I apologize but I'm kind of a fish out of water here.....

#37 lookitstony

lookitstony

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 October 2004 - 03:07 AM

hey thanks man.. it took 4.5 hrs but that stupid hijacker is finally gone!! thanks a million!

#38 mrockett

mrockett

    Member

  • Full Member
  • Pip
  • 70 posts

Posted 21 October 2004 - 11:51 AM

I followed these instructions and it looks like everything is fixed. Thanks alot!

#39 peaceman

peaceman

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 23 October 2004 - 05:21 AM

That page linked me to a blank page?

#40 sirkickabutt

sirkickabutt

    Fight the authority!

  • Full Member
  • Pip
  • 42 posts

Posted 23 October 2004 - 06:23 AM

That page linked me to a blank page?

View Post


Yeah, me too, whats up, have you closed it down??
<span style='font-size:10pt;line-height:100%'>SirK, If olive oil comes from squeezing olives where does baby oil come from?!</span>

Posted Image

#41 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 24 October 2004 - 07:19 AM

That page linked me to a blank page?

View Post


Yeah, me too, whats up, have you closed it down??

View Post


It must just be a problem that AOL are having. I have upoaded a mirror copy here as well-

http://members.aol.c...mc137/Tutorial/

Let me know if that link is any better.

Thanks, Acsell

Edited by Acsell, 24 October 2004 - 01:21 PM.

ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#42 Foxcub

Foxcub

    Reader

  • Helper Trainee
  • PipPipPip
  • 101 posts

Posted 24 October 2004 - 10:12 AM

ACSELL,
May I add my thanks to your growing list of tributes.

It is concise,logically presented & totally understandable to the

complete beginner. I consider it to be a masterpiece & will use it

as a reference, to others, in future.


I salute your communication skills,they are superb & after reading

your Profile, I understand why. :D :D


Foxcub.

#43 t2miller

t2miller

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 25 October 2004 - 02:15 PM

Acsell,

None of the pictures can be viewed :(

If you want to send it to me, I could conver the whole thing into adobe format and then you (or someone) could host the file... that way it would open the same for everyone, and be easily printable.

Just a thought,

T2

#44 Xoom

Xoom

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 November 2004 - 09:58 AM

I hope you don't mind, if you do let me know, I put a mirror of your site up.

http://www.secnut.com/tutorial.htm

#45 Acsell

Acsell

    Advanced Member

  • Developer
  • PipPipPip
  • 160 posts

Posted 11 November 2004 - 05:06 PM

ACSELL,
May I add my thanks to your growing list of tributes.

It is concise,logically presented & totally understandable to the

complete beginner. I consider it to be a masterpiece & will use it

as a reference, to others, in future.


I salute your communication skills,they are superb & after reading

your Profile, I understand why. biggrin.gif biggrin.gif


Foxcub.


Thanks Foxcub :). I'm glad you and others are finding it useful.

None of the pictures can be viewed sad.gif


Thanks for letting me know, it seemed to work OK here for some reason :s. I have now fixed the images.


I hope you don't mind, if you do let me know, I put a mirror of your site up.

http://www.secnut.com/tutorial.htm


Yes, that's fine. Thanks for asking :)

mpfeif101 has kindly mirrored the tutorial as well.

http://www.antispywa...jt/tutorial.htm
ASAP - Alliance of Security Analysis Professionals - Proud Member Since 2004
HJTHotkey - HijackThis Tutorial (Unofficial) - GetFiles
Autohotkey - Automation. Hotkeys and Scripting - Mozilla Firefox

#46 jetgat

jetgat

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 25 November 2004 - 07:29 AM

Thanks Acsell

have briefly read the tutorial and have added to my favourites so I can study in depth later. Hopefully I will be able to use it to sort some of my problems out in the future before having to pester somebody here!!
Probably will never trust myself completely though and no doubt will still ask for my log to be checked by an expert!

Many thanks to you and all of your co-experts

jetgat

#47 brutaldreamer

brutaldreamer

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 27 November 2004 - 12:18 PM

Hey Lurvy,

I was wondering where I could get a good "secure" spy zapper. Thanks for the listings. I'll give'em a whirl. :blush2: I was leary in trying the ones that "popped up" on my screen. Yep, I have a few of those little buggies running around my computer. I've deleted most of them from my registry and windows manually -but there are two that I can't zap and keep them zapped. I need a large bottle of raid! LOL

And thanks for the "house call" scanner url. I misplaced that url ages ago and meant to put that back in my faves. ;)
"... a dream that became a reality and spread throughout the stars" -- Captain Kirk

#48 betaman183

betaman183

    Member

  • New Member
  • Pip
  • 2 posts

Posted 29 November 2004 - 12:51 AM

very nice, i neaver took time to look at the log file and see that is actually tells me everything... my only questions, which wasn't in the tutorial is an F2 it is for explorer.exe which i know i gotta keep but what do the F2's do are they like the r1 and r2's? thank you so much...

#49 artinusa

artinusa

    Member

  • New Member
  • Pip
  • 1 posts

Posted 10 December 2004 - 06:51 PM

wow..what a nice surprise..I just joined and am amazded at how little I know..thanks

#50 twowaymom

twowaymom

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 December 2004 - 03:35 PM

THANK YOU!!! I had been fighting a particularly stubborn spyware program that Ad-Aware and SpyBot could not get rid of. After using your guide to my log from Hijack This, I got rid of the crap and was able to finally use my computer! THANK YOU!!! :!:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button