Jump to content


Photo

Analyze your own HijackThis log


  • This topic is locked This topic is locked
128 replies to this topic

#51 jcalderon

jcalderon

    Member

  • New Member
  • Pip
  • 4 posts

Posted 25 December 2004 - 03:40 AM

I have reading your tutorial and surprise me. Is huge and well described, congratulations.
On the other hand I'm not and expert and I have no success with it and HijackThis and Hicjackthis.de due I deleted malicious items but come again and again.
Do you know some link where someone can revise/check the hijackthis fiel in detail.
Thank you and congratulations again!!

#52 jetzon369

jetzon369

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 December 2004 - 05:45 AM

[FONT=Arial]Extremely Helpful Thankyou
:cool: :closedeyes: :closedeyes:

I have written the following tutorial to show you how to analyse your own hijackThis log-

http://hometown.aol....al/tutorial.htm

Tutorial mirror (mirror located at www.antispyware.nextdesigns.net thanks to mpfeif101 )

(Both of the  links above point to the same tutorial but are located on a different servers. These mirrors have been made available because some people were experiencing difficulty accessing the site. If you have problems with one link then try another.)

It will tell you how and where to look up and research each item in your log, which tools and databases you will need and where to get them. It will show you how to tell which items are good or bad and how to know which items need fixing with HijackThis.

It will also show you what these items represent in graphical form or provide a link to further information on the items so that you will know exactly what you are fixing.

Please note that not all problems can be fixed with HijackThis alone. In some cases you may need further help. In the tuturial I have tried to point out which cases this might relate to. If you find that your problem isn't solved by following the above tutorial or I have suggested in the tutorial that you may need further help then post your log in the forum.

View Post



#53 dobhar

dobhar

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 30 December 2004 - 09:50 PM

Very good tutorial...I will use it in the fight...thanks,

#54 papa5

papa5

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 03 January 2005 - 07:18 PM

Thx for the great tutorial--very informative and helpful!!

#55 asfrith

asfrith

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 13 January 2005 - 03:09 PM

Thank you so much for the tutorial... although I don't know much about computers, I always prefer to do things myself... I was able to spend time and look at what is good and what is bad for my laptop, and remove those pesky bugs. This tutorial should be included in the software itself, so that novice users can do it themselves instead of waiting forever for someone to respond to their post (not that it's a bad thing).

Again GREAT job on the tutorial... thank you very much
:D :D :D

#56 rlawlor

rlawlor

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 January 2005 - 05:34 PM

:( Thanks for your help, but I'm in way over my head, it's a miricle that I've made it this far. I ran hijack this and it created a log that I have on my desktop. I have no idea what to do next? I read your post and I have no idea? Can you help? Thanks, Rick :D

I have written the following tutorial to show you how to analyse your own hijackThis log-

http://hometown.aol....al/tutorial.htm

Tutorial mirror (mirror located at www.antispyware.nextdesigns.net thanks to mpfeif101 )

(Both of the  links above point to the same tutorial but are located on a different servers. These mirrors have been made available because some people were experiencing difficulty accessing the site. If you have problems with one link then try another.)

It will tell you how and where to look up and research each item in your log, which tools and databases you will need and where to get them. It will show you how to tell which items are good or bad and how to know which items need fixing with HijackThis.

It will also show you what these items represent in graphical form or provide a link to further information on the items so that you will know exactly what you are fixing.

Please note that not all problems can be fixed with HijackThis alone. In some cases you may need further help. In the tuturial I have tried to point out which cases this might relate to. If you find that your problem isn't solved by following the above tutorial or I have suggested in the tutorial that you may need further help then post your log in the forum.

View Post



#57 pabdouch

pabdouch

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 07 February 2005 - 01:15 PM

Hello, Acsell

Thanks for the great tutorial. I'm trying to use it, but need a little help getting started. All of the 01, 02, and 03 looked ok, but I'm trying to do a search on the first 04 entry. Here's the entry:

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

When I do the search you recommend at windowsstartup.com, it asks for Filename and Program. What would I enter in those spaces? HKLM? CMAUDIO? I can't see those on their list. I tried pasting the whole entry, it didn't like that either.

Philip

#58 IsBlonde

IsBlonde

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 12 February 2005 - 08:48 AM

OMG ....... That site look Soooo good :)

But I didnt understand a word of it :(

#59 dadams07

dadams07

    Member

  • New Member
  • Pip
  • 3 posts

Posted 20 February 2005 - 11:39 PM

Hello Acsell,

Fantastic tutorial. Easy to follow and produces great results. Very cool of you to take the time to create something as useful as this for all of us who don't understand the in and outs of the registry and operating systems we use on our PCs.

Thanks again,

Don

#60 Mauser

Mauser

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 April 2005 - 10:50 AM

Hiya,

great job on a fantastic tutorial. Bookmarked for sure!!!

Mauser

#61 neervipal

neervipal

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 26 April 2005 - 03:42 AM

hey i hv gone thru ur site and did all the reccomendede thing.

Edit... To remove log... Please do not post your log in someone else's topic... Budfred...

Edited by Budfred, 26 April 2005 - 06:37 AM.


#62 hymek

hymek

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 31 May 2005 - 11:05 AM

Using your tutorial and help with the HJT logs from iguagaby I got my machine clean and up to speed again.

Many many thanks.

#63 Halcykon

Halcykon

    John

  • Full Member
  • Pip
  • 17 posts

Posted 04 June 2005 - 07:41 PM

Hey guys!

I found this pretty cool feature from I am Not a Geek.

http://hjt.iamnotageek.com/

It's basically an automated feature for your log. I don't know how good this is, but I found a few things with this.

#64 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 04 June 2005 - 07:58 PM

Halcykon,

Your link ends up at a MicroSoft site... However, even if it is an HJT analyzer, it is a good idea for people to be VERY careful with those types of programs... There are several available and they all have a problem with false positives which can lead to accidently disabling systems and they generally miss a fair amount of malware... You are probably better off running a set of automatic programs that scan and fix, like Ewido, Spybot, Ad-Aware SE, online virus scans and so on....
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#65 Halcykon

Halcykon

    John

  • Full Member
  • Pip
  • 17 posts

Posted 10 June 2005 - 08:37 PM

Microsoft site? Well I get a "Page Cannot Be Displayed", but that's because the HTML code does http:// twice.

Yeah, I know that it's not the best (there's even a disclaimer that says that, hehe) but it's just for people who want instananeous results and can't read (or are too lazy to) their logs. There ARE descriptions of each highlighted object when you hover over them, though.

#66 pdeluca

pdeluca

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 21 July 2005 - 10:19 AM

Acsell,

Thanks for the thorough and straight-forward tutorial. The embedded links to research various log entries were superb and informative.

pd

#67 M. Jones

M. Jones

    Member

  • Full Member
  • Pip
  • 11 posts

Posted 27 July 2005 - 09:14 AM

:D :D :D
Acsell, Congratulations! I got rid of all malware, trojans from my computer reading your Tutorial... I know nothing about computer and I could do it only because of your Tutorial, you are really Expert in this subject...
I thank you thank you thank you thousand times!
:thumbsup: :D

#68 leighmc77

leighmc77

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 13 August 2005 - 11:52 PM

Thank you so much for the very helpful information! I was able to find and fix my hijacker problems very easily. I have been trying to fix it for quite some time and after finding your site I was able to fix the problem in about 10 minutes. Thanks again! :D

#69 cartmansdad

cartmansdad

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 28 August 2005 - 05:20 AM

[COLOR=blue]A VERY BIGGGGG hi


I have just posted my hijack this log as i have been at my wits end. But having read your homepage, i have had to add to my post that i have now fixed my problem, thanks t your homepage.

It was easy even for a novice like me, very straightforward and a blessing.

Once again a very big THANK YOU

I have now added it to my fav

#70 smugglerman

smugglerman

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 16 September 2005 - 09:53 AM

You guys are amazing. I just wish someone would help me. I posted yesterday in the malware removal section and I need help removing Abetter Internet and Aurora and everyone seems to be looking over moe. Thanks anyway. - Christine :weep:

#71 Janek Szymczak

Janek Szymczak

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 12 October 2005 - 07:14 PM

Anyone who starts learning spyware should read it.

by :lol:

#72 Sodapop

Sodapop

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 12 October 2005 - 08:09 PM

Acsell: THANK YOU !!

Very informative !

#73 Deman777

Deman777

    Member

  • Banned
  • Pip
  • 4 posts

Posted 25 October 2005 - 04:13 AM

Edited to remove SPAM...

Edited by Budfred, 25 October 2005 - 06:27 AM.


#74 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 20 November 2005 - 03:39 PM

sucky28,

I split your post to its own topic here:

http://www.spywarein...66
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#75 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 18 December 2005 - 06:17 PM

discotrain,

I split your HJT log to here:

http://www.spywarein...topic=64480&hl=

Please read the FAQ and do NOT post your log in an existing topic...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#76 exvirilis

exvirilis

    Member

  • Full Member
  • Pip
  • 34 posts

Posted 02 February 2006 - 03:18 PM

it's great, but some of the links don't work - the one for 018 springs to mind (which annoyingly is the one i'm having probs with)

#77 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 02 February 2006 - 11:29 PM

Try this link for o18's

http://www.castlecops.com/O18.html
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#78 Stuey

Stuey

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 05 February 2006 - 04:58 PM

[size=7] Wow........ :!: Thank you so much for posting this forum....You saved my Hard drive :cool: Thanks alot you are a great guy thanks again for helping Woot......

Thanks. Isaac ;D Woooooot!!!!

#79 sonniya

sonniya

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 01 March 2006 - 01:39 PM

Hi Acsell,

Thank you so much for your tutorial.
I was about to reformat the drive but I was able to fix my computer with your help.
Thank you again.

#80 acein1

acein1

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 23 March 2006 - 09:25 AM

hi acsell, i just joined and read your article and found it excelant, an absolute "must read",even if some of it is beyond ne as a "newbe" manty thanks for the time it must have taken to research and put together acein1

#81 Princit

Princit

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 23 March 2006 - 09:16 PM

I am new to this forum i am just looking for someone to help me remove stupid win fixer . i tried downloading windows defender but it doesn't seem to remove it. I am not great with computers and would love for someone to walk me through this.
thanks soo much for any advice

Tara

#82 aczechgurl

aczechgurl

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 5,577 posts

Posted 23 March 2006 - 10:04 PM

Princit,

Please read the following posting guidelines

http://www.spywarein...showtopic=23382

Then create a new thread and post your HijackThis log to that thread and a helper will assist you as soon as possible.
<!--fonto:Century Gothic--><span style="font-family:Century Gothic"><!--/fonto-->
<!--sizeo:2--><span style="font-size:10pt;line-height:100%"><!--/sizeo--><!--coloro:purple--><span style="color:purple"><!--/coloro--><b>Aczechgurl</b><!--colorc--></span><!--/colorc--><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

<!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><!--fonto:Arial--><span style="font-family:Arial"><!--/fonto-->

Please consider <a href="http://flyinghamster...om/support-us/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Supporting SWI</b><!--colorc--></span><!--/colorc--></a>'s fight against Malware.

Member of <a href="http://asap.maddoktor2.com/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>ASAP</b><!--colorc--></span><!--/colorc--></a> (Alliance of Security Analysis Professionals)

Fight back <a href="http://www.malwareco...mplaints.info/" target="_blank"><!--coloro:blue--><span style="color:blue"><!--/coloro--><b>Malware Complaints</b><!--colorc--></span><!--/colorc--></a><!--sizec--></span><!--/sizec--><!--fontc--></span><!--/fontc-->

#83 dshoman

dshoman

    Member

  • New Member
  • Pip
  • 1 posts

Posted 01 April 2006 - 09:14 PM

Thanks so much for the help!
I learned tons and (fingers crossed), the problem appears to be removed.
Dan

#84 mutley

mutley

    Member

  • New Member
  • Pip
  • 1 posts

Posted 20 May 2006 - 07:47 AM

Many Thanks :D

Having tried various tools to try and fix my problems, you have empowered me to resolve the issues!

I just wish I'd come here first...

#85 live4music1

live4music1

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 30 June 2006 - 11:15 AM

Just wanted to say thank you. I posted for help yesterday and no one replied,
I saw your post this morning and was able to track down the issues myself, and
didnt even crash my computer. Thanks again!

Mike

#86 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 30 June 2006 - 05:51 PM

Just wanted to say thank you. I posted for help yesterday and no one replied,
I saw your post this morning and was able to track down the issues myself, and
didnt even crash my computer. Thanks again!

Mike

I am glad you found a solution...

If you look around this forum, you will see that hundreds of people post each day and we have a small number of trained helpers trying to keep up with that... It is typical that most people don't get a response for at least 3 days and that is only if our volunteers are putting in long hours to keep up... We hope that people will use the resources available to help themselves when possible because of this... If you are pretty sure you have fixed the problems, please post back to your log that you have the problem fixed so one of our helpers doesn't waste time analyzing a problem that is already fixed...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#87 tmzaied.22

tmzaied.22

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 24 July 2006 - 07:32 PM

Thanks for the help.
I think it kicked my prob, but it sure sped up my computer
thanks d00d

#88 ratman

ratman

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 27 August 2006 - 11:52 AM

Wow! Great read. Man, I see why it can take hours to manually kill all the trash. With most of my clients when they get really infected I back up their stuff, then format the machine.

#89 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 27 August 2006 - 01:31 PM

Wow! Great read. Man, I see why it can take hours to manually kill all the trash. With most of my clients when they get really infected I back up their stuff, then format the machine.

Unfortunately, you can't be sure the backups are clean and some things usually get lost along the way... This is why we try to fix what is there rather than just wiping it out...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#90 ratman

ratman

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 27 August 2006 - 03:19 PM


Wow! Great read. Man, I see why it can take hours to manually kill all the trash. With most of my clients when they get really infected I back up their stuff, then format the machine.

Unfortunately, you can't be sure the backups are clean and some things usually get lost along the way... This is why we try to fix what is there rather than just wiping it out...


True, that's why I only back up data files. In 2 years i've only had things get lost once. I come from the school of thought that you can never be 100% a machine is completely clean unless you wipe it out. Mant people don't even have good backups these days

#91 DanielSmith

DanielSmith

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 11 November 2006 - 08:08 PM

thank you ,the hijackthis is the most excting software i have used. it is small ,fast and most of all, it is so powerful

#92 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 01 December 2006 - 05:30 PM

Tats...

Your post was moved to its own topic here...

http://www.spywarein...showtopic=90275

Please read that FAQ and post a complete log if you still want help...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#93 Tats

Tats

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 December 2006 - 04:45 AM

Tats...

Your post was moved to its own topic here...

http://www.spywarein...showtopic=90275

Please read that FAQ and post a complete log if you still want help...



yes i would like some help,

i've been true the FAQ... but my enlisch kinda sucks big, and i tought i've posted it in the correct topic...

what must i do then in order to do it correct? :scratchhead:

#94 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 02 December 2006 - 07:47 AM


Tats...

Your post was moved to its own topic here...

http://www.spywarein...showtopic=90275

Please read that FAQ and post a complete log if you still want help...



yes i would like some help,

i've been true the FAQ... but my enlisch kinda sucks big, and i tought i've posted it in the correct topic...

what must i do then in order to do it correct? :scratchhead:

I already moved your post to its own topic, all you need to do it make sure you have a complete HJT log, including the header info, and then wait for someone to help you... Keep in mind that the more info you give the helper, the more likely you will get the help you need.... Post any further comments in your topic...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#95 Tats

Tats

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 December 2006 - 05:31 AM

thx,
ive pasted the complete log in my own topic now :)

#96 skyshine

skyshine

    Member

  • Full Member
  • Pip
  • 1 posts

Posted 08 January 2007 - 02:06 AM

Thank you thank you. I learned a lot .
:p :p

#97 alex95

alex95

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 20 February 2007 - 04:23 PM

Thanks, your tutorial was interesting and I'm sure will be useful.

I printed out a pdf version of your tutorial and thought I would attach it to this post to make it available, but I see that attachment capability is not enabled. :thumbsdown:

Is there a way to send it to you so you can make it available to others who might want it? :wtf:

Thanks and regards . . . :wave:

#98 dwilli1877

dwilli1877

    Member

  • New Member
  • Pip
  • 1 posts

Posted 13 March 2007 - 05:03 PM

Thank you for this wonderfull resource.
Learned alot, and with a few searches found my issue and was able remedy it.

Thanks again.

#99 dave in brd

dave in brd

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 24 May 2007 - 04:34 PM

All I can say is.... Excellent job. Learned more in the last hour than I have in the last 6 months. Thanks.

#100 dave 444

dave 444

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 June 2007 - 03:57 AM

Thanks :p that website is very informative, I learn somethings but if someone can post something similar about how to use combofix and in detail what it does will be good.

Thanks
roti444




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button