Jump to content


Photo

Analyze your own HijackThis log


  • This topic is locked This topic is locked
128 replies to this topic

#101 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 04:57 AM

dave 444

Read the topics in Bootcamp, specifically 'ComboFix' for more info.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#102 Termi

Termi

    Member

  • New Member
  • Pip
  • 1 posts

Posted 27 June 2007 - 03:04 AM

Excellent tutorial....
easy to compare with the log file....
Get to know some processes now.....

#103 CyberAstrid

CyberAstrid

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 27 October 2007 - 09:15 AM

I have written the following tutorial to show you how to analyse your own hijackThis log-

http://hometown.aol....al/tutorial.htm

Tutorial Mirror (mirror located at spywarewarrior.com)

PDF Version

(All of the links above point to the same tutorial but are located on a different servers. These mirrors have been made available because some people were experiencing difficulty accessing the site. If you have problems with one link then try another.)

It will tell you how and where to look up and research each item in your log, which tools and databases you will need and where to get them. It will show you how to tell which items are good or bad and how to know which items need fixing with HijackThis.

It will also show you what these items represent in graphical form or provide a link to further information on the items so that you will know exactly what you are fixing.

Please note that not all problems can be fixed with HijackThis alone. In some cases you may need further help. In the tuturial I have tried to point out which cases this might relate to. If you find that your problem isn't solved by following the above tutorial or I have suggested in the tutorial that you may need further help then post your log in the forum.



#104 CyberAstrid

CyberAstrid

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 27 October 2007 - 09:34 AM

Hello Acsell

I found your HijackThis Tutorial - How to Analyse a HijackThis log very useful to analyse my problem. However, now i am not sure how to remove the problems. The initial problem is that my IE6 on my other pc cannot display any web pages at all :evilgrin: . I use Panda software and have also run spybot search & destroy, also Ad-aware to no avail. I am currently researching the problem on the net using my laptop. But the other strange problem is that my email and msn work fine, however the email on the laptop does not. Hopefully you can assist or someone..... :unsure:

anyway here is a picture of hijackthis log results:


suggestions please...thank you!

Edit: Log deleted...

Edited by Budfred, 22 January 2008 - 07:50 AM.


#105 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 27 October 2007 - 10:15 AM

CyberAstrid,

This isn't the place to post logs for help, please start a topic in the main Malware Removal sub-forum, and please use the latest HiJackThis when you do so, your version is long out of date:
http://www.trendsecu...ools/hijackthis
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#106 Xellena

Xellena

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 19 November 2007 - 09:37 PM

Awsome Tutorial! Very imformative and easy to follow!

#107 Mike Nickerson

Mike Nickerson

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 November 2007 - 05:04 AM

Just wanted to say thanks for what has to be the easiest to understand HJT tutorial out there. It was awesome in helping me determine stuff I really didnt need and help locate references to make sure whats good and whats garbage!

It definitly assisted in cleaning out at least 95% of the garbage that I had running (willingly or not). I appreciate the efforts you put out making sure links, etc are accurate & reliable. And that its the most current info in that regard. :thumbsup:

Thanx,
--Mike

Y'all Have a nice day now - Mike



No matter how old you are, there's always something good to look forward to.
Have a Great day!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
No importa cómo es viejo usted es, hay siempre algo bueno mirar adelante.
¡Tenga un gran día!



God Bless My Angel
Now & Forever in Heaven
Angelica Marie Gonzalez-Nickerson
Sep 1980 ~ Oct 2004
Te amo mi Angel!

#108 virus22

virus22

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 27 November 2007 - 01:00 PM

Hats Off for you,Sir!!!! :thumbsup: :thumbsup: :thumbsup:
What an amazing article....
You made my day. :thumbup:

#109 Rob2142

Rob2142

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 22 January 2008 - 02:12 AM

TY for this site.i used the BHO look up thing and i found out i have something in my comp to do with a Virtuemonde/undo virus

#110 Ltangelic

Ltangelic

    Member

  • Full Member
  • Pip
  • 32 posts

Posted 10 February 2008 - 04:22 AM

That was an awesome guide, thanks for your efforts. :)

LT

GeekstoGo Malware Staff
Lavasoft Volunteer Security Advisor

Posted Image

Posted Image


#111 Jazlikethat112

Jazlikethat112

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 03 March 2008 - 05:25 PM

Thanks for making this tutorial. I'm going to go through it tonight and see how much time I can save the volunteers here by attempting to fix my own computer :). What a novel idea!

#112 drummac88

drummac88

    Member

  • New Member
  • Pip
  • 1 posts

Posted 26 March 2008 - 03:07 AM

just wanted to thank you for the good info; i'm a bit of a newb, so this was a nice start for understanding how to get rid of some malware/un-needed junk. Thanks! :thumbsup:

#113 gw53

gw53

    Member

  • New Member
  • Pip
  • 1 posts

Posted 31 March 2008 - 11:26 AM

Hi Acsell,

Thanks for the informative post, it is fun reading, and then nuking the little bastages by yourself, more satisfaction in their demise than somebody saying here point the gun here, now pull the trigger. A bug safari if you will. In my best Elmer Fudd voice I say we`re hunting spyware, malware, infostealing bastages, be vewy vewy quiet.

Thanks..........

gw53

I`ll probably still post a log, but wanna try this first.

#114 peepduke

peepduke

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 02 April 2008 - 06:42 PM

:thumbsup: :thumbsup: I just wanted to thank you. Your tutorial helped me fix the annoying ad-ware problem I had with my computer. It linked me to all the right places and was fairly easy to use considering my computer illiteracy. Again....thankyou so much!

#115 luke20054

luke20054

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 July 2008 - 02:33 AM

:thumbup: Nice job :thumbup:
Well presented, detailed and needed by many, including helpers, it will hopefully reduce their work load substantially if people both to look around of course :bangbang:

#116 livenlife

livenlife

    Member

  • Helper Trainee (A)
  • Pip
  • 18 posts

Posted 03 August 2008 - 10:19 AM

:bangbang: I love killin bugs... LOOOOVVVVEEEEE IIITTTT LOL
this is so much fun and with all the tutorials and help here it makes it a much less daunting task
Thank you Acsell :)
:thumbup:

#117 max23

max23

    Member

  • New Member
  • Pip
  • 1 posts

Posted 29 August 2008 - 05:44 AM

Great site , thanks :thumbup:
____________________________

Edit to remove links...

Edited by Budfred, 29 August 2008 - 06:53 AM.


#118 foolofthehill

foolofthehill

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 10 September 2008 - 02:58 PM

Thanks for the nice tutorial.....

Though, not really the best place to host some of the files.....(see image links)....... :whistle:

Posted Image

Posted Image

Greetz
FOTH
Posted Image

#119 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 10 September 2008 - 06:38 PM

This is a 4 year old topic and it is possible that those sites have been hacked or it is possible that scanning identified it as infected based on some of the examples noted in the tutorial... Either way, I will disable the links and see if we can track down the problem...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#120 foolofthehill

foolofthehill

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 10 September 2008 - 11:49 PM

This is a 4 year old topic and it is possible that those sites have been hacked or it is possible that scanning identified it as infected based on some of the examples noted in the tutorial... Either way, I will disable the links and see if we can track down the problem...


Well, I just thought I'd mention it since I haven't seen anyone else mention it in their replies.

The efforts of yours (you and all the members) are much appreciated !

Greetz
FOTH
Posted Image

#121 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 11 September 2008 - 05:53 AM

Well, I just thought I'd mention it since I haven't seen anyone else mention it in their replies.

The efforts of yours (you and all the members) are much appreciated !

Greetz
FOTH
Posted Image

Your comment is appreciated since it gives us a chance to check into it... It is possible that it just recently happened, so no one else reported it because there was nothing evident... Whatever the situation is though, we can address it now that we know about it... :thumbup:
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#122 Beta-Carrot&033;

Beta-Carrot&033;

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 08 November 2008 - 09:05 PM

A small update, AOL Hometown appears to have been shut down.

"Important information regarding the shutdown of AOL Hometown, Journals (blogs) and KW FTP.

We regret to inform you that AOL Hometown, AOL Journals (blogs) and KW FTP has been shut down.

Sincerely,
The AOL Team



AOL (UK) Limited. Registered in England and Wales under number 03462696 with its registered office at 68 Hammersmith Road, London W14 8YW. VAT Registration Number: 766 45 16 05."

The mirror at spywarewarrior is working.

#123 oceanediam

oceanediam

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 30 December 2008 - 07:56 AM

Hi! Just find this tutorial, and it is fantastic for a housewife-computer-user like me!! :p
Anyway, i am trying really hard and you are a great help.
but I am stuck not far from the beginning!!!:


http://www.allsecpros.com/bholist.txt (right click> save target as)

Open the text file and go to edit>find then copy the CLSID (e.g. {00000762-3965-4A1A-98CE-3D4BF457D4C8}) or file name e.g. ddm3dia.dll into the search box that appears. Click "Find next". If the BHO name is found then you will notice a letter at the start of the line. This letter will be one of the following-



When I open that link and go to edit and find, all I get is the line at the buttom left of the page. and it doesn´t find anything.
If I go to edit and find in my hijackthis notepad, I have got your little window with the find stuff, but it doesn´t find anything and doesn´t give me the letters X,L,O... either!
:techsupport:

So I am stuck there!! and don´t know what to do anymore!
Thanks for your help, and I will " see" you soon!! :wave:


Just find something : if I go to the other link you gave: http://www.allsecpros.com/toolbarlist.
it takes me to the same place that the link which ends with "bholist"

Edited by oceanediam, 30 December 2008 - 08:01 AM.


#124 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 December 2008 - 09:00 AM

The lists have moved to here:
http://www.systemlookup.com/
Thank you for bringing it to our attention.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#125 oceanediam

oceanediam

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 01 January 2009 - 02:26 AM

Thanks Jedi! ;)

#126 Juliosgirl

Juliosgirl

    Member

  • Helper Trainee (A)
  • Pip
  • 3 posts

Posted 19 January 2009 - 05:10 PM

I have no words to thank you, I have just started to learn and you are making it a lot easier.

#127 Beta-Carrot&033;

Beta-Carrot&033;

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 August 2009 - 08:04 PM

I really love this tutorial, but it's starting to show its age.

Dead sites linked to in the tutorial
-------------
hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm -- The link to the tutorial (the mirror is still up).
allsecpros (compromised, according to the first post) -- The only BHO list, the CWS domain list, the IE toolbar list.
computercops.biz -- The only CLSID list and the startup list.
www.fbeej.dk -- The "Extra protocols and protocol hijackers" ("O18s") list.
www.spywareinfo.com -- Information about The O20, O21, and O22 entries.
www.antispyware.nextdesigns.net -- For research on NT Services.

Most of the dead sites have replacements listed either in this thread or in the tutorial itself. Will anyone ever update the tutorial?

#128 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 17 August 2009 - 09:57 PM

No, that isn't likely... Ascell is not really around anymore, so someone else would need to do it and then it would be an entirely different tutorial... It may be worthwhile to unpin it since it is so outdated however...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#129 Beta-Carrot&033;

Beta-Carrot&033;

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 29 September 2009 - 10:24 PM

That's a shame, anyway, all of the dead sites I listed seem to be well replaced by http://sysinfo.org/ and http://www.systemlookup.com/. The only exception to that mostly good news is that I see no replacement for the CWS domain list, but if your possibly dealing with cool web shredder, you can just ask on the forums I guess.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button