Jump to content


Hijackthis - suggested improvements


  • Please log in to reply
5 replies to this topic

#1 Guest_WyoCowboy_*

Guest_WyoCowboy_*
  • Guests

Posted 08 July 2004 - 04:41 PM

I'm a 20 yr computer professional now doing computer repair, and have been removing scumware and viruses from at least 2-3 computers/week for the past year or so. Some of this stuff is loading files that are not detected/removed by Spybot, SpySweeper et al, and do not show up on any google searches, or in hijackthis logs posted in your forums, so I've been blazing some trails.

One small gripe is that I get a lot of google hits on the hijackthis logs posted in your forums. I then have to wade through the thread to see if it was really a piece of scumware or something innoculous. I don't know of a way that you could limit what shows up in google to just the scumware files, but if you could, it would eliminate some of the clutter. I usually don't use your forums as a source of info for this reason.

Anyways, I've been using hijack this lately and it is a real time-saver compared to manually wading through the registry, but I would like to suggest a couple possible improvements. Don't know how do-able they would be, but...

1. some viruses are starting to run as services on Win32 (xp/win2k), and I figure that it is only a matter of time before the scumware vendors exploit this angle. You might consider listing the non-MS services in hijack this. Even if there is no easy way to disable them using hijackthis, they could at least be listed and separately disabled in the services MMC if they looked suspicious.

2. some scumware I've been seeing is running from dll files that are apparently being loaded in sections of the registry not addressed by hijack this. Even though the startup is cleaned up, something keeps adding entries back in on reboot. So far, I've been able to hunt all of these down, but it is getting to be a real PITA. It would be nice if hijackthis were at least configurable to also display these, rather than to have to wade through the registry.

Thanks!

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 08 July 2004 - 06:14 PM

I think that you will find at least some of your points have been addresed in the latest version 1.98.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 WyoCowboy

WyoCowboy

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 09 July 2004 - 04:31 PM

I'm not sure what happened to my previous response, but here goes again...

I ran 1.98 just now on an infected machine. A suggestion - since it is best to run hijackthis while in safe mode, the video settings are such that the scan results window is not wide enough to fully display the longer entries. It is true that you can highlight the entry and click the More Info button, but this is a little tedious when you already know what you are looking for.

#4 iFixShlt

iFixShlt

    Member

  • New Member
  • Pip
  • 1 posts

Posted 10 July 2004 - 09:38 PM

for registry issues .. try using The Cleaner

#5 Mike

Mike

    Dark Lord of SWI

  • Emeritus
  • PipPipPipPipPip
  • 514 posts

Posted 11 July 2004 - 04:32 PM

Actually, I could separate unresolved topics from resolved topics and deny access to Googlebot for unresolved topics. That doesn't do anything for hundreds of other sites that would be listed however.
SpywareInfo: How are you gentlemen?? All your base are belong to us!!
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!

#6 WyoCowboy

WyoCowboy

    Member

  • Full Member
  • Pip
  • 62 posts

Posted 20 July 2004 - 04:39 PM

Thanks for the offer. If you think it would be benefical to the majority of googlers, you have my vote.

Most of the time I am trying to determine if a particular dll or such is innoculous or suspicious. There are other anti-spyware sites that do list known spyware files, but for some reason, they end up several pages later, after the hits on hijackthis logs in your forums, so the choice for me is to try to decode the thread(s), or jump beyond those hits. Since I'm doing this on the customer's dime, I have to use the quickest way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button