Hijackthis - suggested improvements
Posted 08 July 2004 - 03:41 PM
One small gripe is that I get a lot of google hits on the hijackthis logs posted in your forums. I then have to wade through the thread to see if it was really a piece of scumware or something innoculous. I don't know of a way that you could limit what shows up in google to just the scumware files, but if you could, it would eliminate some of the clutter. I usually don't use your forums as a source of info for this reason.
Anyways, I've been using hijack this lately and it is a real time-saver compared to manually wading through the registry, but I would like to suggest a couple possible improvements. Don't know how do-able they would be, but...
1. some viruses are starting to run as services on Win32 (xp/win2k), and I figure that it is only a matter of time before the scumware vendors exploit this angle. You might consider listing the non-MS services in hijack this. Even if there is no easy way to disable them using hijackthis, they could at least be listed and separately disabled in the services MMC if they looked suspicious.
2. some scumware I've been seeing is running from dll files that are apparently being loaded in sections of the registry not addressed by hijack this. Even though the startup is cleaned up, something keeps adding entries back in on reboot. So far, I've been able to hunt all of these down, but it is getting to be a real PITA. It would be nice if hijackthis were at least configurable to also display these, rather than to have to wade through the registry.
Posted 09 July 2004 - 03:31 PM
I ran 1.98 just now on an infected machine. A suggestion - since it is best to run hijackthis while in safe mode, the video settings are such that the scan results window is not wide enough to fully display the longer entries. It is true that you can highlight the entry and click the More Info button, but this is a little tedious when you already know what you are looking for.
Posted 11 July 2004 - 03:32 PM
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!
Posted 20 July 2004 - 03:39 PM
Most of the time I am trying to determine if a particular dll or such is innoculous or suspicious. There are other anti-spyware sites that do list known spyware files, but for some reason, they end up several pages later, after the hits on hijackthis logs in your forums, so the choice for me is to try to decode the thread(s), or jump beyond those hits. Since I'm doing this on the customer's dime, I have to use the quickest way.