• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
lonewolf

HJK analyzer

24 posts in this topic

Hope this hasn't been posted somewhere around here already.

 

Has anyone seen this yet? http://hijackthis.de/index.php?langselect=english It's supposed to diagnose a HJT log (for free) and tell you if there are any problems. I believe it still may have a few bugs in it, but looks very promising. Anyone try it yet?

 

 

MODS if possible could you please correct the topic title of this thread to: HJT analyzer and the topic description to: Could this put SWI out of business. Thanks for any corrections of my mistakes.

Edited by lonewolf

Share this post


Link to post
Share on other sites

Never seen before... I'll put my own HJT log into it to see if it works...

Share this post


Link to post
Share on other sites

Safe

Safe

Safe :D

 

Hmz seems to be working...

 

But I wonder if it works with logs which are very messy..

Edited by H@ns

Share this post


Link to post
Share on other sites

I think the concept is wonderful, even if it isn't perfect. In this war everything helps. Thanks for link lonewolf. I wonder How the databases are updated though. As far as putting S.W.I. out of business.. I don't think any program will ever do that, but I see a relationship here to such a tool because although the application identifies problems, it does not offer a the step by step approach given here(although those canned speeches could easily be databased, and linked to such an analysis.

I intend to find out a lot a more about it, and look forward to the reviews of experts, admins, and mods to this "automated" approach to spyware analysis

Share this post


Link to post
Share on other sites

Yes Nytron i agree with you. We'll just have to wait and see how things go with this very helpful looking site, for now the experts opinions on SWI are still best.

Share this post


Link to post
Share on other sites

This has been discussed in the helper’s forum. Be VERY careful when using this tool, they are prone to many false positives and inaccurate results. This tool will also not tell you how to properly fix some of the more persistent problems like CWS’ about:blank and Look2Me.

 

To quote Budfred on this issue:

There are several similar tools around and they tend to have problems with false positives... I would be VERY cautious about suggesting anyone use them unless they are already qualified to not fix the false positives....
Edited by Trilobite

Share this post


Link to post
Share on other sites

Thanks for the input Trilobite. I have heard there were FPs with the program. Just thought i would post it here for opinions. Sounds like it is best to go with the helpers around here for the time being. But who knows, down the road it may improve.

Share this post


Link to post
Share on other sites
:scratchhead: It looks like we need to speak German to find out more about this development.

Share this post


Link to post
Share on other sites

I think this utility has the potential of being a tremendous asset to hjt log analysis. However, it can’t replace instinct and intuition when analyzing a log. I have seen several malware items in logs that do not show up anywhere in the databases. Again, use caution if you are going to use this utility.

Share this post


Link to post
Share on other sites
:scratchhead: It looks like we need to speak German to find out more about this development.

Where do you see information concerning the development?

All I see is a contact form with an area for database update information.

Edited by Trilobite

Share this post


Link to post
Share on other sites

Trilobyte...

I agree wholeheartedly. To make such application reach it's potential would mean a lot of time and consultation with experts, such as you have here. My specialty is relational database develolpment (not spyware yet), and what I find so amazing is that I proposed such a development to one of your security and spyware experts early this morning. He has been working towards something like this for a while. We are now planning to work together to develop something that simplifies and de-mystifies the basics.

There are many issues, and variables, but I believe that such an application can be extremely powerful, given the right data. Now that lonewolf has found a working model(shell), I am interested even more.

Share this post


Link to post
Share on other sites

Trilobyte asked

Where do you see information concerning the development?

All I see is a contact form with an area for database update information.

 

If you have a question concerning the analysis, you can post it in one of these forums:

Winfuture-Sicherheitsforum www.winfuture-forum.de

Protecus Securityforum board.protecus.de

Trojaner-Board www.trojaner-board.com

Virus-Infected www.virus-infected.de

Aktuelle News zu Windows & Co   

Languages: Deutsch - French - English

 

Tip: Copy the link at the bottom of the page (save analysis) and paste it in your post

Share this post


Link to post
Share on other sites

OK, I see some discussion at www.winfuture-forum.de, but the majority of it is database updates.

 

Have you tried contacting the author in English?

 

PS. It's Trilobite, not Trilobyte

Edited by Trilobite

Share this post


Link to post
Share on other sites

Sorry for the spelling Trilobite..

 

Yes..... I clicked on the link to contact the other, but the whole page is in German, and you have a multitude of fields to input data... :grrr:

I will find a way :scratchhead:

Share this post


Link to post
Share on other sites
Yes..... I clicked on the link to contact the other, but the whole page is in German, and you have a multitude of fields to input data... :grrr:

I will find a way  :scratchhead:

The first one is for your email address.

The second is for your message.

The remaining fields are for database updates. Cut and paste entries from a htj log and select whether the entry is actually ‘gut’ (good) or ‘böse’ (bad).

When you are ready to send the message, click senden.

Edited by Trilobite

Share this post


Link to post
Share on other sites

Helpers have access to Javacool's rather similar tool. Trainees shouldn't be using it - you need to learn to fix logs without it. And plain members shouldn't rely on it and we would prefer that they not post help at all - sign up for Boot Camp..

See The various helper groups here.

Share this post


Link to post
Share on other sites

they just flagged this as safe

 

coolweb

O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll

 

trojan winshow

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

 

I think i will stick to the old way doing it. Something like that needs to be working pretty much better then it does now before it goes on the web IMO

 

 

edit and it doesn't show the running procecess

edit again: sorry yes it does but it still needs major work on it

 

Lobos

Edited by Lobos

Share this post


Link to post
Share on other sites

Update July31/04

 

I finally did get through to the developer. He explained what he had written this tool with, and the basis for his analysis. He does eventually plan a standalone version, but not in the near future.

I am now researching further, but in light of cnm's advice, I think it may be more appropriate to close this thread. Any suggestions, as to an appropriate forum would be welcomed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0