Jump to content


Photo

HJK analyzer


  • This topic is locked This topic is locked
23 replies to this topic

#1 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 25 July 2004 - 10:40 AM

Hope this hasn't been posted somewhere around here already.

Has anyone seen this yet? http://hijackthis.de...gselect=english It's supposed to diagnose a HJT log (for free) and tell you if there are any problems. I believe it still may have a few bugs in it, but looks very promising. Anyone try it yet?


MODS if possible could you please correct the topic title of this thread to: HJT analyzer and the topic description to: Could this put SWI out of business. Thanks for any corrections of my mistakes.

Edited by lonewolf, 25 July 2004 - 10:55 AM.


#2 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 25 July 2004 - 10:48 AM

Never seen before... I'll put my own HJT log into it to see if it works...
Nucia Security Forums - Dutch Anti-Malware Support

#3 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 25 July 2004 - 10:53 AM

Safe
Safe
Safe :D

Hmz seems to be working...

But I wonder if it works with logs which are very messy..

Edited by H@ns, 25 July 2004 - 10:59 AM.

Nucia Security Forums - Dutch Anti-Malware Support

#4 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 25 July 2004 - 10:59 AM

I think the concept is wonderful, even if it isn't perfect. In this war everything helps. Thanks for link lonewolf. I wonder How the databases are updated though. As far as putting S.W.I. out of business.. I don't think any program will ever do that, but I see a relationship here to such a tool because although the application identifies problems, it does not offer a the step by step approach given here(although those canned speeches could easily be databased, and linked to such an analysis.
I intend to find out a lot a more about it, and look forward to the reviews of experts, admins, and mods to this "automated" approach to spyware analysis

#5 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 25 July 2004 - 11:01 AM

That's sounds real good H@ns. I wonder if SWI could get one of these? ;)

#6 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 25 July 2004 - 11:04 AM

Put this log into that analyzer :deal:
Nucia Security Forums - Dutch Anti-Malware Support

#7 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 25 July 2004 - 11:07 AM

Yes Nytron i agree with you. We'll just have to wait and see how things go with this very helpful looking site, for now the experts opinions on SWI are still best.

#8 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 25 July 2004 - 11:09 AM

This has been discussed in the helper’s forum. Be VERY careful when using this tool, they are prone to many false positives and inaccurate results. This tool will also not tell you how to properly fix some of the more persistent problems like CWS’ about:blank and Look2Me.

To quote Budfred on this issue:

There are several similar tools around and they tend to have problems with false positives... I would be VERY cautious about suggesting anyone use them unless they are already qualified to not fix the false positives....


Edited by Trilobite, 25 July 2004 - 11:13 AM.


#9 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 25 July 2004 - 11:15 AM

Thanks for the input Trilobite. I have heard there were FPs with the program. Just thought i would post it here for opinions. Sounds like it is best to go with the helpers around here for the time being. But who knows, down the road it may improve.

#10 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 25 July 2004 - 11:18 AM

:scratchhead: It looks like we need to speak German to find out more about this development.

#11 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 25 July 2004 - 11:22 AM

I think this utility has the potential of being a tremendous asset to hjt log analysis. However, it can’t replace instinct and intuition when analyzing a log. I have seen several malware items in logs that do not show up anywhere in the databases. Again, use caution if you are going to use this utility.

#12 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 25 July 2004 - 11:24 AM

:scratchhead: It looks like we need to speak German to find out more about this development.

Where do you see information concerning the development?
All I see is a contact form with an area for database update information.

Edited by Trilobite, 25 July 2004 - 11:25 AM.


#13 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 25 July 2004 - 11:36 AM

Trilobyte...
I agree wholeheartedly. To make such application reach it's potential would mean a lot of time and consultation with experts, such as you have here. My specialty is relational database develolpment (not spyware yet), and what I find so amazing is that I proposed such a development to one of your security and spyware experts early this morning. He has been working towards something like this for a while. We are now planning to work together to develop something that simplifies and de-mystifies the basics.
There are many issues, and variables, but I believe that such an application can be extremely powerful, given the right data. Now that lonewolf has found a working model(shell), I am interested even more.

#14 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 25 July 2004 - 11:43 AM

Trilobyte asked

Where do you see information concerning the development?
All I see is a contact form with an area for database update information.


If you have a question concerning the analysis, you can post it in one of these forums:
Winfuture-Sicherheitsforum www.winfuture-forum.de
Protecus Securityforum board.protecus.de
Trojaner-Board www.trojaner-board.com
Virus-Infected www.virus-infected.de
Aktuelle News zu Windows & Co   
Languages: Deutsch - French - English

Tip: Copy the link at the bottom of the page (save analysis) and paste it in your post



#15 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 25 July 2004 - 11:59 AM

OK, I see some discussion at www.winfuture-forum.de, but the majority of it is database updates.

Have you tried contacting the author in English?

PS. It's Trilobite, not Trilobyte

Edited by Trilobite, 25 July 2004 - 11:59 AM.


#16 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 25 July 2004 - 12:07 PM

Sorry for the spelling Trilobite..

Yes..... I clicked on the link to contact the other, but the whole page is in German, and you have a multitude of fields to input data... :grrr:
I will find a way :scratchhead:

#17 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 25 July 2004 - 12:21 PM

Yes..... I clicked on the link to contact the other, but the whole page is in German, and you have a multitude of fields to input data... :grrr:
I will find a way  :scratchhead:

The first one is for your email address.
The second is for your message.
The remaining fields are for database updates. Cut and paste entries from a htj log and select whether the entry is actually ‘gut’ (good) or ‘böse’ (bad).
When you are ready to send the message, click senden.

Edited by Trilobite, 25 July 2004 - 12:22 PM.


#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 25 July 2004 - 12:47 PM

Helpers have access to Javacool's rather similar tool. Trainees shouldn't be using it - you need to learn to fix logs without it. And plain members shouldn't rely on it and we would prefer that they not post help at all - sign up for Boot Camp..
See The various helper groups here.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 Luki

Luki

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 28 July 2004 - 09:20 AM

Hi guys you can add good (gut) or bad (böse) processes right here:

http://www.hijackthis.de/kontakt.php

if you find some which are not recognized by this Tool

#20 Trilobite

Trilobite

    Malware Hunter

  • Trusted Advisor
  • PipPipPipPipPip
  • 711 posts

Posted 28 July 2004 - 09:27 AM

Hi guys you can add good (gut) or bad (böse) processes right here:

http://www.hijackthis.de/kontakt.php

if you find some which are not recognized by this Tool

@Luki,

Look up, 3 posts.

#21 Lobos

Lobos

    Member

  • Full Member
  • Pip
  • 23 posts

Posted 28 July 2004 - 01:42 PM

they just flagged this as safe

coolweb
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll

trojan winshow
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

I think i will stick to the old way doing it. Something like that needs to be working pretty much better then it does now before it goes on the web IMO


edit and it doesn't show the running procecess
edit again: sorry yes it does but it still needs major work on it

Lobos

Edited by Lobos, 28 July 2004 - 02:05 PM.


#22 SpywareDestroyer

SpywareDestroyer

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 29 July 2004 - 12:50 PM

It's good but still needs more work and constant updates.

#23 Nytron

Nytron

    Advanced Member

  • Full Member
  • PipPipPip
  • 214 posts

Posted 31 July 2004 - 03:41 PM

Update July31/04

I finally did get through to the developer. He explained what he had written this tool with, and the basis for his analysis. He does eventually plan a standalone version, but not in the near future.
I am now researching further, but in light of cnm's advice, I think it may be more appropriate to close this thread. Any suggestions, as to an appropriate forum would be welcomed.

#24 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 31 July 2004 - 04:15 PM

Closed and moved to Software.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button