A little help configuring and explaining HiJackThis ...

Can anyone help me configure and explain to me the stuff that HiJackThis does ? I’m a basic home user, and since a lotta people use the program here for some lof filing, I downloaded it. But, it’s kinda hard for me to understand …

So can anyone help me understand what it does and help me configure it ?

if you don’t know anything about the registry & hard drive of your computer…i would not mess around with it-ok ::slight_smile:
http://www.tomcoyote.org/hjt/#Top

link is a quick explain of hijackthis

Using this utility incorrectly could leave you without an operating system. :cry:
As drhayden1 just said it’s not a toy and definitly not something for a novice.

I concur with Bob. I have been training how to use it now for a few months and it is hard going. However, if you really wish to know and you have them time. I could do no more than recommend you sign up for training at GeeksToGo or Tom Coyotes forum. At least then you will be able to use it with confidence…

As has been mentioned exercise due care, HJT only gives information (not solutions) it is how you interpret this information that is difficult and can cause issues. There are on-line analysis sites but again they give information to help you decide and further investigate if you should fix something or not (this is just a start point to try and identify what needs further investigation). Namely looking at those program/file names that it flags as Unknown, possibly harmful, harmful, etc. Google the names and see what is returned.

For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Howdy folks,

I would like to go on on a more positive note. Always when doing these things get the advice of someone who knows his or her way around evaluating the hjt log, and working the program as it was intended by Merijn Bellekom. When confronted with a problem, and before asking help from the people here that can handle hjt, always save the initial hjt log, before doing anything else.
Else the hjt handler cannot draw the right conclusion and the malware removal can go critically wrong.
But on the other hand learning about what a hjt log stands for, learning about what programs and processes should be or should not be present on a computer, cannot do any user any harm, as long as in working on the initial results you may suspect you don’t go it alone, but do it with professional help.
Even the more advanced users, and I reckon myself to be one after my number of resolves here, if they are intelligent always do it in comparison, and with the help of expert friends, may it be only for a “second opinion”. And always remember Google is your best friend here.
Like to go on an initial learning course, check this program X-RayPC, from here: http://www.x-raypc.com/
Using this free program will learn you about the workings of hjt.
And there are many fine hjt tutorials on the Internet, study those.

polonus.

Okay, so the main things I need to do is:

Major one I see coming:
-Not to play around with the utility so much, because of horrible conseqences

And for basic using:
-Read the guides and try to understand them
-And posts HiJackThis logs if anything ever went wrong to allow other to analyze it
-And try to understand the logs myself

Is this basically it ? I will do it when I have time. I got my logs created from yesterday anyway, so I’ll refer back to them in time.

In a nutshell yes. The more you play with it the easier it becomes, sometimes just looking at logs on other forums and seeing how they are worked and the problems they find is very useful. And as Pol says researching via google will help with yur understanding. Another good site is http://www.castlecops.com/HijackThis.html on the left side of this page you will see a list of HJT elements (02, 23, 16 etc) where you can search for data on a particular line. For example
O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\dug\LOCALS~1\Temp\litutac.dat

This line is an 02 (CLSID/BHO) if you copy this element D487068E-9B04-4FE5-8A83-08344F800BF5, select CLSID on the left and paste it into the search part . You will see that this is part of the Virtuemondo malware. If you then click on the description hyperlink it will take you to a site with a description and possibly a removal tool or instructions. In this case Symantec.

Obviously there is a lot more to it than this, but it should give you a feel for the process.

But what essexboy says is valid of course, then don’t forget there is a whole lot more in connection with hjt, there are special removal tools and tools to evaluate certain malware infections (general and special), there is process explorer, there is dotomyco, StartDreck, toolbarcop, brute force uninstallers, dependency walker, etc. Every malware fighter has a range of these specific tools and tweakers to put the malware at bay.

So what we always say, and is much more important. See to it that you do not get infected in the first place. Use multi layered protection and in browser security, sane surfing habits, you can read enough about that here on this forum!

You know that when you do RIAA-risky-P2P-ing you are prone to end up with a “nicely” infested system to teach you in a subtle way not to do such illegal* things (“*as they see it”). Then don’t do these things, or do it in such a clever way that you are no victim, or not caught out
.
Security is much more of an attitude than that it is a science,

Stay malware free,

polonus (malware fighter)