Hi malware fighters,
Sometimes people are asked to provide hijackthis logs.
Later they can be analyzed online. You have some rule of thumb then, but in depth analysis, how about that?
But do you know what this is all about?
Good to read this tutorial:
http://aumha.org/a/hjttutor.htm
polonus
Yes, that’s a good HijackThis tutorial. I haven’t compared them exactly, but I’m assuming it comes from the one provided by Merijn at his own website.
Another one can be found here.
The online Malware Removal University is a free traning school for people interested in learning, well, malware removal. 
HijackThis is the primary tool used and you will see most of the top experts in that field there. So it is a great place to learn how to interpret HJT logs. You just register with a username and password like other forums and it opens right up to you.
The Aumha Tutorial, at the end, says to contact “Merijn”,
so those 2 are essentially the same EXCEPT the Aumha
one has “Need more details” & a referral to the Bleeping
computer one, in many “categories”. I also have printed
out : http://castlecops.com/HijackThis.html .
Malware Removal University and “Boot Camp” at
spywareinfo.com ( or net ) appear to be the top 2
“training schools”.
Hi Spiritsongs. I printed out the tutorial too and keep it in a looseleaf notebook. It makes a good, handy reference book. I agree about the training schools; both seem very good and welcome each others’ members.
doc_esb
Thanks for those links, Polonus, Spiritsongs, & Doc … all bookmarked now.
I have suggested The Bleeping Computer’s one for an introduction to Hijackthis - http://www.bleepingcomputer.com/forums/tutorial42.html this contains virtually all of what is on Merijn’s site tutorial plus graphics.
I still use Eddy’s HiLoA program as a starter and then continue from there.
For use on your own personal computer I find doing a HJT scan after setup , and watching for any un-explainable changes to scan results invaluable. I have records for the last six months , makes for interesting reading. You can catalogue changes after Installations of programs (or any OS tweaks etc. ) and build yourself a personal reference database.
Of course, if you want to analyse random computers in an online forum this " compare changes to logs" method wont work, unless easily recognisable to situations in your own system.
Thanks for theTutorial links . I have to say I’ve asked for analysis at “Expert Forums” and been dismayed that some useless performance robbing items have been overlooked.
HJT is great for getting rid of useless items , as well as Malware, Hi-jacking objects to…
Hi Abraxas,
If you like to do that, use it for analysis, you are even better of with the silent runners script. Go here and of course check the MD5 hash before downloading it: http://www.silentrunners.org/sr_thescript.html
The FAQ is here: http://www.silentrunners.org/sr_faq.html
But then when you use a program like SSM from here:
http://syssafety.com/ There you have complete control, and it absolutely prevents rootkits from installing.
greets,
polonus
Thanks polonus, will enjoy learning about silent runners script.
Rootkit infections are the hardest to clean out, I’ve been looking into Sysinternals RootKitRevealer, and reading about compromised systems at their forum. In some cases Formatting is the only option 
I also continue to use Eddy’s HiLoA, Bob. It’s a very nice tool to have.
But I always have a need for more info. 
Same here. It’s a starting point. If that doesn’t clear or clean the problem then it’s on to other pastures.
Howdy Bob,
Why didn’t you tell Eddy’s HiLoa is unique in its kind. Of course I use it too. Some good information can be found here as well:
http://metallica.geekstogo.com/ It is a nice introduction on malware fighting, e.g anti spyware tutorial.
Then if we see the sorry state of security on the average PC, why do we do this, Bob? Isn’t it all in vain? There are still vast continents of folks without even AV and AT on their comps.
Some even get cross when you tell them what do do.
But then again I think of all the people we helped here, and all the smiles we brought back to their faces when their comps were clean or no longer compromised, and that keeps me on track.
your co-malware fighter,
polonus
Thanks, Polonus … I just “borrowed” the above link for use in the ‘Virus & Worms’ section for someone with adware.
Just downloaded Eddy’s HiLoA , it has been updated since I last used it. Certainly is " a very nice tool to have. "
Yes Abraxas,
You use that tool from Eddy’s, but always in combination with the instruction that was provided in this thread, and of course comparing it to an online analysis.What I did was I placed all these programs and links into one folder on a mem disk.
polonus