On-line hjt analysis

Hi,
Could anyone tell me if the on-line program for analyzing hjt logs at this location is the one made by Eddy? http://hijackthis.de/ If so, is it still up to date, and is it safe to follow it’s recommendations? Thank you.

This has nothing to do with Eddy.
this was made by “Copyright © 2004 - 2005 by Mathias Mattner”
Eddy hasn’t worked on his HJT Analyzer for month so I’m sure it’s by now quite outdated. (Sorry to say)

thanks Bob. Any opinion on whether it’s safe to use?

Hi jwa,
As far as I know, that’s the one that’s been recommended right along.
I personally have never used it.

Just remember to omit any references to avast in the 023 catagories since those are a
glitch in HJT itself.

Just keep in mind that the analyzer isn’t endorsed by the developer of HJT itself. However, I agree that it’s a very handy tool and a lot faster than (if not necessarily as accurate as) waiting for an expert analysis on one of the forums that handles those.

And it’s probably long overdue for an update-revision. There are a number of commonly-used utilities that it flags as questionable simply because it never “heard” of them. Oh, well, that’s what its ignore list is for.

Like anything it is just a tool, don’t follow blindly but check out what it recommends or queries using google, etc.

Sometimes it flags evil nasties simply as unknown, and sometimes it suggests fixing legitimate entries. It does remove the necessity of checking every single entry, but is still vital to look up all the entries it flags as unknown, and even some of the ones it flags as nasty.

More information about HijackThis! logs and where to research entries here:

http://www.bleepingcomputer.com/forums/tutorial42.html
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.spywareinfo.com/~merijn/htlogtutorial.html

Hi FreewheelinFrank,

Maybe you give the link to a good English HJT manual, so the people understand what they have to check and to fix later. And maybe it is an idea for a sticky here. So newbies can go to this sticky topic and orientate before they follow an advice from you, Fixer, other members or little old me. Also there’s a place on the net where they can check an executable or dll to see whether it is part of OS, legit software or malware.

greets,

polonus

Thanks everyone for the responses and links. It’s a shame about Eddy’s program. I never had a chance to use it, but I heard others say some good things about it in the past.

hello jwa,

The links:

HijackThis ? How it works

For one it is a fairly simple procedure.
A HijackThis scan produces a log that is categorized into a dozen main
areas of possible problems, and then adds a list of processes currently
running on the computer, when the log is saved.
In simple wordings, HijackThis reads the registry and interprets
this data to put it into a form that we can read and interpret easily.

Programs like HijackThis use a special section of Windows programming to
gather all the information needed.
These special, defined functions replace the use of Regedit.
This allows HJT to read the registry and display the data in a readable
format and also they allow for the manipulation of that data).

Since the program is reading directly and then manipulating the just read data,
removing malware is usually safer than doing this manually.
The same techniques are used by renowned anti-spyware solutions
like Spybot S&D and AdAware, except they have their own databases of items
to remove, HJT does not have this, it relies totally on manual identification.

What really means to ‘fix’ something with hijackthis?

‘Fix’ with HT in this sense means ‘revert to preset’ for URLs,
and ‘remove/delete’ before everything else.

?Fixing? something replaces the hijacker’s entry in the registry with a
default or harmless entry. It changes the value of a registry key, or
deletes the key.
HjT does all the registry editing for you, for all those areas that it
covers, but not for every sector that every virus and exploit code
can get to.

It gives us a safe, reliable, and rapid method of disabling startups
we don’t want on our machine; and allows us to restore any changes
we make, without have to go scrutinizingly through the registry manually.
HjT lists all the startup items straight from the registry [04 list] as well
as the processes running in the background [running processes] and a
whole load of other things that can get hijacked or corrupted, that
is not viewable in msconfig or Task Manager.

It produces a text report that can easily be copied and pasted for
anyone to look at and online, and with a fair bit of practice,
anyone can work out where the problems are, (but it takes an expert
to get it right all the time, and sometimes they have to check
items on internet to see whether it is legit or in the right path).
It has pretty much changed the way we look at the internal workings
for our cleaning purposes.

Please remember, HijackThis is a simple but very powerful tool,
and always keep in mind, the program makes no difference between
what it does: good or bad.

It just does what the user instructs it to do, no matter what the
consequences might be.

“Fix checked” is simply about removing or fixing the items you checked, so you’re
the one having to judge what needs to stay or what needs to be removed.
Use the help of the online log analyzer at: http://hijackthis.de/index.php
for a quick and dirty.

The more you do understand of these log files, the better you get at
logwork, and the more confident you get overall.
HjT is purely the best tool available right now to analyze
the registry for all known types of malware.

A startuplist produces a log that includes a lot more than a
normal scan and from this we know that HjT scans a few files:
Hosts file, Control.ini, Win.ini and System.ini and other startup points.

"HijackThis is a powerful diagnosing/editing utility and this is just
why it should be used in the first line of defense on finding up malware
rather than as a last defense. Many hours of painstaking effort
could be wasted guessing at a solution when one solid glance at the
HJT log can identify the problem as such at one glance.

No special secrets to learn to interpret a log. It is just a matter of
identifying each program item listed and making sure that all is
as it should be on an uncompromised system. use the internet with
a search engine as reference.

HJT also removes worms and trojans effectively Can every AV
solution remove every worm or trojan it finds?
Most can’t because it’s a running process.
Why not simply use HJT to easily remove the registry entries,
after that reboot and then simply delete the files?

For HijackThis tutorials see these links:

http://hjt.wizardsofwebsites.com/
http://computercops.biz/HijackThis.html
http://www.netstar.me.uk/hjt/hjt.html

polonus

polonus,
jwa was referring to Eddy’s program HJT File Analyzer. Not to the HJT program itself.
I still have his latest version of the program called hiloa v.02b on my Shared Files Server in case any one is interested in trying it. It may be a little outdated but it’s still useful.

Hi Bob3160,

Is Eddy’s program coming back? I saw his site was not there anymore.

greets,

polonus

polonus
Right now, I have no idea.
Hoping to hear from him soon.