User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
Please support our Tech Talk advertiser:
This, That, and Everything else
Featured Entry Tech Talk Tech Talk
Jul 2nd, 2006, 3:46 am
A lot of people always ask for people to decipher their hijackthis logs and since this is a community based upon learning from one another I would like to write a little tutorial for hjt covering the basics. Now I dont claim to be some HJT master but just some best practices before resorting to asking for others help. Also including some links that could help you out.

Ok first off if you dont have hijackthis or dont know what it is, simply put it is the essential malware removal tool. It is where most people turn when ad-aware and spybot fail at solving your malware problems. So if you dont have it download it from:http://www.merijn.org/downloads.html

First off some basic best practices that people will really appreciate you doing before posting a HJT log on the forums, it will just save you frustration. Make sure Internet Explorer or whatever browser you are using is turned off when scanning(if not sure hit ctrl+alt+delete and end it through the processes tab). Be sure that you ran an ad-aware and spybot S&D scan along with other malware removal tools such as Microsoft Anti-spyware. This ensures you saving some time so it wont be necessary to post a log and wait for an answer.

Now some basic things you can look for because I often see users post a log and later on post another one. What you should do is learn from what people are telling you to fix for example if there is an entry that is like:
Help with Code Tags 
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)

It is probably safe to say you can remove this because it is saying you have an extra toolbar with no name and the file is missing.

Help with Code Tags 
O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\nwcfp.exe
An entry like this should immediately throw up a red flag for one ISTsvc is well known malware and secondly most entrys with crazy letter, number, and symbol combinations are malware. But be careful if something seems subject and is listed in the C:\WINDOWS\SYSTEM32 directory I would take caution as it might be a necessary system file and I would look it up to see its function.

If anyone has anything they would like to add please add a comment if you would like to give another example or just something that I missed like I said before I am no HJT expert. Below are links to other tutorials and malware tools.

Hijackthis and other products: http://www.merijn.org/downloads.html
Ad-aware by lavasoft: http://www.lavasoftusa.com/
Spybot S&D: http://www.safer-networking.org/en/download/index.html
Microsoft Anti-Spyware (windows defender i guess?): http://www.microsoft.com/athome/secu...e/default.mspx
HJT indepth tutorial: http://www.bleepingcomputer.com/tuto...utorial42.html
This blog entry was written by mikeandike22. It has received 1,400 views, 2 comments, and 1 linkback. 3 voters have rated this entry an average of 4.67 out of 5 stars. It was promoted to featured status Jul 2nd, 2006.
AddThis Social Bookmark Button
advertising apple botnet business china crime data desktop development email environment facebook firefox gaming google hacking hardware ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news open source privacy red hat research search security social networking software spam survey technology trojan ubuntu video virtualization virus vista web windows yahoo youtube
All Recent Tags

Comments (Newest First)
mikeandike22 | Nearly a Posting Virtuoso | Jul 8th, 2006
thank you for your input. Keyloggers are becoming more and more popular and they are very easy to use and install so people dont have to be tech savvy to find your information anymore especially if they have physical access to the machine.
simonscatt | Newbie Poster | Jul 3rd, 2006
Many programms include spyware modules. Use anti-spyware for protect your privacy.
As for me, I like professional anti-spy software like Anti-keylogger by Raytown Corporation LLC.
You can download it here: <a href="http://download.softsecurity.com/1/15/antikey.zip" title="Download Anti-keylogger">http://download.softsecurity.com/1/15/antikey.zip</a> (~4MB)
Post Comment

Only community members can start a blog or comment on blog entries. You must register or log in to contribute.

Register
DaniWeb Tech Talk Marketplace

Related Blog Entries
Related Forum Threads
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 12:24 am.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC