0

A lot of people always ask for people to decipher their hijackthis logs and since this is a community based upon learning from one another I would like to write a little tutorial for hjt covering the basics. Now I dont claim to be some HJT master but just some best practices before resorting to asking for others help. Also including some links that could help you out.

Ok first off if you dont have hijackthis or dont know what it is, simply put it is the essential malware removal tool. It is where most people turn when ad-aware and spybot fail at solving your malware problems. So if you dont have it download it from:http://www.merijn.org/downloads.html

First off some basic best practices that people will really appreciate you doing before posting a HJT log on the forums, it will just save you frustration. Make sure Internet Explorer or whatever browser you are using is turned off when scanning(if not sure hit ctrl+alt+delete and end it through the processes tab). Be sure that you ran an ad-aware and spybot S&D scan along with other malware removal tools such as Microsoft Anti-spyware. This ensures you saving some time so it wont be necessary to post a log and wait for an answer.

Now some basic things you can look for because I often see users post a log and later on post another one. What you should do is learn from what people are telling you to fix for example if there is an entry that is like:

O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)

It is probably safe to say you can remove this because it is saying you have an extra toolbar with no name and the file is missing.

O4 - HKLM\..\Run: [<°ÜZJÝYMÝlY«Q°aÆ+À¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\nwcfp.exe

An entry like this should immediately throw up a red flag for one ISTsvc is well known malware and secondly most entrys with crazy letter, number, and symbol combinations are malware. But be careful if something seems subject and is listed in the C:\WINDOWS\SYSTEM32 directory I would take caution as it might be a necessary system file and I would look it up to see its function.

If anyone has anything they would like to add please add a comment if you would like to give another example or just something that I missed like I said before I am no HJT expert. Below are links to other tutorials and malware tools.

Hijackthis and other products: http://www.merijn.org/downloads.html
Ad-aware by lavasoft: http://www.lavasoftusa.com/
Spybot S&D: http://www.safer-networking.org/en/download/index.html
Microsoft Anti-Spyware (windows defender i guess?): http://www.microsoft.com/athome/security/spyware/software/default.mspx
HJT indepth tutorial: http://www.bleepingcomputer.com/tutorials/tutorial42.html

2
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by mikeandike22
0

thank you for your input. Keyloggers are becoming more and more popular and they are very easy to use and install so people dont have to be tech savvy to find your information anymore especially if they have physical access to the machine.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.