How To Use HiJackThis to find Malware infection Part One
March 16, 2012 — bluecollarpc
How To Use HiJackThis to find Malware infection Part One
HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17
RUNNING A HJT LOG ANALYSIS PART ONE
There is always this need to review this magic utility – how to use it responsibly and SAFELY.
( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )
If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.
HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.
IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH
If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.
This may delete the executable file and possibly a “run” registry key, etc.
It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.
That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.
Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.
PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File
HijackThis – Trend Micro USA (Genuine Freeware) [wrkx w/ Netbooks]
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer.
http://free.antivirus.com/hijackthis/
http://en.wikipedia.org/wiki/Hijackthis
http://sourceforge.net/projects/hjt/
HiJackThis UPDATED:
Trend Micro Releases HijackThis Source Code to sourceforge.net
MarketWatch (press release)
http://www.marketwatch.com/story/trend-micro-releases-hijackthis-source-code-to-sourceforgenet-2012-02-17
RUNNING A HJT LOG ANALYSIS PART ONE
There is always this need to review this magic utility – how to use it responsibly and SAFELY.
( FYI…. (for your information) The niks [nick names] are “HJT” and “HJT Log Help” and “HJT Log Analysis” – HiJackThis Log help – you may see around at forums etc. )
If you have never performed a HiJackThis Analysis, they are a simple quick look at start up items which may reveal malware installed that is starting up with the computer system and other softwares installed, and set to run every start up. An HJT Log may show a resident threat in some areas. It can reveal malware toolbars installed and possibly other threats misusing an Active X item. HJT generates a sort of system read out snapshot in a text log file that can be examined in depth.
HiJack This was NEVER designed to be a malware remover. It is NOT to be used as one or as a substitute for one. It is always mentioned to the average user to NEVER make changes to the computer with HiJackThis, but rather go to an Advanced User or Professional help online or elsewhere as a friend in the know and savvy at malware removal help. Mistaken use may cause damage to the system and/or other softwares rendering them inoperable.
IF YOU WERE TO CHOOSE “FIX THIS” ….. UH-OHH
If you clicked “Fix This” on any valid process or software – it may delete or corrupt that part of the Windows OS (operating system) or other softwares – now rendering them inoperable. NEVER click “Fix This” unless you are an Advanced User or Professional or have been directed to do so by one.
This may delete the executable file and possibly a “run” registry key, etc.
It can not delete/uninstall malware payload files and registry key entries – the FULL threat – and these left overs can be re-used by malware and potentially hide from antimalware products now. They may also, being orphaned (executable deleted, payload remnant = orphans), being orphaned may be used by a rootkit to hide from detection as an inert file not deemed as a threat during antimalware scans. At best, quality antimalware products may detect these possibly – possibly – as variants and quantine / remove these during a scan. Proabaly not.
In cases of in the wild threats or other severe threats rifling and hijacking control of the PC, their executable showing up in the scan/log HJT Log —- to regain control of the computer for the User it may possibly be used to delete the start up entry – the executable generally – “malware.exe” fantasy example. If it is a known malware threat (s) – their payload installation files can be found in full from online malware databases. Having regained control of the computer by deleting the executable from start up, the rest of the payload can now be manually removed. In cases of in’the-wild threats’ – the executable deleted can give control back of the PC, and a follow up to delete the entire installation manually will have to be performed when the payload is known and posted publicly. It should be cautioned to the user in this state to either not use the PC or just very sparingly as instability may occur or further infection activity.
That/this is all because generally the user has no Emergency Repair CD to reinstall Windows and needs the hail mary scenario to save their Computer from the trash – purchased by their hard earned sawbucks and as not being able to replace in the near future – stuck without a PC. It may be used in cases just to regain control of the PC to be able to access private files one wishes to back up – make a copy of – before reinstalling the system to Factory Fresh – wiping the entire disk first, another hail mary to save important files or documents, pictures, movies, etc. If the User is aware of that, proceed with that understanding.
Bottom line….. If you irresponsibly use, or give instructions to irresponsibly use, HJT – ignoring example hazards and damge warnings above – you may find it all come back on you by some smear blitz over the internet about “so and so destroyed my computer that creep ! ” to say the least. If you are a professional or company, you may be sued for damages for gross negligence and deceptive practices and destruction of computer equipment. That would have to be defined by Lawyers and the Court.
PART TWO WILL SHOW THE ACTUAL ANALYSIS. >>>
Click > Do System Scan and Create Log File
No comments:
Post a Comment
Moderated !