Hi,
I'm not sure where this question belongs to, so forgive me if I'm in the wrong place.

I seem to have a problem with google searching. When I google-search something it only gives me links to hijackthis logs. I even do the advance search, etc but still finding a lot unanswered search.

I was trying to search for items while fixing my own HJT log and also friends' logs.
So is there a trick to get a good result while using google? or is there a better search engines out there?
Thanks.

~Emily

Hi Rose,

So you're analyzing your own and your friend's logs, eh?

Well, as a member of the Boot Camp at SWI, I learned that doing a Google search is a bit of a last resort, mostly because of all the unnecessary links it can give (like HJT logs at different forums.

If you don't already know about this tutorial, here is a link to a very good one to help with analyzing logs:

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

It also gives links to HJTHot key, a good little program to aid in log analysis. Plus loads of information on what the entries are in the logs, where to go to research them and how to use SpywareBlaster to research as well.

It's been recently updated and added to.

Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc?

You can learn a lot and be more effective as well.

Good luck!

Deb

Just one thing, though.

If you are on dialup, the page will take a while to load, as there are screenshots on the page. So, give it some time, it's well worth the wait.

Deb

Physician heal thyself....!

Don't bother to use the expertise of the HJT members here to start you off....

Don't peruse the HJT fourm here....

Don't bother yourself to overview some of the threads in the HJT forums...

BTW to "BC"

But, you might share some of your expertise with the rest of us ...!
So that we might learn....

regards,
~Koan

Hold on a second here.....

Is there a rule somewhere that one should ONLY get help at this site?

Not knocking the team here. NO! I never suggested she shouldn't. My statement:

Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc?

Note that I said "or any HJT training program".

I know that I'm new here, and meant no disrespect to this site nor to the HJT team.

Nor did I think that giving that link was priveledged information?

I'm a member at several sites and one thing I've seen common at all of them is the ratio of people needing help to those who are trained to help.

As you know, Helpers are sadly outnumbered and as the help they give is VOLUNTARY, there are victims badly needing help who don't get it as soon as they would like. Not putting any of the Helpers down, it's just a very sad fact due to the proliferation of the malware on the Net.

Excuse me for trying to encourage someone to expand her knowledge and expertise.

She's free to join any training program she likes. Makes no difference to me where as long as she's on our side. Right?

Deb

MadamX,

You've my reply in a PM.

No disrespect intended to either party here. You mistook my sarcasm....
Doctor..... etc...

Mia Culpa!

regards,
~Koan

No forgiveness is even remotely required, Emily. An excellant question in perhaps the best place to ask it. IMO.

Absolutely. Many ppl just plain do not understand the problems I face searching for the answers to questions raised in each and every log that must be answered before I recommend computer modifications to a person who I don't even know, let alone a friend's computer who might forgive me if I err.
As I am also. I se the same thing you do, MAdameX Most sites have a great many HJT logs unresolved,too. They come up the most often in the darn Google searchs, too. Murphy's Law, I guess. Those that provide valuable, timely clues are time-consuming and must be read carefully, usually twice and other factors must be weighed also. There also exists a common cause that keeps the members of these sites putting in long hours for zero pay, as well. MadameX & Emily, you are both part of the cause. You too, Koan


I will share my experiences with anyone who makes any attempt to combat the foolishness of the crackers who spawn the crapware we deal with. Period.

I'm tired. I'll tackle it in the morning.

I figured you'd express an opinion Phawgg....

I take full responsibility for this misunderstanding.

So, you can sleep well tonight too... Phawgg.

regards to all,
~Koan

Hi Deb,

Thanks for giving out those infos and encouragement I very much appreciate it, yeah I know and been to that tutorial, also the Boot camp at Spywareinfo(yeah they sure have a good source there too. )I didn't know about Spyware warrior though. I like to read a lot to inform myself of what's new going around. I frequent a gaming board who has only 2 people reading logs, I would like to help them but I wouldn't want to make any mistakes, especially in dealing with those special infections.


Thanks, so kind of you Phawgg, I had a couple of my posts moved because I was in the wrong place.

There is always something to learn from every forum, and I would like to give back if I can, maybe not about HJT, I have a lot more to learn yet. And I'm very thankful for all the infos that I've been getting here and anywhere. It would be nice if everyone can be informed/taught how to beat these pests.
Thank you for all the replies everyone, thank you Koan. I like it here:)

~Emily

Misunderstanding is what one comes to expect with regards to the operation of their computer in general... and specifically malware & how we get it and how we get rid of it.
Thats why there are 100,000 HJT's posted in the last year and a half. No wonder a question arises about how to google for answers without endangering mental health.

Yes, I have them. Even though computing at it's fundamental core is precise, logical & scientific. Real people use 'em and attitudes develop because of the humanity involved. The computer is simply a tool. A good one.

My apologies to you, Koan, and the team here at BC.

As I told you in my pm, I had just came home from work and in my confusion, reacted before thinking. I have now removed my foot from my mouth and will proceed more cautiously

phawgg, thank you for your comments. They are most appreciated.

Emily, I hope you will consider joining a training program. If you haven't already. It sounds as if you have, from what you said, as most of these camps are invisible to the general public.

Deb

The short answer (without offending anyone) is yes there are places to look up exe and dll files.

http://www.windowsstartup.com/wso/search.php

http://www.processlibrary.com/

Now this link is "some what" helpful ,but it is NOT the end all answer to HJT logs.It does help for a quick glance at a log though. Lots of false positives and other problems, but i'm putting it here as a "reference" only.

http://www.hijackthis.de/en

Emily, maybe some of these tips will help you with HJT logs.

Emily @ Dec 12 2004, 06:38 PM
I can identify with your frustration.

Emily @ Dec 12 2004, 06:38 PM
This seems to me to be a logical, even admirable, pursuit. I'll take it to mean you want to analyze HJT logs.

Emily @ Dec 12 2004, 06:38 PM
If there is a better search engine, I haven't found it. So, the "trick" is to learn and understand
what you're looking for & how to interpret the results of the responses.

MadameX @ Dec 13 2004, 12:54 AM
There is certainly truth to this statement.

MadameX @ Dec 13 2004, 12:54 AM
That is the point, after all.

MadameX @ Dec 13 2004, 12:55 AM
I'm also on dialup, and ever little bit of time does matter. Thats why it's important to organize so your time is not wasted. Your time is valuable.

Raw @ Dec 14 2004, 01:53 AM
A couple more are:http://computercops.biz/sl-all.html & http://www.answersthatwork.com the task list. Should you need to replace a .dll

Raw @ Dec 14 2004, 01:53 AM
I agree. Here's another one like it. HJT Detective.

Having searched forums for answers to the questions raised by HJT logs, I've run into some problems. Unresolved case is one.
Language barriers create another. Time sensitivity is another. In an effort to minimize my frustration when I find 5,000 google responses:

• I look for identified good sources, ones that yield better results than others for me *
• 10-20Kb responses usually mean a log is posted but there is no answer.
• If "cache" is available, and the thread size is over 30Kb, I'll search it using the cache feature.
• If additional pages from a "good" site are available I'll go there first. Sometimes 4-5 responses are really the same thread in parts.
• I tend to scroll quickly through the posted log, checking to see that the hilit entry is there, and that it is similar to the one I'm looking for.
• If it's a recommended deletion in the first reply, I might then immediately copy the page to HD and label the file created
  as the name of the file I was looking for. Save to a folder created for the HJT log I'm working on.
• Continue to read if it's an unusual fix, noting methods.
• rename the file adding the "problem name" if applicable. (ie: Look2me or swapX)
• note any special automated tools involved or sequence of steps leading to a successfuly clean log (if applicable).
• I do this with all questionable files in each log. Usually after several other steps have been taken to identify problematic files and other objects in the log.

*Some active forums to watch for, among the many googling turns up, and that you are likely to find good answers at, are:

• http://www.bleepingcomputer.com/forums/forum22.html
• http://cexx.org/
• http://computercops.biz/modules.php?name=Forums&file=faq
• http://www.dslreports.com/forum/security,1
• http://forum.gladiator-antivirus.com/index.php?act=idx
• http://www.lavasoftsupport.com/
• http://forums.majorgeeks.com/showthread.php?t=38752
• http://forums.spywareinfo.com/index.php?b=1
• http://spywarewarrior.com/
• http://forums.thatcomputerguy.us/index.php
• http://www.tomcoyote.org/hjt/

This list is no where near complete, but it may give you an idea about targeting searchs. For a more complete list try here:
ASAP. Several other sites, that may not turn up as often in google searchs, are also good sources of information.

Other initial steps before a google search have a higher priority. After reading the log from top to bottom & noting the comments, I start at the bottom and work my way up. Not all catagories of entries appear in all logs, of course. The numeric catagories are:

O23 deals with NT Services, which lists all (non-disabled, non-Microsoft) services, like Msconfig.
O22 deals with files being loaded through the SharedTaskScheduler registry value.
O21 deals with files being loaded through the ShellServiceObjectDelayLoad registry key.
O20 deals with files being loaded through the AppInit_DLLs Registry value.
O19 deals with User style sheet hijacking.
O18 deals with extra protocols and protocol hijackers.
O17 deals with Domain Hacks. To identify if the domain is likely legitimate check:

• http://www.arin.net/whois/ For looking up O17 entries
• http://www.apnic.net/apnic-bin/whois.pl For looking up O17 entries]

O16 deals with ActiveX Objects, also called Downloaded Program Files. Often the source of bad files attached.
One good way to check for them is to use SpywareBlaster. Open the program, choose Internet Explorer tab, right-click the item name list, choose "find". Paste the {number} in, if it's a known bad one, it'll return a result.
O15 deals with Unwanted sites in Trusted Zone. Self-explanatory
O14 deals with the file that Internet Explorer uses when resetting options back to their Windows default. Malware altered it or user did.
O13 deals with how URLs entered in an address field without a preceding, http://, ftp://, etc are handled. Malware altered it or user did.
O12 deals with Internet Explorer Plugins & added browser functionality. Malware altered it or user did.
O11 deals with a non-default option group that has been added to the Advanced Options Tab in Internet Options on IE. Malware altered it or user did.
O10 deals with Winsock Hijackers , called LSPs (Layered Service Providers). http://www.angeltowns.com/members/zupe/lsps.html About LSP's
O9 deals with IE toolbar buttons or items in the IE 'Tools' menu that are not part of the default installation. Malware altered it or user did.
O8 deals with extra items in the in the Context Menu of Internet Explorer, options available when you right click viewing a web page. Malware altered it or user did.
O7 deals with Regedit not being allowed to run. Changes in registry settings. Malware altered it or user did.
O6 deals with an Administrative lock down for changing the options or homepage in IE. Changes in registry settings. Malware altered it or user did.
O5 deals with having your Internet Explorer control show in the Control Panel. Malware altered it or user did.
O4 deals with startup folders that are loaded automatically when Windows boots up. These listing are often bad or optional.
O3 deals with IE toolbars. Check http://castlecops.com/CLSID.html.
O2 deals with Browser Helper Objects, plugins to extend the functionality ofyour browser. Check http://castlecops.com/CLSID.html.
O1 deals with Host file Redirection. Two utilities commonly used are: HostFix & Hoster
N1 - N4 deal with Netscape and Mozilla Browsers start and default search pages. Malware altered it or user did.
F0 - F3 deal with applications loaded from your .INI files, system.ini and win.ini or equivalent places in the registry. Malware altered it or user did.
R0 - R3 deal with Internet Explorer Start Page, Home Page, and Url Search Hooks. Malware altered it or user did. ISPs or Computer makers, too.

All of the running processes listed at the start of the HJT logs relate in some way to these entries. Or they are system-required files.

HJT explained http://www.bleepingcomputer.com/tutorials/tutorial42.html
HJT explained http://computercops.biz/HijackThis.html

Utilities are used to assist in identification of problems or deletions of problem files. Some include:

• AboutBuster 4.0
• CWShredder 1.59.1
• Kill2me
• GetServices
• PeperRemover
• ServiceFilter
• RegLook
• Winsock2fix
• PV
• md5
• RegSeeker Helpful when working with the Windows Registry
• System Security Suite to clean up afterwards

An incomplete list. Other useful utilities available are:
Specialty removal tools. http://www.subratam.org/?page=removal
Various helpful utilities free. http://www.sysinternals.com/ntw2k/utilities.shtml

Other sources of information to help in both Google searchs & HJT log interpretation/malware removal recommendations:

• http://www.help2go.com/ General computer related help
• http://en.wikipedia.org/wiki/Main_Page Terminology Interpretation
• http://wombat.doc.ic.ac.uk/foldoc/ Terminology Interpretation
• http://www.trendmicro.com/vinfo/virusencyclo/ virus encyclopedia
• http://www.blackviper.com/index.html Easy Windows Services explanations
• http://www.spywarewarrior.com/rogue_anti-spyware.htm Is that anti-spyware causing problems?
• http://www.bitdefender.com/bd/site/products.php?p_id=24# an online virus scan/cleaner
• http://virusscan.jotti.dhs.org/ Check that questionable file out.
• http://www.tech-archive.net Newsgroups dealing with computer issues
• http://support.microsoft.com/search/?adv=1 Error message searching
• http://search.microsoft.com/search/help.aspx?View=en-us Error message searching

When more drastic measures might need to be taken dealing with problems:

• http://www.microsoft.com/whdc/system/winpr...preinstall.mspx Windows Pre-installation explained
• Bart's PE when more serious cleaning up is involved

Here is a good resource list you can use:

http://www.bleepingcomputer.com/forums/topic405.html

I am also moving this post to the AntiVirus, Firewall and Privacy Products and Protection Methods section.