 Google searching an .exe or dll etc., Only gives me more hijackthis log. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Dec 12 2004, 08:38 PM
Post
#1
|
|
 New Member  Group: Members Posts: 13 Joined: 19-October 04 Member No.: 3,801  |
I'm not sure where this question belongs to, so forgive me if I'm in the wrong place. I seem to have a problem with google searching. When I google-search something it only gives me links to hijackthis logs. I even do the advance search, etc but still finding a lot unanswered search. I was trying to search for items while fixing my own HJT log and also friends' logs. So is there a trick to get a good result while using google? or is there a better search engines out there? Thanks. ~Emily -------------------- "True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere." |
 |
 
|
|
Dec 13 2004, 02:54 AM
Post
#2
|
|
 Member Group: Members Posts: 21 Joined: 4-December 04 Member No.: 6,418 |
Hi Rose,
So you're analyzing your own and your friend's logs, eh? Well, as a member of the Boot Camp at SWI, I learned that doing a Google search is a bit of a last resort, mostly because of all the unnecessary links it can give (like HJT logs at different forums. If you don't already know about this tutorial, here is a link to a very good one to help with analyzing logs: http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm It also gives links to HJTHot key, a good little program to aid in log analysis. Plus loads of information on what the entries are in the logs, where to go to research them and how to use SpywareBlaster to research as well. It's been recently updated and added to. Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc? You can learn a lot and be more effective as well. Good luck! Deb -------------------- |
|
|
|
|
Dec 13 2004, 02:55 AM
Post
#3
|
|
|
Member Group: Members Posts: 21 Joined: 4-December 04 Member No.: 6,418 |
Just one thing, though.
If you are on dialup, the page will take a while to load, as there are screenshots on the page. So, give it some time, it's well worth the wait. Deb -------------------- |
|
|
|
|
Dec 13 2004, 03:14 AM
Post
#4
|
|
 Bleepin' Conundrum Group: Global Moderator Posts: 9,454 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
Physician heal thyself....!
Don't bother to use the expertise of the HJT members here to start you off.... Don't peruse the HJT fourm here.... Don't bother yourself to overview some of the threads in the HJT forums... BTW  to "BC"But, you might share some of your expertise with the rest of us ...! So that we might learn.... regards, ~Koan 
-------------------- Find a path?
... some do, some don't... (WR) |
|
|
|
|
Dec 13 2004, 04:00 AM
Post
#5
|
|
|
Member Group: Members Posts: 21 Joined: 4-December 04 Member No.: 6,418 |
Hold on a second here.....
Is there a rule somewhere that one should ONLY get help at this site? Not knocking the team here. NO! I never suggested she shouldn't. My statement: Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc? Note that I said "or any HJT training program". I know that I'm new here, and meant no disrespect to this site nor to the HJT team. Nor did I think that giving that link was priveledged information? I'm a member at several sites and one thing I've seen common at all of them is the ratio of people needing help to those who are trained to help. As you know, Helpers are sadly outnumbered and as the help they give is VOLUNTARY, there are victims badly needing help who don't get it as soon as they would like. Not putting any of the Helpers down, it's just a very sad fact due to the proliferation of the malware on the Net. Excuse me for trying to encourage someone to expand her knowledge and expertise. She's free to join any training program she likes. Makes no difference to me where as long as she's on our side. Right? Deb -------------------- |
|
|
|
|
Dec 13 2004, 04:31 AM
Post
#6
|
|
|
Bleepin' Conundrum Group: Global Moderator Posts: 9,454 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
MadamX,
You've my reply in a PM. No disrespect intended to either party here. You mistook my sarcasm.... Doctor..... etc... Mia Culpa! regards, ~Koan -------------------- Find a path?
... some do, some don't... (WR) |
|
|
|
|
Dec 13 2004, 04:43 AM
Post
#7
|
|
 Learning Daily Group: Members Posts: 4,543 Joined: 9-July 04 From: Washington State, USA Member No.: 1,322 |
QUOTE I'm not sure where this question belongs to, so forgive me if I'm in the wrong place. No forgiveness is even remotely required, Emily. An excellant question in perhaps the best place to ask it. IMO.QUOTE Excuse me for trying to encourage someone to expand her knowledge and expertise. She's free to join any training program she likes. Makes no difference to me where as long as she's on our side. Right? Absolutely. Many ppl just plain do not understand the problems I face searching for the answers to questions raised in each and every log that must be answered before I recommend computer modifications to a person who I don't even know, let alone a friend's computer who might forgive me if I err.QUOTE I'm a member at several sites and one thing I've seen common at all of them is the ratio of people needing help to those who are trained to help. As I am also. I se the same thing you do, MAdameX Most sites have a great many HJT logs unresolved,too. They come up the most often in the darn Google searchs, too. Murphy's Law, I guess. Those that provide valuable, timely clues are time-consuming and must be read carefully, usually twice and other factors must be weighed also. There also exists a common cause that keeps the members of these sites putting in long hours for zero pay, as well. MadameX & Emily, you are both part of the cause. You too, KoanI will share my experiences with anyone who makes any attempt to combat the foolishness of the crackers who spawn the crapware we deal with. Period. I'm tired. I'll tackle it in the morning. 
-------------------- patiently patrolling, plenty of persisant pests n' problems ...
|
|
|
|
|
Dec 13 2004, 04:51 AM
Post
#8
|
|
|
Bleepin' Conundrum Group: Global Moderator Posts: 9,454 Joined: 26-April 04 From: 65 miles due East of the "Logic Free Zone", in Md, USA Member No.: 235 |
I figured you'd express an opinion Phawgg....
I take full responsibility for this misunderstanding. So, you can sleep well tonight too... Phawgg. regards to all, ~Koan -------------------- Find a path?
... some do, some don't... (WR) |
|
|
|
|
Dec 13 2004, 06:01 AM
Post
#9
|
|
|
New Member Group: Members Posts: 13 Joined: 19-October 04 Member No.: 3,801 |
Hi Deb,
Thanks for giving out those infos and encouragement I very much appreciate it, yeah I know and been to that tutorial, also the Boot camp at Spywareinfo(yeah they sure have a good source there too. )I didn't know about Spyware warrior though. I like to read a lot to inform myself of what's new going around. I frequent a gaming board who has only 2 people reading logs, I would like to help them but I wouldn't want to make any mistakes, especially in dealing with those special infections. QUOTE No forgiveness is even remotely required, Emily. An excellant question in perhaps the best place to ask it. IMO. Thanks, so kind of you Phawgg, I had a couple of my posts moved because I was in the wrong place. There is always something to learn from every forum, and I would like to give back if I can, maybe not about HJT, I have a lot more to learn yet. And I'm very thankful for all the infos that I've been getting here and anywhere. It would be nice if everyone can be informed/taught how to beat these pests. Thank you for all the replies everyone, thank you Koan. I like it here:) ~Emily -------------------- "True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere." |
|
|
|
|
Dec 13 2004, 11:40 AM
Post
#10
|
|
|
Learning Daily Group: Members Posts: 4,543 Joined: 9-July 04 From: Washington State, USA Member No.: 1,322 |
Misunderstanding is what one comes to expect with regards to the operation of their computer in general... and specifically malware & how we get it and how we get rid of it.
Thats why there are 100,000 HJT's posted in the last year and a half. No wonder a question arises about how to google for answers without endangering mental health.  QUOTE I figured you'd express an opinion Phawgg.... Yes, I have them.  Even though computing at it's fundamental core is precise, logical & scientific. Real people use 'em and attitudes develop because of the humanity involved. The computer is simply a tool. A good one.
-------------------- patiently patrolling, plenty of persisant pests n' problems ...
|
|
|
|
|
Dec 13 2004, 12:26 PM
Post
#11
|
|
|
Member Group: Members Posts: 21 Joined: 4-December 04 Member No.: 6,418 |
My apologies to you, Koan, and the team here at BC.
As I told you in my pm, I had just came home from work and in my confusion, reacted before thinking. I have now removed my foot from my mouth and will proceed more cautiously  phawgg, thank you for your comments. They are most appreciated. Emily, I hope you will consider joining a training program. If you haven't already. It sounds as if you have, from what you said, as most of these camps are invisible to the general public. Deb -------------------- |
|
|
|
|
Dec 14 2004, 03:53 AM
Post
#12
|
|
 Bleeping Hacker Group: BC Advisor Posts: 1,981 Joined: 14-April 04 From: Texas Member No.: 151 |
 The short answer (without offending anyone) is yes there are places to look up exe and dll files. http://www.windowsstartup.com/wso/search.php http://www.processlibrary.com/ Now this link is "some what" helpful ,but it is NOT the end all answer to HJT logs.It does help for a quick glance at a log though. Lots of false positives and other problems, but i'm putting it here as a "reference" only. http://www.hijackthis.de/en -------------------- |
|
|
|
|
Dec 15 2004, 03:02 PM
Post
#13
|
|
|
Learning Daily Group: Members Posts: 4,543 Joined: 9-July 04 From: Washington State, USA Member No.: 1,322 |
Emily, maybe some of these tips will help you with HJT logs.
Emily @ Dec 12 2004, 06:38 PM QUOTE I seem to have a problem with google searching. When I google-search something it only gives me links to hijackthis logs. I even do the advance search, etc but still finding a lot unanswered search. I can identify with your frustration.Emily @ Dec 12 2004, 06:38 PM QUOTE I was trying to search for items while fixing my own HJT log and also friends' logs. This seems to me to be a logical, even admirable, pursuit. I'll take it to mean you want to analyze HJT logs.Emily @ Dec 12 2004, 06:38 PM QUOTE So is there a trick to get a good result while using google? or is there a better search engines out there? If there is a better search engine, I haven't found it. So, the "trick" is to learn and understand what you're looking for & how to interpret the results of the responses. MadameX @ Dec 13 2004, 12:54 AM QUOTE I learned that doing a Google search is a bit of a last resort, mostly because of all the unnecessary links it can give (like HJT logs at different forums. There is certainly truth to this statement.MadameX @ Dec 13 2004, 12:54 AM QUOTE You can learn a lot and be more effective as well. That is the point, after all.MadameX @ Dec 13 2004, 12:55 AM QUOTE If you are on dialup, the page will take a while to load, as there are screenshots on the page. I'm also on dialup, and ever little bit of time does matter. Thats why it's important to organize so your time is not wasted. Your time is valuable.Raw @ Dec 14 2004, 01:53 AM QUOTE The short answer (without offending anyone) is yes there are places to look up exe and dll files. A couple more are:http://computercops.biz/sl-all.html & http://www.answersthatwork.com the task list. Should you need to replace a .dllRaw @ Dec 14 2004, 01:53 AM QUOTE Now this link is "some what" helpful ,but it is NOT the end all answer to HJT logs.It does help for a quick glance at a log though. Lots of false positives and other problems, but i'm putting it here as a "reference" only. I agree. Here's another one like it. HJT Detective.Having searched forums for answers to the questions raised by HJT logs, I've run into some problems. Unresolved case is one. Language barriers create another. Time sensitivity is another. In an effort to minimize my frustration when I find 5,000 google responses:
ASAP. Several other sites, that may not turn up as often in google searchs, are also good sources of information. Other initial steps before a google search have a higher priority. After reading the log from top to bottom & noting the comments, I start at the bottom and work my way up. Not all catagories of entries appear in all logs, of course. The numeric catagories are: O23 deals with NT Services, which lists all (non-disabled, non-Microsoft) services, like Msconfig. O22 deals with files being loaded through the SharedTaskScheduler registry value. O21 deals with files being loaded through the ShellServiceObjectDelayLoad registry key. O20 deals with files being loaded through the AppInit_DLLs Registry value. O19 deals with User style sheet hijacking. O18 deals with extra protocols and protocol hijackers. O17 deals with Domain Hacks. To identify if the domain is likely legitimate check:
One good way to check for them is to use SpywareBlaster. Open the program, choose Internet Explorer tab, right-click the item name list, choose "find". Paste the {number} in, if it's a known bad one, it'll return a result. O15 deals with Unwanted sites in Trusted Zone. Self-explanatory O14 deals with the file that Internet Explorer uses when resetting options back to their Windows default. Malware altered it or user did. O13 deals with how URLs entered in an address field without a preceding, http://, ftp://, etc are handled. Malware altered it or user did. O12 deals with Internet Explorer Plugins & added browser functionality. Malware altered it or user did. O11 deals with a non-default option group that has been added to the Advanced Options Tab in Internet Options on IE. Malware altered it or user did. O10 deals with Winsock Hijackers , called LSPs (Layered Service Providers). http://www.angeltowns.com/members/zupe/lsps.html About LSP's O9 deals with IE toolbar buttons or items in the IE 'Tools' menu that are not part of the default installation. Malware altered it or user did. O8 deals with extra items in the in the Context Menu of Internet Explorer, options available when you right click viewing a web page. Malware altered it or user did. O7 deals with Regedit not being allowed to run. Changes in registry settings. Malware altered it or user did. O6 deals with an Administrative lock down for changing the options or homepage in IE. Changes in registry settings. Malware altered it or user did. O5 deals with having your Internet Explorer control show in the Control Panel. Malware altered it or user did. O4 deals with startup folders that are loaded automatically when Windows boots up. These listing are often bad or optional. O3 deals with IE toolbars. Check http://castlecops.com/CLSID.html. O2 deals with Browser Helper Objects, plugins to extend the functionality ofyour browser. Check http://castlecops.com/CLSID.html. O1 deals with Host file Redirection. Two utilities commonly used are: HostFix & Hoster N1 - N4 deal with Netscape and Mozilla Browsers start and default search pages. Malware altered it or user did. F0 - F3 deal with applications loaded from your .INI files, system.ini and win.ini or equivalent places in the registry. Malware altered it or user did. R0 - R3 deal with Internet Explorer Start Page, Home Page, and Url Search Hooks. Malware altered it or user did. ISPs or Computer makers, too. All of the running processes listed at the start of the HJT logs relate in some way to these entries. Or they are system-required files. HJT explained http://www.bleepingcomputer.com/tutorials/tutorial42.html HJT explained http://computercops.biz/HijackThis.html Utilities are used to assist in identification of problems or deletions of problem files. Some include:
Specialty removal tools. http://www.subratam.org/?page=removal Various helpful utilities free. http://www.sysinternals.com/ntw2k/utilities.shtml Other sources of information to help in both Google searchs & HJT log interpretation/malware removal recommendations:
This post has been edited by phawgg: Dec 15 2004, 03:14 PM -------------------- patiently patrolling, plenty of persisant pests n' problems ...
|
|
|
|
|
Dec 15 2004, 05:46 PM
Post
#14
|
|
 Bleep Bleep! Group: Admin Posts: 29,464 Joined: 24-January 04 From: USA Member No.: 3 |
Here is a good resource list you can use:
http://www.bleepingcomputer.com/forums/topic405.html I am also moving this post to the AntiVirus, Firewall and Privacy Products and Protection Methods section. -------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th December 2008 - 05:11 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.