Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

detecting malwares


  • Please log in to reply
3 replies to this topic

#1 fermomi

fermomi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:11 PM

Posted 06 December 2009 - 10:36 AM

Good afternoon everybody,

I am asking this perhaps silly question because I'm having issues with my computer.

What is the difference between HiJackThis and Combofix ?

Is one more dedicated to some seachs than the other ?

Many Thanks for your answer

Regards

FMM

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:11 AM

Posted 06 December 2009 - 11:13 AM

Hello fermomi and :thumbsup: to BleepingComputer.

HijackThis (HJT) and ComboFix (CF) are fundamentally different tools. HJT is primarily a special registry frontend that scans certain portions of the Windows registry and displays them in an easy to read format. It also make removing entries from said portions of the registry easier. Not everything that appears in a HJT scan is malware!!! It requires a good deal of knowledge and training to be able to interpret a HJT log correctly.

CF on the other hand is a special tool designed by sUBs. Its purpose is to assist a malware removal specialist in cleaning a machine. CF is an extremely powerful tool. For the benefit of both you and others who may read this thread, please heed the following warning:

ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

You may find this topic to be helpful - ComboFix usage, Questions, Help? - Look here

***************************************************

If you are having problems with malware, I would suggest you start a thread in our Am I infected? What do I do? forum stating all your symptoms, any steps you have already taken in an attempt to solve the problem, and any other details you can provide that may prove useful. Someone should be able to help you there!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 fermomi

fermomi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:11 PM

Posted 06 December 2009 - 12:44 PM

Many thanks Blade for your explantion. :thumbsup:

I am going to post in the right section as I'm starting to be fade up of the pop ups I have on my computer.

SECURITY CENTER ALERT + another pop up trying to sell me "Antimalware" software + status bar (down right) has changed with icons alerting me about security.

I am trying to copy my screen and post it

Many thanks

Regards

FMM

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 AM

Posted 07 December 2009 - 03:41 PM

Since you have access to the available information on Combofix, let me expand on what Blade Zephon said about HijackThis.

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. However, since HijackThis only scans certain areas of your system/registry, a hijackthis log may not always show all the malware on your system. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries and investigate them in order to determine what needs to be fixed.

And just because you "fixed" something with HijackThis, that does not mean you have a clean system. There are specific files and folders which must be deleted afterwards. HijackThis does NOT delete them. Futher, removing entries in HijackThis before the problem is properly identified can make the malware undetectable to other detection and removal tools. Full system scanning tools like SUPERAntispywre, Malwarebytes' Anti-Malware, Spybot S&D and SpySweeper will remove the registry entries as well as the related files which results in a more complete removal process. HijackThis should only be used to clean up the entries left behind, after you have properly removed the malware.

Since HijackThis is a powerful tool that requires advanced knowledge about the Operating System and can cause system damage if incorrect instructions are given, only designated trained experts are allowed to help people with using HijackThis. If you do not have advanced knowledge about computers or training in the use of this tool, you should NOT fix anything using HijackThis without consulting a expert as to what to fix.

With that said, there are tutorials available for advanced users which will help you understand more clearly about the use of HijackThis and what it does.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users