Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about HijackThis


  • Please log in to reply
10 replies to this topic

#1 ShadowMatrix

ShadowMatrix

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Kalamazoo, MI
  • Local time:01:44 AM

Posted 25 September 2005 - 06:25 PM

What exactly is HijackThis? I'm assuming it's a form of software that detects ad and/or spyware on your computer or something of the like. Is there anyone who would be willing to tell me what a few things are on my system process list? (I hit ctrl+alt+delete and selected processes, and I don't recognize quite a few.) Any help would be greatly appreciated, and thanks again!

Kendra

BC AdBot (Login to Remove)

 


#2 RockIV

RockIV

  • Banned
  • 170 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 September 2005 - 06:34 PM

HiJackThis is far the most powerful tool I know! It has several uses and detects very important and criticsl files of a OS, That is why you should not make any changes without consulting an expert (BC Forums) Just give me a minute and I will give you link towards the system processes!

Rock

#3 RockIV

RockIV

  • Banned
  • 170 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 September 2005 - 06:36 PM

HijackThis is a very powerful tool, and it does find a LOT of infections for us. However, there are times when it will not show us everything that is "hiding" on a system. That is when we need to use tools such as Silent Runners, FindIt, etc.

This what taken from GTG!

Rock

Edited by RockIV, 25 September 2005 - 06:44 PM.


#4 RockIV

RockIV

  • Banned
  • 170 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 September 2005 - 06:45 PM

I cant seem to find the link! Im sorry but someone else will have to help you on that.

Rock

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:12:44 AM

Posted 25 September 2005 - 07:07 PM

Hello ShadowMatrix and welcome to BC.

HiJack This is a small program that provides a type of inventory of the typical places that malware can reside on a computer and allow itself to run. Since not everything detailed in a HJT log is malware (many times nothing at all) it is a tool that should only be used with training and experience. You can stop a computer from booting if you use it in the wrong manner.

You can investigate your running processes by having a look at the System Configuration Utility (Start>Run>msconfig) and the running processes found in the manner you describe by searching our Startup and File Databases found at the top of most pages in our forum.

Hope that answers your questions. If you have any more please post back in this thread.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 25 September 2005 - 09:48 PM

If I might put in my two cents... :thumbsup:

HijackThis is most accurately described as an enumeration tool. It searches certain areas of the registry and tells you what is there. HijackThis doesn't automatically tell you what is bad or might be bad. Unlike antivirus and antispyware, etc. scanners that start off with a list of what is bad and checks to see if they are present and then tells you when they find something bad.

For more information have a look at BC's famous tutorial: :flowers:
http://www.bleepingcomputer.com/forums/ind...showtutorial=42

This from the introduction:

HijackThis is a utility that produces a listing of certain settings found in your computer.  HijackThis wills scan your registry and various other files for entries that are similar to what a Spyware or Hijacker program would leave behind.  Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed.  Therefore you must use extreme caution when having HijackThis fix any problems.

.

Really HijackThis is a combination startup manager, process enumerator and registry editor. That's a bit oversimplified, but the reason caution is always advised is because HijackThis will fix what you tell it to, and fixing usually involves editing the registry. If you've been around computers very long at all you'll know that responsible sites, including the Microsoft Knowledge Base, will always warn about the dangers of editing the registry. It has people a little more scared to touch it than they need to be sometimes, but does need to be respected.

Is there anyone who would be willing to tell me what a few things are on my system process list? (I hit ctrl+alt+delete and selected processes, and I don't recognize quite a few.) Any help would be greatly appreciated, and thanks again!

Sure we can do that. Processes are a bit different than the startup that you can mange via the System Configuration Utility (msconfig). Not all processes are listed in msconfig and the startup database doesn't list all processes. Let us know which processes you are concerned about and we can give you some advice. If they are malware related we will probably want to see a HijackThis log--most malware now has to be removed in a particular way.

If you are interested in the basics of how most malware is removed and another startup manager that is similar to HijackThis and msconfig, see this tutorial:
How to remove a Trojan, Virus, Worms, or other Malware

Please note that the HijackThis Logs and Analysis forum is where logs are posted and the emphasis in those threads are on malware removal. Some forums like to use HijackThis to manage processes and startups. There are many items that don't need to start every time windows starts, and msconfig or Autoruns in conjunction with the startups database will help with that if you want to learn to do this for yourself. You seem interested in processes. I would suggest also that you download Sysinternals Process Explorer. It is more user friendly than Task Manager (Ctrl+Alt+Delete) and you can learn a lot from playing around with it. I know I did. :trumpet: Just use caution and don't kill any processes unless you know what you're doing.

Bottom line, if you need help interpreting any information you get from these programs and the startup database, feel free to ask.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 ShadowMatrix

ShadowMatrix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Kalamazoo, MI
  • Local time:01:44 AM

Posted 25 September 2005 - 10:00 PM

Holy monkey. Thanks for the help! :-) Now for all my other issues ... lol.

#8 RockIV

RockIV

  • Banned
  • 170 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 September 2005 - 10:08 PM

Itz only the begining......

#9 ShadowMatrix

ShadowMatrix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Kalamazoo, MI
  • Local time:01:44 AM

Posted 25 September 2005 - 10:09 PM

LOL just don't go into the "we've created a monster!" type spiel. *laughs maniacally*

Kendra

#10 RockIV

RockIV

  • Banned
  • 170 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 25 September 2005 - 10:11 PM

Itz only the begining......lol

#11 ShadowMatrix

ShadowMatrix
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Location:Kalamazoo, MI
  • Local time:01:44 AM

Posted 25 September 2005 - 10:12 PM

:-P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users