Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Win 7 PC, some hikackthis red flags


  • Please log in to reply
3 replies to this topic

#1 dubina

dubina

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 11 February 2011 - 01:59 PM

My wife's old XP PC gave her fits last night. Security Defender informed her that she had 17 booboos including a keystroke logger and she had bettter hurry and spend $80 on their cleaner or all of her credit card info would be harvested in China. Something like that. Security Defender was was very insistent and not really good with English so I looked her up. Sure enough, some kind of malware / scam.

So I started running AV scans, OneCare scans, and finally, a new highjackthis scan. Then, I pasted the HJT log into a parser and got some red-flagged items. I "fixed" those items, but Security Defender hung in there.

Cut to my new Win 7 PC. I thought hmmm, maybe I should run HJT and parse the log on the new PC as well. I did, and got lots of red-flagged lines, including 23 O23s.

Then, I read something that made me doubt the utility of fixing HJT problems, specifically, somethat said OTL is the new standard for finding and fixing PC malware problems. My impression is that OTL logs are processed somewhat in the same manner as HJT logs: copy and paste to forum (like bleepingcomputer) where somebody would look at the logs and recommend fixes.

Two questions: (1) Is that impression correct? (2) Is bleepingcomputer a forum that looks at OTL logs?

If yes and yes, where should I go to post my two OTL logs?

If no and no, any alternative advice would be greatly appreciated.

PS: Furthermore, I want to eradicate Security Defender from my wife's PC.

Edited by Budapest, 11 February 2011 - 03:18 PM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 11 February 2011 - 03:19 PM

See this:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 dubina

dubina
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 11 February 2011 - 09:03 PM

Cynic, thanks for the steer; I can do as directed. First though, I wonder: do I have a problem on my PC? I didn't think so, just wanted to try out highjackthis on the new PC. When I got 23 O23s, I thought surely I must have a problem, but now I wonder. My PC isn't acting up the way my wife's PC is acting up, so should I only work on her PC and let this one go? Or do 23 redlined HJT O23s sound like something I should try to fix?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 AM

Posted 12 February 2011 - 01:11 AM

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. However, since HijackThis only scans certain areas of a computer's system/registry, a hijackthis log may not always show all the malware on your system. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries and investigate them in order to determine what needs to be fixed.

Online HijackThis analyzers work in a similar manner but rely on the user's ability to interpret the results and determine what needs to be fixed. However, they often provide misleading and/or questionable results. In my experience, they DO NOT always identify all the malware or all the files properly. They sometimes list legitimate files as bad and bad files as legitimate. They sometimes show entries with "file missing" as bad when that is not always the case. Although these sites are open to the public, the user needs to know what they are doing and how to research the displayed log entries before using the original HijackThis application to fix anything. If you do not have advanced knowledge about computers or training in malware investigation, you should NOT rely on the results of online analyzers or attempt to fix anything without consulting an expert. Doing so on your own and using HijackThis incorrectly could adversely impact your system.

Further, be aware that HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, RSIT and OTL which provide comprehensive logs with specific details about more areas of your computer.

Security Defender is a rogue anti-spyware program that displays fake scan results and security alerts on your computer in order to scare you into purchasing it. For your wife's XP machine, follow the instructions in that removal guide or do as Budapest has instructed.

Is your wife's Windows 7 a 64-bit system? If so, be aware that many of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate (file missing) when that is NOT always the case. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.

Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to:Related topics:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users