Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Do You Think?


  • Please log in to reply
5 replies to this topic

#1 buffythemouse

buffythemouse

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 04 June 2006 - 09:09 AM

this was sent to me. i wondered if it was the starting point of a discussion :thumbsup:
I do not want to lessen the work and time put in at cybersafety but perhaps there is another way which is easier for everybody concerned :flowers:

I was also told

]Proper steps for malware removal:

1) Run CCleaner. This will clean out Internet Explorer and make any logs much shorter, as well as any malware scans much shorter.

2) Go to Add/Remove and remove any malware programs. Run Msconfig and clear startup of all entries other than security software.

3) Boot into normal mode and run a good online malware scanner such as Trend Micro and/or Ewido.

That's it! 99% this will completely clean a computer of any malware. It takes about an hour, only requires a few posts, and is very easy on the poster.

At this point, HijackThis can be run. It will almost always show a clean system if the above steps are followed. Although it may show a leftover entry that is easily removed.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:58 AM

Posted 05 June 2006 - 03:44 PM

Buffythemouse, I just want to state that these statements are not directed towards you but are rather a rebuttal to the blog entry.

There are a few points that are valid and many others that are not. Let me also state that this is my opinion, though I am usually right :thumbsup:, and everyone is entitled to disagree or agree with them. I would love to hear other people's thoughts on this.

Let it first be said that I agree entirely that HijackThis is not a removal tool per se, but rather an enumeration tool. It allows the user to determine in an easy and quick manner what types of programs are being started from various popular run locations in the registry/system files and various settings that are known to be tampered with by malware. Then it is up to the log reader to figure out what needs to be done.

With that said, the whole elitist theory is a pile of ****. The only reason we, and the other boards like BC, do not allow untrained or inexperienced users to post to hijackthis logs is that there is a great deal that can go wrong if you fix the wrong the entry. For example, fixing a O10 entry in HijackThis will ultimately break your computer's network connection. No one who is properly trained will use hijackthis to fix these, but know instead to use a program like LSP-Fix which specializes in LSP removal.

Lets dig down further into this blog entry. They state:

Currently the top three applications for removal of Spyware also happen to be free:

Ad-aware
Spybot Search and Destroy
CWShredder


Cwshredder is not a general purpose removal tool. For some reasonpeople always tend to include as a tool that should be generically run if you have a problem. This is a specialized tool that is used against specific infections.

This results in this never ending posting - counter posting of HijackThis logs until someone tells them to run a virus scan or use one or more of the Spyware scanners. Talk about ridiculous!


Agreed that would be ridiculous and sometimes it does happen. BC, though, has a very long winded preperation guide that states that a user should run all these apps before posting a hijackthis log. I can't speak to what other forums do.

The other obvious problem is when new Spyware is detected before the scanners have had a chance to release an update. This happens but not that often at least not as often as some of the Elite try to say it happens.


BS. This happens more and more often these days. There are quite a few malware that we helpers know how to remove way before the software companies put it in their definitions. What are we supposed to do, tell the user to sit there and suck it up while waiting for the software companies to update their infections? No.. we create our own tools and guides so that the user can be cleaned immediately. There are some infections that even after months the software companies still do a worse job then what the helpers can do one on one.

The fact still remains that in the large number of cases if you run the correct scans in the correct order and then check HijackThis, it will be clean.


BS again. Totally untrue as you will see by many of the logs in this forum after they follow the prep guide. The reality is that people get infected and want to be fixed immediately. As I said above they dont want to wait for the antivirus or antispyware definitions to be updated before they can be fixed. Also there are many malware that are just to difficult to be removed via software due to various reasons that a one-on-one situation can do much easier. I can't say how many times I have run software products which get a lot of the malware but leave behind plenty to clean.


hey refuse to let anyone but those trained in their "special" HijackThis removal courses to help people on their forums. This is completely absurd and the most blatant example I have seen of Elitism yet.


No this is not elitism. It is simply protecting the users who come to my site. As I said previously there are many items in a HijackThis log that can affect the performance or operation of the operating system if fixed. Unless you know how to interpret these logs, then you may fix items that are not supposed to be fix. So if its a choice between elitism and protecting the people who come to my site or allowing anyone to help with a log and possibly cause a problem...I will choose elitism.


A responsible solution is simply recommending running a set of relatively simple scans. After which only if necessary (usually not) posting a HijackThis log. That is not even necessary anymore with the Online HijackThis Analyzer.


This last statement alone shows me how little this person knows what they are talking about. The online log analyzers are riddled with false positives that make it extremely confusing for a reader to understand unless they know what they are looking at. Then when the reader follows the suggestions they wonder why certain programs are not starting automatically, other programs dont work, etc etc etc. Now they are left with nowhere to turn and are stuck with a screwed up system. This would have been avoided if they instead posted a log to a forum.

On a last note, I will say that HijackThis logs have destroyed the search results. Anyone try to find info on a certain file or registry key without a whole slew of hijackthis logs coming up instead? Can make it very hard to find info you are looking for.

#3 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:58 AM

Posted 06 June 2006 - 03:48 PM

From what I've read about this 'blogger'....he should have checked his attitude at the door and learned from those who were trying to teach him. Instead, he argued his points against the teachers, experts and admin.

Guess he knows more than anyone else does.... oh, and then has the gall to call those of us who work with HJT logs 'elitists?! :thumbsup:

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#4 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:03:58 AM

Posted 06 June 2006 - 08:17 PM

Wow...where should I begin?

So...according to this guy, we (meaning those of us who are technologically illiterate) are supposed to magically know how to completly purge our computers without any help of any kind, except from anti-virus and spyware scanners? The same scanners that, while can detect a lot, can't detect everything, or even worse, can't remove some infections!!!! What are we supposed to do then? Keep scanning, and hope the infection just goes away?

The hijack this analyzer that this guy mentions can't really help you. I've used it; all it does is tell you what other people have identified as infections. How do you know if the other users were misinformed or not? Or if what those people thought was an infection was acctually something else? Every hj log needs to be handled on a person-by-person basis; a "one size fits all" solution won't work.

Finally, this:

The problem is that so much online help is bad information, including recommending absurd solutions like using Firefox.

Sooo...we should continue to use IE 6? The same IE 6 that was named by PCworld.com as one of the worst tech products of all time? The same IE 6 in which a CERT advisory told users to use any browser except IE 6?

What was this guy smoking?? He needs a reality check, as well as some of the people who commented on the blog. I wonder what will happen when his computer gets infected by something, and he finds out that the scanners can't detect it, or that they can't remove it; will he cling to his belief that all hj experts are "elitist" losers and not seek help while his PC crashes and burns? I wonder....

I agree with you all; he has an attitude problem...sorry for going on a tangent. :thumbsup:

rms4evr

#5 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:58 AM

Posted 06 June 2006 - 09:09 PM

Not a problem rms4evr, vent all you want to. :thumbsup:

The blogger appears to be stating his opinion facts from an upside-down position.



edit...spelling

Edited by Jacee, 06 June 2006 - 09:11 PM.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:58 AM

Posted 07 June 2006 - 08:36 AM

I would have stopped reading the item after reading the definition he provided of elitism which he so kindly (and slantedly defined for his non-elitist readers) but closed the window when I read this:

Its proliferation can largely be contributed (SIC) to Antivirus Companies dismissal of it.


Any publishing author should know the difference between contributed and attributed. This has nothing to do with elitism, just plain English.

Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users