Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searching an .exe or dll etc.


  • Please log in to reply
13 replies to this topic

#1 Emily

Emily

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 12 December 2004 - 08:38 PM

Hi,
I'm not sure where this question belongs to, so forgive me if I'm in the wrong place.

I seem to have a problem with google searching. When I google-search something it only gives me links to hijackthis logs. I even do the advance search, etc but still finding a lot unanswered search.

I was trying to search for items while fixing my own HJT log and also friends' logs.
So is there a trick to get a good result while using google? or is there a better search engines out there?
Thanks.

~Emily
"True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere."

BC AdBot (Login to Remove)

 


#2 MadameX

MadameX

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2004 - 02:54 AM

Hi Rose,

So you're analyzing your own and your friend's logs, eh?

Well, as a member of the Boot Camp at SWI, I learned that doing a Google search is a bit of a last resort, mostly because of all the unnecessary links it can give (like HJT logs at different forums.

If you don't already know about this tutorial, here is a link to a very good one to help with analyzing logs:

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

It also gives links to HJTHot key, a good little program to aid in log analysis. Plus loads of information on what the entries are in the logs, where to go to research them and how to use SpywareBlaster to research as well.

It's been recently updated and added to.

Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc?

You can learn a lot and be more effective as well.

Good luck!

Deb

#3 MadameX

MadameX

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2004 - 02:55 AM

Just one thing, though.

If you are on dialup, the page will take a while to load, as there are screenshots on the page. So, give it some time, it's well worth the wait.

Deb

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:30 AM

Posted 13 December 2004 - 03:14 AM

Physician heal thyself....!

Don't bother to use the expertise of the HJT members here to start you off....

Don't peruse the HJT fourm here....

Don't bother yourself to overview some of the threads in the HJT forums...

BTW :flowers: to "BC"

But, you might share some of your expertise with the rest of us ...!
So that we might learn....

regards,
~Koan


:thumbsup:
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 MadameX

MadameX

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2004 - 04:00 AM

Hold on a second here.....

Is there a rule somewhere that one should ONLY get help at this site?

Not knocking the team here. NO! I never suggested she shouldn't. My statement:

Have you ever thought about joining the Boot Camp or any HJT training program such as they have at SpywareInfo, SpywareWarrior , etc?

Note that I said "or any HJT training program".

I know that I'm new here, and meant no disrespect to this site nor to the HJT team.

Nor did I think that giving that link was priveledged information?

I'm a member at several sites and one thing I've seen common at all of them is the ratio of people needing help to those who are trained to help.

As you know, Helpers are sadly outnumbered and as the help they give is VOLUNTARY, there are victims badly needing help who don't get it as soon as they would like. Not putting any of the Helpers down, it's just a very sad fact due to the proliferation of the malware on the Net.

Excuse me for trying to encourage someone to expand her knowledge and expertise.

She's free to join any training program she likes. Makes no difference to me where as long as she's on our side. Right?

Deb

#6 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:30 AM

Posted 13 December 2004 - 04:31 AM

MadamX,

You've my reply in a PM.

No disrespect intended to either party here. You mistook my sarcasm....
Doctor..... etc...

Mia Culpa!

regards,
~Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#7 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:04:30 AM

Posted 13 December 2004 - 04:43 AM

I'm not sure where this question belongs to, so forgive me if I'm in the wrong place.

No forgiveness is even remotely required, Emily. An excellant question in perhaps the best place to ask it. IMO.

Excuse me for trying to encourage someone to expand her knowledge and expertise. She's free to join any training program she likes. Makes no difference to me where as long as she's on our side. Right?

Absolutely. Many ppl just plain do not understand the problems I face searching for the answers to questions raised in each and every log that must be answered before I recommend computer modifications to a person who I don't even know, let alone a friend's computer who might forgive me if I err.

I'm a member at several sites and one thing I've seen common at all of them is the ratio of people needing help to those who are trained to help.

As I am also. I se the same thing you do, MAdameX Most sites have a great many HJT logs unresolved,too. They come up the most often in the darn Google searchs, too. Murphy's Law, I guess. Those that provide valuable, timely clues are time-consuming and must be read carefully, usually twice and other factors must be weighed also. There also exists a common cause that keeps the members of these sites putting in long hours for zero pay, as well. MadameX & Emily, you are both part of the cause. You too, Koan


I will share my experiences with anyone who makes any attempt to combat the foolishness of the crackers who spawn the crapware we deal with. Period.

I'm tired. I'll tackle it in the morning. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#8 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:30 AM

Posted 13 December 2004 - 04:51 AM

I figured you'd express an opinion Phawgg....

I take full responsibility for this misunderstanding.

So, you can sleep well tonight too... Phawgg.

regards to all,
~Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#9 Emily

Emily
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 13 December 2004 - 06:01 AM

Hi Deb,

Thanks for giving out those infos and encouragement I very much appreciate it, yeah I know and been to that tutorial, also the Boot camp at Spywareinfo(yeah they sure have a good source there too. )I didn't know about Spyware warrior though. I like to read a lot to inform myself of what's new going around. I frequent a gaming board who has only 2 people reading logs, I would like to help them but I wouldn't want to make any mistakes, especially in dealing with those special infections.

No forgiveness is even remotely required, Emily. An excellant question in perhaps the best place to ask it. IMO.

Thanks, so kind of you Phawgg, I had a couple of my posts moved because I was in the wrong place.

There is always something to learn from every forum, and I would like to give back if I can, maybe not about HJT, I have a lot more to learn yet. And I'm very thankful for all the infos that I've been getting here and anywhere. It would be nice if everyone can be informed/taught how to beat these pests.
Thank you for all the replies everyone, thank you Koan. I like it here:)

~Emily
"True friends are like diamonds, precious and rare,
False friends are like autumn leaves, scattered everywhere."

#10 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:04:30 AM

Posted 13 December 2004 - 11:40 AM

Misunderstanding is what one comes to expect with regards to the operation of their computer in general... and specifically malware & how we get it and how we get rid of it.
Thats why there are 100,000 HJT's posted in the last year and a half. No wonder a question arises about how to google for answers without endangering mental health. :thumbsup:

I figured you'd express an opinion Phawgg....

Yes, I have them. :flowers: Even though computing at it's fundamental core is precise, logical & scientific. Real people use 'em and attitudes develop because of the humanity involved. The computer is simply a tool. A good one.
patiently patrolling, plenty of persisant pests n' problems ...

#11 MadameX

MadameX

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 13 December 2004 - 12:26 PM

My apologies to you, Koan, and the team here at BC.

As I told you in my pm, I had just came home from work and in my confusion, reacted before thinking. I have now removed my foot from my mouth and will proceed more cautiously :thumbsup:

phawgg, thank you for your comments. They are most appreciated.

Emily, I hope you will consider joining a training program. If you haven't already. It sounds as if you have, from what you said, as most of these camps are invisible to the general public.

Deb

#12 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:07:30 AM

Posted 14 December 2004 - 03:53 AM

:thumbsup:

The short answer (without offending anyone) is yes there are places to look up exe and dll files.

http://www.windowsstartup.com/wso/search.php

http://www.processlibrary.com/

Now this link is "some what" helpful ,but it is NOT the end all answer to HJT logs.It does help for a quick glance at a log though. Lots of false positives and other problems, but i'm putting it here as a "reference" only.

http://www.hijackthis.de/en

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#13 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:04:30 AM

Posted 15 December 2004 - 03:02 PM

Emily, maybe some of these tips will help you with HJT logs.

Emily @ Dec 12 2004, 06:38 PM

I seem to have a problem with google searching. When I google-search something it only gives me links to hijackthis logs. I even do the advance search, etc but still finding a lot unanswered search.

I can identify with your frustration.

Emily @ Dec 12 2004, 06:38 PM

I was trying to search for items while fixing my own HJT log and also friends' logs.

This seems to me to be a logical, even admirable, pursuit. I'll take it to mean you want to analyze HJT logs.

Emily @ Dec 12 2004, 06:38 PM

So is there a trick to get a good result while using google? or is there a better search engines out there?

If there is a better search engine, I haven't found it. So, the "trick" is to learn and understand
what you're looking for & how to interpret the results of the responses.

MadameX @ Dec 13 2004, 12:54 AM

I learned that doing a Google search is a bit of a last resort, mostly because of all the unnecessary links it can give (like HJT logs at different forums.

There is certainly truth to this statement.

MadameX @ Dec 13 2004, 12:54 AM

You can learn a lot and be more effective as well.

That is the point, after all.

MadameX @ Dec 13 2004, 12:55 AM

If you are on dialup, the page will take a while to load, as there are screenshots on the page.

I'm also on dialup, and ever little bit of time does matter. Thats why it's important to organize so your time is not wasted. Your time is valuable.

Raw @ Dec 14 2004, 01:53 AM

The short answer (without offending anyone) is yes there are places to look up exe and dll files.

A couple more are:http://computercops.biz/sl-all.html & http://www.answersthatwork.com the task list. Should you need to replace a .dll

Raw @ Dec 14 2004, 01:53 AM

Now this link is "some what" helpful ,but it is NOT the end all answer to HJT logs.It does help for a quick glance at a log though. Lots of false positives and other problems, but i'm putting it here as a "reference" only.

I agree. Here's another one like it. HJT Detective.

Having searched forums for answers to the questions raised by HJT logs, I've run into some problems. Unresolved case is one.
Language barriers create another. Time sensitivity is another. In an effort to minimize my frustration when I find 5,000 google responses:
  • I look for identified good sources, ones that yield better results than others for me *
  • 10-20Kb responses usually mean a log is posted but there is no answer.
  • If "cache" is available, and the thread size is over 30Kb, I'll search it using the cache feature.
  • If additional pages from a "good" site are available I'll go there first. Sometimes 4-5 responses are really the same thread in parts.
  • I tend to scroll quickly through the posted log, checking to see that the hilit entry is there, and that it is similar to the one I'm looking for.
  • If it's a recommended deletion in the first reply, I might then immediately copy the page to HD and label the file created
    as the name of the file I was looking for. Save to a folder created for the HJT log I'm working on.
  • Continue to read if it's an unusual fix, noting methods.
  • rename the file adding the "problem name" if applicable. (ie: Look2me or swapX)
  • note any special automated tools involved or sequence of steps leading to a successfuly clean log (if applicable).
  • I do this with all questionable files in each log. Usually after several other steps have been taken to identify problematic files and other objects in the log.
*Some active forums to watch for, among the many googling turns up, and that you are likely to find good answers at, are: This list is no where near complete, but it may give you an idea about targeting searchs. For a more complete list try here:
ASAP. Several other sites, that may not turn up as often in google searchs, are also good sources of information.

Other initial steps before a google search have a higher priority. After reading the log from top to bottom & noting the comments, I start at the bottom and work my way up. Not all catagories of entries appear in all logs, of course. The numeric catagories are:

O23 deals with NT Services, which lists all (non-disabled, non-Microsoft) services, like Msconfig.
O22 deals with files being loaded through the SharedTaskScheduler registry value.
O21 deals with files being loaded through the ShellServiceObjectDelayLoad registry key.
O20 deals with files being loaded through the AppInit_DLLs Registry value.
O19 deals with User style sheet hijacking.
O18 deals with extra protocols and protocol hijackers.
O17 deals with Domain Hacks. To identify if the domain is likely legitimate check: O16 deals with ActiveX Objects, also called Downloaded Program Files. Often the source of bad files attached.
One good way to check for them is to use SpywareBlaster. Open the program, choose Internet Explorer tab, right-click the item name list, choose "find". Paste the {number} in, if it's a known bad one, it'll return a result.
O15 deals with Unwanted sites in Trusted Zone. Self-explanatory
O14 deals with the file that Internet Explorer uses when resetting options back to their Windows default. Malware altered it or user did.
O13 deals with how URLs entered in an address field without a preceding, http://, ftp://, etc are handled. Malware altered it or user did.
O12 deals with Internet Explorer Plugins & added browser functionality. Malware altered it or user did.
O11 deals with a non-default option group that has been added to the Advanced Options Tab in Internet Options on IE. Malware altered it or user did.
O10 deals with Winsock Hijackers , called LSPs (Layered Service Providers). http://www.angeltowns.com/members/zupe/lsps.html About LSP's
O9 deals with IE toolbar buttons or items in the IE 'Tools' menu that are not part of the default installation. Malware altered it or user did.
O8 deals with extra items in the in the Context Menu of Internet Explorer, options available when you right click viewing a web page. Malware altered it or user did.
O7 deals with Regedit not being allowed to run. Changes in registry settings. Malware altered it or user did.
O6 deals with an Administrative lock down for changing the options or homepage in IE. Changes in registry settings. Malware altered it or user did.
O5 deals with having your Internet Explorer control show in the Control Panel. Malware altered it or user did.
O4 deals with startup folders that are loaded automatically when Windows boots up. These listing are often bad or optional.
O3 deals with IE toolbars. Check http://castlecops.com/CLSID.html.
O2 deals with Browser Helper Objects, plugins to extend the functionality ofyour browser. Check http://castlecops.com/CLSID.html.
O1 deals with Host file Redirection. Two utilities commonly used are: HostFix & Hoster
N1 - N4 deal with Netscape and Mozilla Browsers start and default search pages. Malware altered it or user did.
F0 - F3 deal with applications loaded from your .INI files, system.ini and win.ini or equivalent places in the registry. Malware altered it or user did.
R0 - R3 deal with Internet Explorer Start Page, Home Page, and Url Search Hooks. Malware altered it or user did. ISPs or Computer makers, too.

All of the running processes listed at the start of the HJT logs relate in some way to these entries. Or they are system-required files.

HJT explained http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/
HJT explained http://computercops.biz/HijackThis.html

Utilities are used to assist in identification of problems or deletions of problem files. Some include: An incomplete list. Other useful utilities available are:
Specialty removal tools. http://www.subratam.org/?page=removal
Various helpful utilities free. http://www.sysinternals.com/ntw2k/utilities.shtml

Other sources of information to help in both Google searchs & HJT log interpretation/malware removal recommendations: When more drastic measures might need to be taken dealing with problems:

Edited by phawgg, 15 December 2004 - 03:14 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:30 AM

Posted 15 December 2004 - 05:46 PM

Here is a good resource list you can use:

http://www.bleepingcomputer.com/forums/t/405/antivirus-antimalware-and-antispyware-resources/

I am also moving this post to the AntiVirus, Firewall and Privacy Products and Protection Methods section.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users