Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking For A Gui Program To Create A Hjt Logs Helper


  • Please log in to reply
9 replies to this topic

#1 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 10 November 2006 - 10:19 AM

Hello,

I'm looking for a program (possibly a FREE one) that will help me create a GUI program. I'm going to develope a program (my 1st) that will help with analyzing the HijackThis Logs, because with the program, it'll help even the novice user of the program help to dicover their culprits of their problems. It came to my mind as I was researching my logs and doing other testings on the logs. This program should cut the analysis time down by at least 70%+.

The program will basically allow you to import yuor HijackThis logs into it, and with the functions of the program, it'll do the work of searching the logs through the database(s) for you and present you with a remake of your logs... indicating the lines it found as being the possible problem, and re-writing the logs, which can be presented in for inspection and review. This whole process should take no more than a few minutes or seconds. (We'll see).

The goal is to not have to manually search each line of the logs, which can take hours alone.. maybe less, if you are used to the logs. But this should be an immediate help to the HJT helpers, and also to the end user of the computer.

I am a database programmer (also), and getting the data and the structure together is a piece of cake, but constructing a GUI for it all is something I've never done before, but I want to do it. And, for what I'm trying to do, it shouldn't be a long process... I hope... but I have confidence in myself in doing such a program that will help impact the analysis time of the HJT logs big time.

Any suggestion will be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:56 PM

Posted 10 November 2006 - 10:55 AM

You mean like these?
http://www.help2go.com/component/detective/
http://www.hollmen.dk/content/view/69/31/
http://www.prevx.com/hijackthis.asp

Who is going to keep the database updated?
Who is goingto cull erroneous data?
How will you know if your scanner is accurate?
What happens if your scanner causes someone to damage their computer?

You may want to do a search for arguments against automated log readers. One of the first is that they are innacurate. There are times when they flag the wrong things as bad. We don't want novice users to rely on them, otherwise they don't learn anything other than how to rely on an automated tool. That means they won't know when the scanner is wrong.

If you really think you can do a better job, then definately don't let me discourage you. Just don't be surprised at the reception you get when you roll it out. Automated readers are nothing new. They are helpful from time to time, but only for those who already know what they are looking for anyway.

#3 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 10 November 2006 - 12:52 PM

Hello.

You wrote

Who is going to keep the database updated?

The orginal source. Through the program, people will just update their database. That won't be manual work.

You wrote

Who is goingto cull erroneous data?

Again, the information the program presents will come from the sources where the database(s) are managed.

You wrote

How will you know if your scanner is accurate?

1. testing
2. testing
3. testing

It's the same as saying "How do you know if the BHOList is accurate?"
It's the same as saying "How do you know if the CastleCops StartupLists are accurate"

I am just going to simplify the analysis of the logs. An actual example will be like this:
Using the database of BHOList.... since it's used to lookup the 02 - Browser Helper Objects, the program will look at the log file lines starting with 02, then the database will look for lines that start with 02, then within each line, look for the curley brackets {}, then search the database for the numbers found between them, and prepare the results to include in the final analysis of the logs.

You wrote

What if your scanner causes someone to damage their computer?

This is not a scanner, according to your point of view. It's a log analyzer. It ONLY reads from the HJT log files, then accesses the databases that are used to perform the manual tasks, and reads for specific lines that start a certain way, then checks the original sources database(s) for the results of the search. The results of the whole logs are recreated to make an exact duplicate of the original log, but with a different name to it,,, having the results of the programs findings. That's all. It's simply a faster and easier way to read the logs.

On average, I'd say it takes hours or so the way it's being done now... (manually). This is going to be designed to do it in a matter of minutes or seconds.

But to answer your question, I can't even image how it could even remotely, or even closely damage a computer. I see no slight indication of that. It just loads the logs, reads the lines, and accesses the databases, and present you with the EXACT results you would be getting anyway, but this is much faster and easier. Although I have to learn more about the HJT and it's logs, if you look at my log report, you'll see that I've been researching my information of my logs. And I know I have more to learn, but I've discovered an easier and faster way to do so, and I know it'll work. I have no doubt about that either.

You wrote

You may want to do a search for arguments against automated log readers. One of the first is that they are innacurate. There are times when they flag the wrong things as bad. We don't want novice users to rely on them, otherwise they don't learn anything other than how to rely on an automated tool. That means they won't know when the scanner is wrong.

I agree with you 100%. But the point you may not understand is that when you have available resources to help you do what is a tedious job, you tend to get it done, and done with great spirit. If you took a survey and ask, "What do you prefer,,, A GUI program or would you do it by Command Line?" I can assure you that the majority WILL say GUI. Why?.. Because it's easier and it's faster. Instead of typing in commands, you can just click a button, and it does that command. That may not be learning to some people, but it's a way for people to do something they don't want to do anyway. If everything on the Internet was Command Line usage, the Internet would have at least 80%- (less) users on it.

And speaking of the last sentence of the quote above........that's a great point............ what's the point of even having a HijackThis and it's logs?. (to automate a process). Let a person manually check and see what's wrong with their computer... right? just about every software/tool used is an automated process that can be done manually. So, I'd have to believe that we're all depending on the automation of programs and we all really don't/haven't learned what we should. I can think of probably 10's, 100's, even 1,000's of programs that we all use, and are simply automations of what we can do manually. Right? It's all the same.... automating a tedious process. Nothing more, and nothing less.

You wrote

If you really think you can do a better job, then definately don't let me discourage you. Just don't be surprised at the reception you get when you roll it out. Automated readers are nothing new. They are helpful from time to time, but only for those who already know what they are looking for anyway.

I'm definitely not going to let you or anyone discourage me. I'm much stronger than that. That's just how I am. If I believe in something... that's my belief. If I feel something will work, I'm willing to go forward with it. That's why there are millions, if not billions of software out there. Those people, companies, or whatever believed in themselves, and many had support to back them up. Look at Bram Cohn,,, the one who created the BitTorrent/client. Look where it's at now. That's what I'm talking about, to all that believed in themselves and didn't let the skeptics stop them. That is what I call a powerful mind.

On an ending note: Let me tell you about a program I've designed 2 years ago.

I buy and sell domains (newly create), (based on their popularity in the search engines). I use a web site called WordTracker.
http://www.wordtracker.com

Using this site, you can see which keywords hold much popularity in the search engines. But this is what I've done with that site to intergrate in into a program.

When I type on a keyword/keyword phrase, it'll give me 300 results.

I've designed a program that will take all keywords/phrases that are 100 searches per day+, and import them into my program (php/mysql), and add the hyphens (-) in between the words, count the number of characters.... (for registration purposes).... and then create a list that will submit and do a search of all of the keywords/phrases, and see if they're available for domain registration.

I've contacted many domain resources on the internet and asked them to see if these keywords are available as domains. Upto 300 domains at a time.

Some of the companies took weeks to give me my results
Some of the companies took longer to give me my results
Some companies never got back to me
Some companies altered my requests to what they wanted me to have
Some companies told me it'll take quite some time to do such a request
... and a few more different causes of not providing me with what I requested


My program, that I created can take 300 keyeword/phrases, (and more) and in a matter of a few minutes display to you the results of all keyords/phrases as of the availability of them as domain registrations.

Right now this is for my own useage, but I created a program that right now, there is not a single source/program on the internet that can do what I created. Not yet anyway. Now, I'm going to create a program to do such.

But again, my point to all of this is to demonstrate that automation isn't bad, (in many cases),, but infact, very helpful. I still haven't found a product that doeas what I created in 2004, but let me add, that it caused no problems on my computers at all. It's simply running off of a database, and that's what I'm wanting to do with this HJT log.

But anyway, I appreciate the response, and the skeptism, but I know, without a shdow of a doubt, every and all HJT users/helpers will be glad that this program has come along.

Edited by Walkman, 10 November 2006 - 01:05 PM.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:56 PM

Posted 10 November 2006 - 01:29 PM

The BHO lists and the start-up lists are all human curated by experts in the field.

And what I was trying to tell you is that there have been analyzers around for a long time already. I showed examples of three, but there are probably half a dozen more. Most of them are run by people well known in the malware removal group. When we train helpers, we specifically do not allow the use of automated readers. We have practice logs specifically designed to frustrate automated readers.

I was suggesting that it might not be a bad idea to research your project first to see what has already been done, and identify the problems. If instead you can solve the problems with current automated readers, then you would have something. But the problem domain is such that simple database matching can only make suggestions, it can not rationalize context, and is by convention always behind. HJT and similar tools are for infections that automated responses have not yet caught up with.

#5 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 10 November 2006 - 01:54 PM

The BHO lists and the start-up lists are all human curated by experts in the field.

And what I was trying to tell you is that there have been analyzers around for a long time already. I showed examples of three, but there are probably half a dozen more. Most of them are run by people well known in the malware removal group. When we train helpers, we specifically do not allow the use of automated readers. We have practice logs specifically designed to frustrate automated readers.

I was suggesting that it might not be a bad idea to research your project first to see what has already been done, and identify the problems. If instead you can solve the problems with current automated readers, then you would have something. But the problem domain is such that simple database matching can only make suggestions, it can not rationalize context, and is by convention always behind. HJT and similar tools are for infections that automated responses have not yet caught up with.


Again, I can do nothing but agree with you 100%. I simply agree. I know where you're coming from, because I know you've been doing this way longer than I have.

I know there are downfalls, backfires, and other unforseen problems that may happen. I honestly understand that. And I'm not talking about just rushing out there and trying to promote a product, that's found to be faulty, at many angles. I'm not going to take that route.

As far as the HJT learning is conceerned, I want to learn it. I have a natural understanding of many of it's logs, and it all basically makes sense to me, but I need to understand why I'm not to the point to go to the exact causes. When I 1st looked at those logs, I didn't know what I was looking for. But now I do, and I understand the logs,,, I'm not proficient yet, but at least I understand them.. and I have a personal copy of the meaning of the line codes. Plus, I've been always looking at the log files posted here, and doing my own research. This isn't something that's boring or too complex for me. I'm willing to learn it, and be good at it too.

Now suppose..... this program not only generates reports quicker, and is accurate in the results? Would that be a step in helping out the HJT community or would it be simply still relying on automation?

Thanks again for your input.

I'll take a look at those links you've provided and see what they offer.

#6 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 10 November 2006 - 02:47 PM

I've tried all 3 sources, and from I've gathered, the 1st and the 3rd link aren't any good for helping. The reason is this:

If a person has computer problems, why are developers always assuming people have access to the Internet?. I'm still trying to figure that one out.

The 1st link displayed what it thinks my problem(s) is/are, but I've cleaned those problems, but they still load up in the registry when the computer boots up.

The 3rd link displayed no problems at all. But I do have them.

The 2nd link is a downloadable program, which I've downloaded, but I haven't ran it yet.

But my original question was to find a program that will help me create a GUI program. I know I talked about the HJT and it's logs, and the links are now bookmarked, but none of the 3 links are what I'm looking to do. Wether it's a failed project or not, I just want to be able to make a GUI program.

Thanks again for the links. I'm sure they can come in handy one day.. but I'm aimed at everyone,..... and that includes people that have no more access to the Internet.... and that's my reasoning for the program. Computer problems doesn't exclued accessing the Internet, and that seems to be where many sites are focused at. Just pretend they don't have access, but they need they diagonstics tests to help them out. Even if those same sites made a GUI to be downloaded, that would be a big help and difference for users of the HJT and the HJT helpers, all in one shot.

#7 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 12 November 2006 - 03:15 PM

I found a BETA version of a GUI tool, which is FREEWARE and I'm going to work with it and see what I come up with.

The program is called GuiGenie, and it can be found at http://www.guigenie.cjb.net

I did find other tools out there, but they're all restricted in ways to where a person like me who has never used one before wouldn't benefit from using it, like:

Limiting how many times the program will launch. (1 program limits its usage to just 20 launches)
And a few other programs where you have to provide a bunch of info, so they can email you a download link.

There are some cool programs out there for GUI creations, but I'm wet behind the ears when it comes to those programs. But some sites have video tutorials, which made understanding them quite simple. But I know there's alot of involvement into embedding codes and such, to make it interactive.

I'm going to start my project this week and work on it until I get it complete. I'm ready. :thumbsup:

#8 TheTerrorist_75

TheTerrorist_75

  • Members
  • 645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fulton, NY > Snow country.
  • Local time:05:56 PM

Posted 26 November 2006 - 03:02 PM

I think that you should enroll in HijackThis training. Upon successful completion you may have a better insight as to what you are trying to accomplish and if it is truly useful.
I am a transplant survivor.

Get Your Donor Card

#9 projectfocus

projectfocus

  • Members
  • 474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brighton
  • Local time:10:56 PM

Posted 26 November 2006 - 04:58 PM

Well the programm would work if it worked not on keywords but on the whole file key. This would save confusion. and use a black list grey list and white list system for diagnosis of entries. This could not aid in telling people what files are bad and to delete but to highlight possible errors to the analysers using a colour code of which lines to look at first.

This I could see as being an advantage. A project that I would maybe help on if this was to be used and contributed by the professionals. again as we all know this is only as good as the data that is enetered in it. Also only as good as the diagnosis and trustworthyness of the people supplying data for black white and grey lists.

Maybe a star grading system could be employed aswell to make sure that the datd is valid as per other proffessional HJT investigators.

Only an idea but I think that is the only way you will be able to feasibly run with the idea. Any other thoughts?
Posted Image

#10 Walkman

Walkman
  • Topic Starter

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 28 November 2006 - 03:40 AM

Thanks for the replies.

I'm still doing research on the HJT logs, and sometime in the beginning of 2007, I'll put in a request to become a a trainee. Personally, since I have plenty of extra hard drives to spare, I'd get a better understanding if I allowed one of them to be infected, so I can test it thoroughly. But then again, maybe I won't need to do so with the training.

projectfocus, I've thought of those issues already. I want to make it very simple and easy to understand, including the background line colors, blocks of text/fields, and so forth. I haven't explained all of the details of it,, but you are right where I've been thinking.

I've been prepping up on all the tools I'm going to need, and since I've gotten a few more computers last week, I can dedicate at least one of my extra hard drives as a software development drive, and not mix it up with other computer tasks that I do on a daily basis.

I'll keep you all posted on my progress, and hopefully someone may be able to lend a hand and we make this a team effort.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users