Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Why Hi-jack This?


  • Please log in to reply
16 replies to this topic

#1 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 21 March 2007 - 04:24 AM

I am curious about the use of Hi-jack-this. On this particularly, and another site I frequent, the hijack forum is closed to other than experienced personnel in that program. On examination, the minimum which could be achieved, to eradicate a virus, would probably be a couple of days. I have on many instances seen this go for much more than that. Now. I realise there may be a learning process in this but is it worthwhile for the average user.
Whenever I have reinstalled an OS, the first thing I do is customise it to my satisfaction. I then make an image ("A") Next step is to install all my regular software and, after making sure it, too, is customised, I then make a separate image ("B") These two images remain resident. (I have just started the use of double-layers, so am now able to get most on the DVD's) From that moment on, if I mess with unknown software, I first make sure it is working to my satisfaction, and then make a further image. In the case of updating to a newer version, I overwrite image "B"
Any indication of a virus, as a result of bad E-mail or internet use, and I reinstall from the image "B"
OK. So it looks like a long path. It isn't. The two images take about 20 minutes each to produce. The magic is that they are reinstalled in about the same amount of time, or even less. (I should point out that as an average user, I have a Vista OS and about 14 Gbs totalin that OS.)
Surely this is a better deal than messing around for two or more days to get a clean computer again?

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands

Posted 21 March 2007 - 06:21 AM

OK Let me give my 2 c. on this.

You are absolutely right of course,but .... :thumbsup: (there is always a but) if every user would be as diligent as you there would lesser posts in the HJT forum. You see the number of HJT logs "under treatment" here and
this is only 1 forum.

#3 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:11:50 AM

Posted 21 March 2007 - 10:20 AM

Yes, most people don't even back up their important data, much less keep complete images.
Derfram
~~~~~~

#4 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 21 March 2007 - 10:58 AM

Unless I've been misunderstanding something, HijackThis was specifically designed for people that use Internet Explorer, to help them identify if their browser have been hijacked, thus the name HijackThis.

Even if people didn't make backups, or even make images or any of that,, it would be still good for them, as long as they didn't use Internet Explorer.

Although I have HijackThis on my computer, I hardly use it, and that's because I know what should be on my computer, and what shouldn't be. That part isn't hard for me to do. also, I don't touch Internet Explorer. It's a trojan haven, and 99%+ people that post in the HJT section... whether here, or any other site have the one thing in common, and that is that they all were using Internet Explorer. But unfortunately, that isn't enough to convince people to try another browser. Some people like what they like, and no matter what, they'll never try anything new.. whether it's proven to be safer or not.

But if you have HijackThis... it's ok... and if you don't use IE, then I see no need to even use HijackThis. Read the information on it from their site. It's self explanatory. HijackThis is good to have, just for GP (general purposes) but if you don't IE, then I wouldn't see a need for using it.

I'm not saying that it can't be used with Firefox, but again... I've never had a issue with having to use it, because I'm not putting myself in that position to need to have to use it.

It's not funny, but it's so disturbing how I see so many HJT logs every-single day. And the most reported problem is the Smitfraud-C Toolbar888, which I eradicated instantly, (I did use HJT, along with other tools) but the other tools found it as well, and they've helped me remove it. HJT just identified it,, which is good, but it couldn't remove it.

All in all, if you have HijackThis, that's good, and if you don't have it, it wouldn't hurt if you had it. You never know when you may need it.

#5 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 21 March 2007 - 12:57 PM

Hi walkman. Your posting is rather repetitive, but overall has put even more doubt in my mind. I have never been under the impression that hijack this was IE specific? If you are correct, then that puts another dimension on my views. Could I ask from what source you obtained that idea?

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:50 AM

Posted 21 March 2007 - 02:18 PM

HJT isn't IE specific, but most of the problems it's used to help fix, result from people using IE.
Firefox users will get fewer problems, because of it's use of Java applets ,instead of ActiveX controls.

It's not funny, but it's so disturbing how I see so many HJT logs every-single day. And the most reported problem is the Smitfraud-C Toolbar888, which I eradicated instantly, (I did use HJT, along with other tools) but the other tools found it as well, and they've helped me remove it. HJT just identified it,, which is good, but it couldn't remove it.

HijackThis is an ennumerator, not a removal tool.
It lists what is found in certain areas of the registry, or system files, in an easily accessible manner, so that those familiar with the use and reading of HijackThis logs, and windows programs, can determine what is infecting the machine, and how to remove it.
It will indeed remove the entries listed, but that does not cure the underlying problem.
The problem must be properly identified first, and cured, prior to removing the entries with HJT.
Otherwise, you leave the infection, and remove the keys which are needed to identify and remove it.

Removing entries in HJT before the problem is properly identified, and correct removal instructions posted, can make the problem undetectable to other detection and removal tools.
Hijack this should only be used to clean up the entries left behind, after you have properly removed the offending program, file, trojan, worm, hijacker, etc.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 JohnWho

JohnWho

    Who was running the store?


  • Members
  • 2,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Bay Area, Florida, USA

Posted 21 March 2007 - 03:53 PM

Moreover, tg1911 -

We should remember, that not all of these "nasties" come in to a person's computer through their browser at all, so Internet Explorer, or Firefox for that matter, aren't necessarily always the enabling program.

Downloads and email attachments, for example, can bring in problems, too.


I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!


#8 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 21 March 2007 - 05:31 PM

Within this statement here:

http://www.merijn.org/programs.php#hijackthis

HijackThis: A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with a lot of other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites.
As a result, false positives are imminent, and unless you are sure what you're doing, you should always consult with knowledgable folks before deleting anything.
A rudimentary HijackThis log tutorial by me is available here.
The official HijackThis QuickStart for posting on the SpywareInfo forums is available here.

there used to be a mention of it being used to detect hijacks within the IE browser. I've just now read that hijackThis has been sold to MicroTrend, and also the CWShredder. The word IE was removed from this statement. That, I specifically remember, without a doubt.

It's too bad we don't bookmark and save all pages for offline reading. But it was there.

I may never be able to prove it, but IE was the specific browser HijackThis was focused on, according to that link above, because that's what it said. I would only guess that the market for using it would be greater if the word IE, (or any bowser) was eliminated from the text.Buuttttt,,, it was there.


.... Oh well.....

#9 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:50 AM

Posted 21 March 2007 - 06:08 PM

HJT has a rather long---at least in Internet terms---and distinguished history; it may well be that you read it some time ago, Walkman, and because at that time IE was about all there was available, it was specifically mentioned. Recently, however, the advent of Mozilla and Firefox and its adoption by many users, the author may have deleted the earlier reference to IE.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#10 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 22 March 2007 - 12:43 AM

Thats OK , Walkman, these things do get changed over time. The earlier references seem to have been an IE smur campaign, however. There are so many, even now!
I am glad I have started this thread. It reveals some interesting points of view. Although, to date, noone supports my particular low view of the program. I still remain unconvinced. I will stick to my (qoute "dilligent") method - it works for me.

#11 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 22 March 2007 - 09:00 AM

jgweed, thanks for that post. I didn't think of it that way, and it makes sense too. I believe 3 months or so it was when I saw it.

uhaligani, if you have HijackThis, that's good, and even if you don't have it, it wouldn't hurt to have it anyway. You never know when you may need it. If you don't want to use it, I'd suggest a BHO list program, and a Startup list program, and a Autorun list program.

But HijackThis helps you understand what is loaded, when you see the id no#'s on each row. I learned it very quickly.

#12 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:50 AM

Posted 22 March 2007 - 10:06 AM

"On this particularly, and another site I frequent, the hijack forum is closed to other than experienced personnel in that program. On examination, the minimum which could be achieved, to eradicate a virus, would probably be a couple of days. I have on many instances seen this go for much more than that. Now. I realise there may be a learning process in this but is it worthwhile for the average user."

Several points come to mind.
First, since the HJT application has been around for quite a while, there is a large body of application-specific information about its use, not to mention a large body of analytical information and research.
Second, its use---or rather, the correct interpretive use---requires training and a grounding in Windows and the various techniques employed by malware.
Thus HJT is primarily useful to those experienced enough to use it.

Third, while the process may take some time, this is generally caused by both the method of using a forum (hardly a real-time process) to communicate, as well as the computer expertise of the originator of the log, not the HJT application itself.Moreover, while the log may be posted because of a particular problem, further analysis may find additional problems that also need to be resolved.
Fourth, the average user submits a log because of problems which neither anti-malware applications alone/ nor the user by himself can seem to solve. For the most part, the average user is not---nor should he be in fact---technically oriented.
Thus HJT is useful to provide the user with a tool and a method to seek help with difficulties.

Regards,
John

Edited by jgweed, 22 March 2007 - 10:10 AM.

Whereof one cannot speak, thereof one should be silent.

#13 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 22 March 2007 - 12:26 PM

I acknowledge your long posting, JG. -With all of which I am well acquainted. Unfortunately none of it addresses my point of view.

Edited by uhaligani, 22 March 2007 - 12:27 PM.


#14 JohnWho

JohnWho

    Who was running the store?


  • Members
  • 2,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Bay Area, Florida, USA

Posted 22 March 2007 - 04:00 PM

I am glad I have started this thread. It reveals some interesting points of view. Although, to date, noone supports my particular low view of the program. I still remain unconvinced. I will stick to my (qoute "dilligent") method - it works for me.



HiJackThis is mostly a diagnostic tool (Yeah, I know, it can remove some entries).

Many diagnostic tools are only needed if one is having some sort of problem. In my experience, if one never turns on their PC, they'll probably never need any of these diagnostic tools. Probably won't need an anti-virus program, or an anti-malware program, or even a firewall, now that I think about it.

The point - just because uhaligani, or someone else, doesn't see the need for a specific diagnostic tool, it doesn't mean that the tool isn't useful in some instances for others.

Consider how many people have had their systems "repaired", either on this board or another, through the use of HiJackThis. The program holds a lot of value to those people - much more, I suspect, than telling them that they should have been more diligent in how they used their PC.

Of course, that's just my opinion.


I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!


#15 Guest_uhaligani_*

Guest_uhaligani_*

  • Guests
  • OFFLINE
  •  

Posted 23 March 2007 - 01:04 AM

OK. I am outvoted but happy to have raised the question. Obviously, for the average user, it has a lot of use. Not one post of support of my lonely views!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users