 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
iceblue
Warrior Addict
Joined: 18 Jan 2004
Last Visit: 11 Apr 2006
Posts: 561
Location: Sydney
|
 Posted: Tue Apr 13, 2004 12:47 am Post subject: HijackThis intro |
 |
|
HijackThis – What it does > from scratch.
It is a fairly simple process to understand this aspect to start with.
A HijackThis scan produces a log that is categorised into 22 main areas of possible problems, and then adds a list of processes currently running on the computer, when the log is saved.
Put simply, HijackThis reads the registry and interprets the data,
and puts it into a form that we can read easily.
Try as I might, I won’t explain this better than mjc:
| Quote: |
Programs like HijackThis use a special area of Windows programming to gather the information.
These special, defined programming functions replace the use of Regedit. This allows HJT to read the registry and display the data in a readable format. (also they allow for the manipulation of that data).
Since the program is reading directly and then manipulating the the data it just read, removing offending items is usually safer than manually removing them. The same techniques are used by the dedicated killers like Spybot and AdAware, except they have their own databases of items to remove, HJT does not, it relies on manual identification. |
So it is really a straightforward operation, and not that mysterious really. 
Now I’m not saying the programming part of it was easy, as I’m sure it wasn’t. But I am saying, it was put into a pretty nifty little package, that makes it easy to identify and fix the registry keys that hijackers have altered.
...what it really means to 'fix' something with hijackthis....
| Quote: |
'Fix' in HT means 'revert to preset' for URLs, and 'remove/delete' for everything else.
Merijn |
‘Fixing’ something replaces the hijacker entry in the registry with a default or harmless entry. It changes the value of a registry key, or deletes the key.
HjT does all the registry editing for you, for all those areas that it covers,
but not for every area that every virus and exploit can get to.
It gives us a safe method and rapid method of disabling startups we don’t want;
and allows us to restore any changes we make, without wading manually through the registry all the time.
HjT lists all the startups straight from the registry [04 list] as well as the processes running in the background [running processes] and a whole heap of other stuff that can get hijacked or corrupted, that doesn’t get shown in msconfig or Task Manager.
It produces a text report that can easily be copied and pasted for anyone to look at, and with a fair bit of practice, anyone can start to work out where the problems are, (but it takes an expert to get it right all the time).
It has pretty much changed the way we look at the internal workings for our purposes.
Please remember, HijackThis is a simple but very powerful tool,
and always keep in mind, the program makes no difference between good or bad.
It just does what the user instructs it to do, no matter what the consequences might be.
| Quote: |
"Fix checked" isn't about "good or bad" items.
It's simply about removing or fixing the items you checked, so you're the one having to judge what needs to stay or what needs to be removed. Tony Klein |
One part of the beauty of Merijin’s great program is that it allows for an interested but non technical helper to become proficient in log reading and problem fixing, without having an expert level understanding of an OS or the registry. The more you do understand of these, the better you get at logwork, and the more confident you get overall. HjT is purely the best tool available right now to analyse the registry for all known types of malware.
A startuplist produces a log that includes a lot more than a normal scan log,
and from this we know that HjT scans a few files: Hosts file, Control.ini, Win.ini and System.ini and other startup points.
>>>>>>>
I liked the way it was put here by Tom41:
| Quote: |
"HijackThis is a powerful diagnostic/editing tool and this is exactly why it should be used in the first instance rather than as a last resort. Many hours of effort could be wasted otherwise guessing at a solution when a glance at the Hijack log can identify the problem immediately.
There is no secret to interpreting a log. It is just a matter of identifying each program listed and making sure that all is as it should be.
HT is also effective in the removal of worms and trojans. Can every AV program remove every worm or trojan? Most can't because it's running.
Why not simply use HT to easily remove the registry entries,
then reboot and delete the files?
Isn't that safer than manual registry editing?"... |
HijackThis Tutorials :
http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html
http://hjt.wizardsofwebsites.com/
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)
http://computercops.biz/HijackThis.html
http://www.netstar.me.uk/hjt/hjt.html
BleepingComputer for comprehensive tutorial coverage.
_________________
 Travel safely ! |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
