This seems to be coming quite a fiasco on here in computing.net. Seems like everytime someone has a problem it is...POST A HIJACKTHIS scan please. It doesn't matter what the subject is. What I'm saying is, I think there are many straight forward solutions for alot of
these problems that don't have to consist of multi hijackthis reports. I even intervened on a few such posts and mentioned it could just be messenger pop-ups (which they were after about 5 different scans.) Jabuck is well respected for such scans, and now it seems like almost a free for all by some other memebers.

Does anyone feel that most of these problems have alternate solutions which if guided, most posters can work their way through a problem? Computing.net is a great place for help and sometimes the easy solutions are the best in my opinion. I myself have learned many great solutions here and it has helped me in helping other people. It's a great site wouldn't you all say?

Hopefully my advice will help you...Please post back with your results....thanks

HJT! is a great tool, but certainly not the only one. Much depends on the nature of the reported problem - I've no qualms about requesting a log, if I think it's warranted (and for OS's I'm familiar with).

Analyzing a typical XP log is going to be a lot of work - jabuck's been doing an outstanding job with them - others (perhaps)... not so much.

It seems a bit hopeless to request a log if there are other, simpler solutions - even more so if the request is made by someone who's enthusiasm might outweigh their expertise

{... not that I'm thinking of anyone in particular}

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true

Report Offensive Follow Up For Removal

Thanks for the feedback...i can only guess which one's outweigh...LOL
But like you said, Jabuck is doing a fine job, in fact, he once helped me with a huge problem I had.

Hopefully my advice will help you...Please post back with your results....thanks

Spyware is getting so complicated to remove that without some kind of idea as to what you are dealing with will make it impossible to help someone. Almost always Hijack This Provides that information and if an online up-to-date virus scan is also provided then normally unseen files can be identified.

Usually there is a sequence that needs to be followed if there are mutiple infections, certain tools to uncomplicate the removal process, and occasional minor registry edits that have to exercised. And usually it's just a matter of time before the computer is will not operate because most people wait until something is not functioning properly before they submit a post for help.

It doesn't take much to realize that a poster has Smitem when they describe the "X" in the toolbar or that they have "zlob" when they talk of multple .tmp files. But finding Look2Me or lop.com can get much more complicated.

While it may tick some people off to see these post, or see other try to learn how to help more often the help is appreciated. Just think, if know one ever tried to learn how to analyze these logs then eventually no one could, however, I do agree with jboy in that someone having to submit HT logs on another forum to get the correct responces(and, I'm not thinking of anyone in particular) should refrain from trying to help untill there skills are heightened somewhat. I would not want to deter them from learning on the other hand though.

And the only thing that ticks me off is the research time you invest in an attempt to help a poster then never get over one, maybe two responses. But, that comes with the territory.

Oh, exactly, the malware is getting to be extremely complex and HJT! is just *one* tool among the many that may be needed to affect a repair.

The lack of poster followup is discouraging, but as you say, that 'comes with the territory' (and remains one of the biggest complaints among forum regulars).

For someone wanting to gain experience, I'd suggest examining successful analyses to see what did require fixing, or analyze (at home) an ongoing one and then compare their results to the actual resolution.

It can be a lot of work, but also pretty educational

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true

Report Offensive Follow Up For Removal

Don't do anything yet...wait till I hear back from my friends, maybe in a few hours....LOL
I'm just making light of this guys

BUT, I do know that there are times when all else fails that hijackthis is the only option left. Even then, alot of times there will be nothing in the results so things become hit and miss. Just lots of thorough cleaning in hope to get rid of whatever parasite has crept into the PC.

Hopefully my advice will help you...Please post back with your results....thanks

I have no problems with the logs as long as the posting policy remains in place.I've visited some forums without this policy and half the logs are clean so they're just posting for the hell of it i guess.I will certainly plead guilty on a few occassions of trying to help out more than my knowledge or experience allows with these logs, but yes, i was just trying to help out as "Jabuck" has a life also and cannot be here to help all the time.I was hoping "Jabuck" would respond to this thread as he is the one who has taken on so much responsibility for helping with the logs and should be commended for it.Here!,Here!.Thanks "Jabuck".

Hello,

I agree. I have been sending PMs to the people who do that asking them to stop. If they don't, I will take other action.

Justin

It was real bad a couple of years ago when HJT was in it's infancy and everyone was posting logs with the comment "can you tell me if my computer is clean?"
They weren't having any problems, they were just scared/curious.
Now that was a PITA.

D4Dog
"beauty is in the eye of the beer-holder"

My monitor's on the blink. OK if I post a log?

DerekW

Sure thing "derek" letter rip. Post a log. Kidding here.

Alright guys, I'll ease off. I just finished a course/learning process here (got to sign up to go any further) and thought I knew something. Obviously, telling the difference between Wareout and a Bube infection wasn't part of it. It was recommended to me after a few phone calls but I may do some complaining as you can all understand my embarrasment. As you can all see, I'm pretty eager to figure some of this stuff out (anybody got any ideas besides watch forums? Jabuck?).

I'm going to dissappear for a while until I've got this stuff actually figured out rather than think I do and likely won't return though. I'd like to finish up the threads I'm working on before I go though if that's ok with you.

Sincerely,

Bloodhound114/noone in particular/ you know who/ just another shcmuck

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Consider your time spent here as part of your ongoing education - mistakes are how we learn.

You've been pretty active in a great many of the forums here - much more than your experience warrants, imo. Take that as you will, but your failure to realize your own limitations is, more than anything, what makes you 'a schmuck'

Tutorial here

Good luck (thanks for all the fish)

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true

Report Offensive Follow Up For Removal

Part of that courses was reading through these. I may have gave the wrong impression about them. I actually did learn a fair bit.

tutorial 1

tutorial 2

tutorial 3

tutorial 4

I do actually know how to read a hijack log and how Hijack this can be used. What my problem seems to be is how to deal with some of these harder infections.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Hmmmm, I couldn't learn too much from those links, sorry.

Hopefully my advice will help you...Please post back with your results....thanks

XpUser4Real,

bloodhound114 posted very bad links. He meant to post the followings:

Tutorial 1

Tutorial 2

Tutorial 3

Tutorial 4

IMO Merijn.org (tutorial 2 & jboy link in post 11) is the founder of HJT and only authoritative site to learn HJT. All other sites are wannabees.

i_XpUser

thanks for the correction on the links XpUser, I also tend to agree with that.

Hopefully my advice will help you...Please post back with your results....thanks

bloodhound114

Yep, quite understand your desire to learn.

Not sure whether you marked this post but one of your customers seems to be awaiting your attention:-

CLICK HERE

Perhaps you can take another look at it, or if you are not available I'll see if jaybuck can button it up.

DerekW

Easy Derek. I just got home from work. You posted three times on that thread by the time I prepared that response.

For some reason those four links were no good and it wasn't me that did that. Meh.

Anybody heard anything good about Geeks U?

Just for kicks and giggles I typed in "learn to read Hijack this" into Google.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Must be gremlins then.

So... you never bother to check them for functionality first? You managed to mess up a few others previously (but in a different way)

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true

Report Offensive Follow Up For Removal

I usually paste my HJT Log into Help2Go Detective and get an immediate automated reply. (www.help2go.com).
It's generally pretty good and picks up the more well known malware, plus a few more recommended procedures to improve performance.

Barrie,
I checked out that site and it seems more of a hassle than anything else.
Hi-Jack This analyzer
is real quick, free and a great help. Nothing to sign up for etc and right to the point.

Hopefully my advice will help you...Please post back with your results....thanks

Help2Go used to be fine to get the real baddies out of the way (then use the other more detailed German Analyzer).

Fairly recently Help2Go changed their format and I now agree that it is a hassle.

DerekW

Sure - the one Computing.Net links to (same as #20) is at least as accurate as 'bloodhound', and considerably faster (also with 80% less BS)

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true

Report Offensive Follow Up For Removal

Guys,

IMHO, the need for hijackthis and other
such programs can be eliminated in their
entirety by just investing a few dollars
and a few hours (days????) of your time
ONCE.

Assuming that you have one big Hard Drive,
what you do is:

1) Copy all of your DATA files (pictures,
Tax records, etc...) to DVD or to an
external Hard Drive.

2) Gather all of your programs CDs.

3) Slipstream SP2 via http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

4) Download all of the updates to SP2 in
one fell swoop from http://www.neowin.net/forum/index.php?showtopic=453272.

5) Use your Windows XP CD to partition your
Hard Drive into at LEAST 4 partitions.

C: for XP (10 Gigs)
D: for your proggies (10-15 Gigs)
E: for your Data files (3/4's of the balance
of the Hard Drive)
F: for your C's Ghost Image file (the last
1/4 of the balance of the Hard Drive).

6) You buy the CD only version of Norton's
Ghost 2003 for about $10-20 (check the net)

7) You re-install Windows XP, BUT with all
of your programs on the D: Drive. The only
exception are the few programs that INSIST
on being installed on the C: Drive.

What you accomplish is to have a C: Drive
that is as small as possible so that Ghost
2003 can make and restore the Image in as
short a time as possible. After that initial
investment in time, if something goes wrong
Virus, Spyware or Trojan-wise, you don't
have to spend HOURS trying to figure out
WHAT went wrong or HOW to fix it. You just
do a Ghost restore of your C: Drive and you
are home free.

FYI: My ancient AMD-K6 with 256 MB's of
PC-133 RAM, Windows 98SE, a 2500 MB C:
with 1250 MB of OS files makes a 680 MB
Image in about 7 minutes and restores in
about 3 Minutes.

My bud's Dell Inspiron B130 I set up has
a 760 MB Image and restores in about 1 and
a half minutes.

Bugs

Also an even easier way which involves spending $'s is to install deep-freeze, MUCH easier than Norton Ghost and not time consuming at all.

Hopefully my advice will help you...Please post back with your results....thanks

Continual HJT logs are the reason I've quit contributing on here.

It used to be that we were warned not to post a log until someone asked for it, now "Post a Log" is the first response to everything.

Personally HJT is a last resort!

_________________________
Embrace paranoia, they ARE out to get you!

you're right Martin...it SHOULD be a last resort...it's just that the posters continually ignore putting in Hijackthis logs...there must be a way for Justin to create a script that as soon as someone posts the log without request that the post gets rejected. That would certainly wake up the people that try to post HJT logs without permission.
AND, to top it all, the posters that get their posts cut have the nerve to put up a new post...what happened to my posts? Go figure!

Hopefully my advice will help you...Please post back with your results....thanks

XpUser4Real

Well, I suppose Justin could kill all logs if they are in the initial post. Otherwise it gets tricky because the form of a request for one will vary.

I don't have any hangup about a helper requesting a log quite soon in a post if he/she wishes to work that way. This is fine if it is from folk like jabuck who know what they are doing.

What started this post was that someone was asking for logs so that he could use computing.net as testing ground to gain security experience. Unfortunately this wasn't backed up with sufficient general computer experience and in one case he risked causing the poster additional problems.

We all have to learn but most potential helpers walk before they attempt running, answering simple questions in the early days rather than diving straight into HJT logs.

DerekW