Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I am a computer professional and I am concerned at the growing trend for people to post there HijackThis logs on these forums. My concern is that searching for a running process in google for example results in pages and pages of forums with HijackThis logs rather than being able to find the file manufacturers information. I don’t know if anyone else is experiencing this problem but in the last 6 months it’s become a nightmare with the overwhelming amount of Trojans and Spyware etc about people are posting logs everywhere trying to find a fix and creating a new problem as a result. Any comments??
Well, I'll agree to one thing that has been said here before, it has become an abused tool. There has definately been a surge of viruses and trojans running about and it indeed is resulting in a flood of logs.
I myself do not use Google to find any processes unless they cannot be found in the many lists I use to check the logs, not so much because of only finding more logs, but more because it seems to only bring many irrelevant topics.
I think HijackThis is a great tool, but judging by some logs I have come across, I'm worried that it may become a situation where the people who don't properly protect themselves just throw a log out at someone and hope they can get out of a jam instead of preventing the jam in the first place.
I'm disturbed at some of the logs I see, it is very clear that many still are not using antivirus or firewalls. Nor do they have any programs that would take care of 98% of their spyware problems, such as Ad-Aware and Spybot. Not to mention the fact that a lot do not even have spyware-preventing products such as Spyware Guard, all of which can be had for free.
Here in these forums it is required to have run Ad-Aware and Spybot, and to have said so in a post before a HijackThis log can be posted. Some follow the rules, some don't.
0 
Brian,
I have to agree this is a very unwanted side effect of the parasite explosion.Googling for specific file info has become more than a chore, its a massive waste of resources. It's hard to blame individual users for this - they seek only an individual solution - but en masse it's in the millions. It's identical to the motor vehicle situation - great for individuals & crap for the environment we use.
For individual googlers like us, I don't see a solution until HjT becomes fully automated AND a search engine like Google options up a log filter to screen log items out of a search.
Till then can we offer up any of our knowledge of dedicated file sites to help out? or help out with a specific file?
[ systec.exe is one I am still looking for if anyone knows of it?]
hth
Ice
0
Mr Edwards, your very first 5 words of your post seem to sum up the situation nicely....."I am a computer professional..."
Well, I am not, and although I tend to agree that there are many H.J. logs appearing, I guess you could sum it up by saying that many users are not "computer professionals", as you call yourself.I have recommended from the start, a seperate forum entirely devoted to H.T. logs. If you are annoyed by them, then obviously you don't have to click on the forum, DUH!!
I guess, until we all become as professional as you claim to be, there will always be Hijack This logs appearing in the forum.
It seems to me that you should count your blessings that you are a pro, but many people are not - myself included. I am sure many users like myself are reading them, and trying to learn the good from the bad, but there is quite a bit to absorb.
Someday, I hope to call myself a professional too; but I forsee that to be quite a distance away. But at least I posess the willingness to learn, and that is why I read all of the posts, including the H.T. logs - to learn.
~Tommyo
0
Being affiliated with Lavasoft, I guess I'm seeing this from a different perspective. Every day I see logfiles posted here that are posted by people who have obviously not used the recommended method of cleaning up their computers with Ad-aware or Spybot before posting a HJT log. I'm seeing tons of junk that could easily be cleaned up with a full Ad-aware scan with updated ref files (I can't speak for Spybot). Granted, some of these things are constantly morphing and some new variants may not be detected until a HJT scan is run. It seems to me that it would be easier for the HJT experts to sort through these logfiles if they were cleaned of the known junk beforehand. If there was some way the new garbage could be submitted to Lavasoft or whichever program was used before HJT, it would help everyone keep their computers free of this garbage. That's one of the main ways that these programs keep up with the junk - users submitting files. Just my two cents (or one cent). I guess the same applies to a trojan or antivirus scan. A large percentage of this stuff isn't new and is easily cleaned off with free, easily available programs.
0
Iceblue, a Google search for systec.exe brought up not one result. Very uncommon for google. None of my tool lists brought it up either.
Here is a nice place to see the different Windows processes and applications Windows Task Library I couldn't find it here either.
0
Amen mamabear, I see these same logs. As said before, I often don't even see antivirus being used, much less Ad-Aware or Spybot.
0
Excellent point, mamabear. I'm so far lucky; I haven't yet come into any contact with some of that crap that is invading some people's 'puter. You are most correct to say that if more people used common sense in their surfing habits, and installed Adaware, Spybot S&D, and SpywareBlaster, there would definately be less problems, and thus less H.T. logs.
In re-reading my post above, I was maybe a little harsh with Mr. Edwards post - it's just that the impression that he presented was of a know-it-all, and some people appear stupid compared to him......if I offended Mr. Edwards, or anyone, I certainly apologize.
Just my (three?) cents worth.....
~Tommyo
0
Fully agree on all counts, mamabear.
There is also the vast proliferation of forums contributing to the pile of information that Google accesses, as well as the infinite no. of support sites and commentary sites and blogs. Most of these store and rehash the same old info.
And remember that Google only scans the first 100K of any site for it's info retrieval - imagine how much is really out there.....
I have noticed that the hits are highest for the more common files affected by parasites, eg svchost.exe and much less for unaffected files like certsvc.exe;
so searching for elusive files still is quite easy in terms of sifting the results.And frankly, there are other factors like the manufacturers simply not releasing info on their component file sets, or not ensuring it gets enough placement to be picked up. All their pertinent info should be on their websites - you shouldn't have to trawl the e-oceans looking for it.
This is looking more and more like a shoot the HjT messenger job. The problem is the parasite explosion, not the universally acclaimed free program that identifies them. (jumps of the soapbox, lol)
and dw,
outside of TC, the only hit I get for systec.exe is the :"Your search - systec.exe - did not match any documents."
Ice
0
Software and hardware manufacturers are continuously working toward the laudable goal of making computers and systems easier to use. However, computers and the software that runs on them is still not, nor probably ever will be, bullet proof. What this means is that users simply have to learn how to use their own computers. Most times I sympathize with novice users, because I used to be one too, as all of us once were, and deeply appreciated the help I got. That's why I enjoy visiting these forums to help pay back for the help I got, and still get help sometines myself. My knowledge comes from years of training and experience, and no one can be expected to learn what I know overnight, and for the average user, they shouldn't have too.
But what I see way too often, is "willful" ignorance and an unwillingness to learn the most basics computer usage skills. And maybe the manufactures and developers are partly to blame. They always tell you their stuff is easy to use, not that it has better learning curve. But there're users who don't even know how to manipulate files and folders, they don't understand browsing the directory structure, and worst of all, they don't even know how to use the help files that come with almost every piece of software and operating system that would answer 90% of their questions. There is simply no excuse for this. If I buy a riding lawnmower, I'm expected to be smart enough read the manual and know how to operate it, because if I don't then no one is going to be very sympathetic if I accidently cut off my own fingers.
But then who is really to blame? Like fish to bait, the masses are attracted to flashier websites with interactive content fucntions, while unknown to most the scripting languages that make those cool features possible creates vuneralbilities that allow unscrupolous websites to royally screw up your computer. So what do we do?
That's getting off the point, maybe, and for that I apologize, but yes, we with viruses and adware and spyware and malware and just about everything else flying out around there, the masses need to be aware that there are three essentials (ESSENTIALS, I tell you, ESSENTIALS) that they need to help keep their systems healthy and help reduce what is become an all too common variable in troubleshooting:
Computers must have-
1. Antivirus protection.
2. Adware/Spyware protection and/or cleanup capability.
3. A firewall.
They are almost as necessary as a keyboard and mouse. I would have listed Common Sense, but it's such common sense to need Common Sense, Common Sense says it goes without saying.
-Exit Stage Left
0
nodsnods
You do get all types in here, as it is a generalist forum, rather than a specialist or graduate level forum. There might be several hundred thousand users who don't put the effort in, and that can get a tad annoying.
But for every one of those, there is a million children, grandma's and pa's, teens and pre-teens, retirees, inexperienced people of all ages and zillions of new users. They are all learning as we are. Mostly they are innocent victims of the process.
The aim is to help all comers no matter what their background and experience. They come here for help and we provide it.It is bloody hard sometimes, not to feel the critiscism rising, when it is bloody obvious that particular user is incompetent.
But no-one posts their demographics along with their problem. That user might be disabled, or young, or slow, or in rehabilitation for all we know. It's the quality of advice that counts from our end, rather than the competence of the user.I get inspiration wherever I can find it and someone who has been here longer than I wrote this up,
which struck a chord with me:
from Computing.net security post #8629QUOTE
"Where did u learn all this and what made u decide to help me?"
“I learned from others at forums like this,
some links, and info at the homepage.
When I came here, I did not know how to
copy and paste. Helping others, I learn
something new every day.Why I helped you? because you helped me
give you the help you needed.
Others had the same problem, I just had
to search for it. I wish I could help
each and everyone here, but it takes too
much time.
That's why I made those prevention links,
these problems can be avoided. “UNQUOTE
It’s good stuff and good for the soul.
hth
Ice
0
Logfile of HijackThis v1.97.7
Scan saved at 3:11:03 PM, on 1/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Winamp3\Studio.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Earth_2\Desktop\Earth's Stuff\Other Stuff\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxycfg.marketscore.com/gencfg.asp?id1=aHQ7WGvqNh6&id2=U220btwUq5f&lp=1&nsv=5.2.4.3
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\System32\ipinsigt.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O2 - BHO: (no name) - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v11\NE.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\msbb.exe
O4 - HKLM\..\Run: [ISD] C:\WINDOWS\ISD.exe
O4 - HKLM\..\Run: [msc] C:\Documents and Settings\Earth_2\Desktop\bluedeath\
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKCU\..\Run: [OSSProxy] C:\WINDOWS\System32\ossproxy.exe
O4 - HKCU\..\Run: [NSCheck] C:\WINDOWS\System32\nscheck.exe /check
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\RunOnce: [My Search Bar Installer] "C:\Program Files\MyWay\myBar\s4Setp.exe" /r
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global User Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.searchalot.com/search.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.searchalot.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.lyricsdomain.com/download.mp3.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://usa-download.nocreditcard.com/download/newdial-erp/2645/dialer.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {47F946A1-6E7A-D03B-71FF-666ACCFD91A0} (DownloadUL Class) - http://public.searchbarcash.com/cab/025/ortmzovf.cab
O16 - DPF: {6180ADE2-084F-B0E8-8C0F-150845BF1B73} (DownloadUL Class) - http://public.searchbarcash.com/cab/014/wkzgcnny.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1.60-big/GoogleNav.cab
O16 - DPF: {72A58725-2635-4725-8C53-676DFD1FEB8D} (ZeroPopUp Bar) - http://www.znext.com/searchbar/zp.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} - http://www.commonname.com/eng/oneclick/uninstbb.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37987.9759953704
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search3/install/XupiterToolbarLoader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/action/NSupd9x.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/allbeautifulgirls.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_7.cab
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
