Link to home
Start Free TrialLog in
Avatar of COBOLdinosaur
COBOLdinosaurFlag for Canada

asked on

Instructions regarding the handling of HIJACK THIS! logs

1.  Questioners DO NOT post a Hijack This! log unless you are requested to do so by the expert assisting you.

2.  If a Hijack This! log is posted as a question it will be removed from the question and you will be asked to describe the problem first.

3.  Experts DO NOT request the posting of the logs except as a last resort. Under no circumstances should the request be made if the log has not been analyzed at http://www.hijackthis.de/index.php?langselect=english or some alternate analysis site.

4. When it is necessary to have the log posted, notify me by email when you are finished with it so I can remove it from the thread.  If there are elements of the comment that need to be retained, then indicate what they are, and I will keep them in the comments.


There are already many of these logs in te PAQ that should be removed.  If you email me the links where they need to be cleaned out, I will take care of it as time permits.

I do not have authority to cleanup topic areas outside of my assign TAs. The instructions posted here are what I need for THIS topic.  Other editors may use slightly different methods to suit local needs.  I appreciate the co-operation and continued support in dealing with reducing the bloated mess that has been going into the PAQ.

One final thing I cannot be everywhere at once.  To get the mess cleaned up we all need to be part of the solution.  I am an email away.  If there is a problem with another member (questioner or expert) over this policy, let me know rather then getting into a debate in the threads.  This needs to be a team effort.

COBOLdinosaur
Page Editor, Browser Issues
Avatar of Asta Cu
Asta Cu
Flag of United States of America image

Excellent information, Cd&, thanks so much.  Thanks also for the excellent resource you compiled for us all to point to for Spyware/Malware and Malicious BHOs here:
https://www.experts-exchange.com/questions/20975384/Standard-response-material-re-Spyware-Adware-BHOs-and-other-Malware.html

Also a prerequisite to everyone should be to use a good Viruscan Program with updated virus definition files to scan all drives/files prior to taking all these other actions.

Feel free to edit/delete this just thought this might help, and hope you can keep this at the top of the TA, though uncleaer how.

":0) Asta
Either users have not seen this question or have not understood what has been told  and same with respect to experts.
I can understand that not every person could have seen this to start following it .  I do see some questions that come with hijackthis log ..

I would think we should tell everyone this

a) Donot post the hijackthis log before attempting to work on other spyware tools like Spybot , Ad-aware and others

b) Post the exe or other files that the analyser website says it doesnot know.

c) And most importantly , if experts are allowed to screen and report the bad ones in the hijacthis log , if posted by the user in the question to start with , Ask the experts NOT to analyze and report back .. If experts are advised to do so , then every user is going to post the log in the question no matter what the situation is . Experts in their first comment seeing the hijackthis log , should either ask the user to try the analyser website or if the user has already tried , ask for the files that the analyser doesnot know.

d) With so many hijackthis log coming up each day , there can be situations were the analyzer website might say a good file wrong. Experts should be able to figure out that or for that matter even an user can get that..

Bottomline of my point is if experts start analyzing the log and posting the bad ones, if they see the users log in the question itself , it would not solve our purpose here
This is excellent and gives a general "HijackThis" tutorial.... Interesting that they're asking that the Logs, if requested, be attached as txt files.
http://forums.majorgeeks.com/showthread.php?t=38752
After clearing cache, history and autocomplete items, check your settings as follows within IE .... directly from IE Help file.
To adjust AutoComplete settings
You can configure AutoComplete to save and suggest only the information you want. You can choose whether to use AutoComplete for Web addresses, forms, and passwords, or not use it all. You can also clear the history for any of these.
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Content tab.
Under Personal information, click AutoComplete.
Select the check boxes for the AutoComplete options you want to use.
Another hijackthis tutorial here:
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
It's more towards "how to clean it yourself" so personally I like it..

LucF
More current version of HijackThis here:
v1.98.2 from here
http://tools.radiosplace.com/HijackThis.exe
And I guess this is the "official" HijackThis Tutorial:

http://www.spywareinfo.com/~merijn/htlogtutorial.html
Avatar of COBOLdinosaur

ASKER

Good link Lee.  Thanks. :^)

Cd&
ASKER CERTIFIED SOLUTION
Avatar of COBOLdinosaur
COBOLdinosaur
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Cd&,

For your information:
As far as I've seen during cleanup only questions with no comments or with only administrative comments are captured by the "Autodeleter"

Just like it's supposed to do IMO.
https://www.experts-exchange.com/help.jsp#hi201

LucF
Better safe than sorry. ;^)

Cd&
Cd&,

Do not worry, I am skipping this question in Cleanup even if it has no comments in last 21 days :)

Venabili
I point to this question frequently in various TAs to provide guidande on minimizing the LOG CLUTTER, so appreciate keeping it active.
":0) Asta
Avatar of jboz24
jboz24

I don't understand why your site is against the use of HijackThis logs in the forums.  As this is an escalating issue, perhaps we should create a new forum to deal with these problems.  You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log.  

I also think that you should be very careful with multiple people making suggestions for specific issues.  I have already seen many situations where so-called "Experts" are requesting the poster to disable System Restore prior to making the fix.  This is probably the most destructive thing a person can do.  If the member follows an incorrect instruction, they now have NOTHING to restore back to.  An infected restore point is MUCH better than NO restore point.  All restore points should be cleaned once the infection has been successfully cleared.

Just my $0.02
If you want to post logs on your site go right ahead.  The threads on this site are a public repostory, and the log have Zero value as archived material. Most busy forums no longer allow the posting of HJT logs.

>>>You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log.

You must be right. I'm most certain that your analyais in the 4 and a half  hours you have been a member is much more compelling than the debate among experts specializing in the logs; who decided they should not be posted on EE.  I will have to get an email off to the top-experts to let them know that jboz24, wants the rule changed, and I sure they will convene a meeting at the highest level to get that done.

Cd&
First, the logs have a lot of value especially to experts who are researching a fix.  Being able to specifically query on a particular entry and match it to existing fixes is invaluable.  In the forums that I normally reside, we have quite a few members that follow existing posts to research their particular problems and solve the issue on their own.

Second, rather than discounting the length of my membership, perhaps you should actually READ my post and its suggestion.  I'm not suggesting re-writing the rules but creating a separate sub-forum to deal with this escalating problem.  You have a lot of experts on the web that are willing to provide their expertise.  If you wish to push them away from this forum with witty sarcasm, that is fine.  I'm merely making a suggestion, hence the "Just my $0.02" moniker at the end of the post.

(Third) As for this statement, "You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log."

I was only stating that most experts (from other sites) that deal with spyware/malware/trojan issues like to deal with these issues without having to click on multiple links in order to access the information and post instructions to fix the particular infection.  I wasn't making assumptions about your site as, yes, I have only been a "REGISTERED" user for a couple of hours.  

As an expert in the field of spyware/malware, I do have considerable experience in fixing individuals computers.  In my "four" hours of viewing time, I have seen many incorrect statements on how to address a particular problem.  That being said, I don't wish to see anyone have to re-format their computer due to bad advice.

I'm willing to share my expertise and simply made a suggestion -- please take it as such -- as suggestion.  If suggestions for the development of this site are discouraged, my bad.

You will forgive my intrusion, but I did start this ... in a sense:

https://www.experts-exchange.com/questions/21426310/Smitfraud-Virus.html

EE not being a (HJT) log analyser forum, perhaps jboz24 expert time should be spent on those specialysed forums and websites?

But, don't misunderstand me, we do need good experts around here!

We just don't need the clutter of HJT logs.

Zee
Blue_zee -- you're not the only one. I was referred here on a second thread as well.  Being new, I was unaware of the HijackThis log rule so I was provided this link from another member as well.  

To all -- In the short time that I've had to view this site, it seems that providing a subforum for intrusion related issues may be necessary.  There are many security professionals that are having to deal with an escalating problem of removing spyware off of employee's computers.  By providing a sub-forum, we can publish known fixes for various issues and keep them organized.  Although most of the spyware sites have these fixes, they are usually only available to those registered as spyware "trainee's" and above on the sites.

Many of these issues have a specific sequence to removing the malware (see my post for Smitfraud -- https://www.experts-exchange.com/questions/21426310/Smitfraud-Virus.html) from the system otherwise the virus will mutate and re-establish itself.

The value of keeping the HijackThis logs along with the instructions is that you can search on older entries to discern exactly which infections are affecting your system.  For security folks, knowing what you are fighting is a HUGE part of the battle.

If I'm off-topic with all of this, I apologize.  But this seems to be a knowledge base for many computer related issues of which this (spyware) is becoming a larger component.  At Interop, there were many vendors releasing enterprise solutions that specifically targeted spyware so I don't feel that I'm completely crazy in suggesting this.  Money and time are being spent on this problem and it is continuing to grow.  

I feel that I've made a decent case so I won't beat a dead horse any further.  Hopefully, any further criticism is garnered constructively.
COBOLdinosaur,

I was referred to this link by another member (blue_zee) of the site.  I was unaware of the purpose of this forum.

" This isn't high school, and you will find some of us take what happens on th esite very seriously"

I'm an IT pro in the business for many years, please do not assume that I am some "script kiddie" looking to start a useless arguement.  I made a suggestion -- you obviously disagee.  No need for the continued petty comments.

I take my job and my comments seriously and I have written them respectfully and tactfully.  I appreciate the information for the other links -- I will check them out.  
>>>I'm an IT pro in the business for many years, please do not assume that I am some "script kiddie" looking to start a useless arguement.

I am not assuming anything about you.  Your profile is a blank page.  I deal with hundreds of people on this site everyday.  Some I know very well, some I know what they have posted in their profile and some are a blank page.  I prefer to gear my comments to the person I'm addressing them to.  How do you communicate with a blank page all I have is the impressions I pick up from the few posts they have made.  

there has been no introduction.

Hi, I'm COBOLdinosaur i'm and arrogant, opinionated, heavy weight on the site.  I'm page editor for 9 topic, a former MOderator, and former member of the Expert Advisory Board the help guide the site out of bankruptcy.  I'm 24th on the all time experts Hall of fame. I'm ranked in 9 topics, certified in 6 and the number on expert 3 and I'm15th in total number of questions answered.

I make a living doing custom servers, db design, security architecture primariy on mainframe class computer doing OLTP  on secure private networks; in the technology division of an insurance company. Clients are primarily in Government, health Care, and financial services.  Been dong it for 40 years.

So who ar you? ;^)

Cd&
I'm jboz24 -- I like to help people, make suggestions, and welcome constructive criticism.  I've been an employee in the private sector for over 15 years including networking, database development, security, web design, unix admin, and some mainframe (yes, I've programmed COBOL!).  I've also formerly owned my own business building custom boxes for home PC use.

Recently, I've become heavily involved in R&D and troubleshooting with many of the spyware sites which has become my primary focus.  My main specialty is debugging many registry issue, primary with XP Pro.  Hence, why I have come to this site in order to help out on those posts that I have commented on and subsequently ended up here.

I have moderated on two boards, developed real time trading models for a Fortune 500 company (Goldman Sachs), and I'm also employed by one of the largest insurance carriers in the country.

Perhaps I'll add this to my profile -- you could at least have given me another hour ;-)
You might be just thick-skinned enough to survive the slings and arrows of the EE user.  hang on tight it can be a wild ride.  If you like to help, you will find this site is Disneyland for the ego, and more fun than hitting a home run in Yankee Stadium.

Cd&
":0)  Well said, Cd& .... Asta