Solved

Instructions regarding the handling of HIJACK THIS! logs

Posted on 2004-09-29
26
823 Views
Last Modified: 2008-03-04
1.  Questioners DO NOT post a Hijack This! log unless you are requested to do so by the expert assisting you.

2.  If a Hijack This! log is posted as a question it will be removed from the question and you will be asked to describe the problem first.

3.  Experts DO NOT request the posting of the logs except as a last resort. Under no circumstances should the request be made if the log has not been analyzed at http://www.hijackthis.de/index.php?langselect=english or some alternate analysis site.

4. When it is necessary to have the log posted, notify me by email when you are finished with it so I can remove it from the thread.  If there are elements of the comment that need to be retained, then indicate what they are, and I will keep them in the comments.


There are already many of these logs in te PAQ that should be removed.  If you email me the links where they need to be cleaned out, I will take care of it as time permits.

I do not have authority to cleanup topic areas outside of my assign TAs. The instructions posted here are what I need for THIS topic.  Other editors may use slightly different methods to suit local needs.  I appreciate the co-operation and continued support in dealing with reducing the bloated mess that has been going into the PAQ.

One final thing I cannot be everywhere at once.  To get the mess cleaned up we all need to be part of the solution.  I am an email away.  If there is a problem with another member (questioner or expert) over this policy, let me know rather then getting into a debate in the threads.  This needs to be a team effort.

COBOLdinosaur
Page Editor, Browser Issues
0
Comment
Question by:COBOLdinosaur
  • 6
  • 6
  • 5
  • +6
26 Comments
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12205543
Excellent information, Cd&, thanks so much.  Thanks also for the excellent resource you compiled for us all to point to for Spyware/Malware and Malicious BHOs here:
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

Also a prerequisite to everyone should be to use a good Viruscan Program with updated virus definition files to scan all drives/files prior to taking all these other actions.

Feel free to edit/delete this just thought this might help, and hope you can keep this at the top of the TA, though uncleaer how.

":0) Asta
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12206887
Either users have not seen this question or have not understood what has been told  and same with respect to experts.
I can understand that not every person could have seen this to start following it .  I do see some questions that come with hijackthis log ..

I would think we should tell everyone this

a) Donot post the hijackthis log before attempting to work on other spyware tools like Spybot , Ad-aware and others

b) Post the exe or other files that the analyser website says it doesnot know.

c) And most importantly , if experts are allowed to screen and report the bad ones in the hijacthis log , if posted by the user in the question to start with , Ask the experts NOT to analyze and report back .. If experts are advised to do so , then every user is going to post the log in the question no matter what the situation is . Experts in their first comment seeing the hijackthis log , should either ask the user to try the analyser website or if the user has already tried , ask for the files that the analyser doesnot know.

d) With so many hijackthis log coming up each day , there can be situations were the analyzer website might say a good file wrong. Experts should be able to figure out that or for that matter even an user can get that..

Bottomline of my point is if experts start analyzing the log and posting the bad ones, if they see the users log in the question itself , it would not solve our purpose here
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12222497
This is excellent and gives a general "HijackThis" tutorial.... Interesting that they're asking that the Logs, if requested, be attached as txt files.
http://forums.majorgeeks.com/showthread.php?t=38752
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12297975
After clearing cache, history and autocomplete items, check your settings as follows within IE .... directly from IE Help file.
To adjust AutoComplete settings
You can configure AutoComplete to save and suggest only the information you want. You can choose whether to use AutoComplete for Web addresses, forms, and passwords, or not use it all. You can also clear the history for any of these.
In Internet Explorer, on the Tools menu, click Internet Options.
Click the Content tab.
Under Personal information, click AutoComplete.
Select the check boxes for the AutoComplete options you want to use.
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12298729
Another hijackthis tutorial here:
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
It's more towards "how to clean it yourself" so personally I like it..

LucF
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12377379
More current version of HijackThis here:
v1.98.2 from here
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 12377385
And I guess this is the "official" HijackThis Tutorial:

http://www.spywareinfo.com/~merijn/htlogtutorial.html
0
 
LVL 53

Author Comment

by:COBOLdinosaur
ID: 12388450
Good link Lee.  Thanks. :^)

Cd&
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 0 total points
ID: 12787435
ping to keep tha autodelete away
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12787519
Cd&,

For your information:
As far as I've seen during cleanup only questions with no comments or with only administrative comments are captured by the "Autodeleter"

Just like it's supposed to do IMO.
http://www.experts-exchange.com/help.jsp#hi201

LucF
0
 
LVL 53

Author Comment

by:COBOLdinosaur
ID: 12788514
Better safe than sorry. ;^)

Cd&
0
 
LVL 32

Expert Comment

by:Luc Franken
ID: 12790815
:)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 20

Expert Comment

by:Venabili
ID: 12793506
Cd&,

Do not worry, I am skipping this question in Cleanup even if it has no comments in last 21 days :)

Venabili
0
 
LVL 35

Expert Comment

by:Nick Sui
ID: 12983082
Yeah
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12997965
I point to this question frequently in various TAs to provide guidande on minimizing the LOG CLUTTER, so appreciate keeping it active.
":0) Asta
0
 
LVL 1

Expert Comment

by:jboz24
ID: 14114202
I don't understand why your site is against the use of HijackThis logs in the forums.  As this is an escalating issue, perhaps we should create a new forum to deal with these problems.  You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log.  

I also think that you should be very careful with multiple people making suggestions for specific issues.  I have already seen many situations where so-called "Experts" are requesting the poster to disable System Restore prior to making the fix.  This is probably the most destructive thing a person can do.  If the member follows an incorrect instruction, they now have NOTHING to restore back to.  An infected restore point is MUCH better than NO restore point.  All restore points should be cleaned once the infection has been successfully cleared.

Just my $0.02
0
 
LVL 53

Author Comment

by:COBOLdinosaur
ID: 14114429
If you want to post logs on your site go right ahead.  The threads on this site are a public repostory, and the log have Zero value as archived material. Most busy forums no longer allow the posting of HJT logs.

>>>You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log.

You must be right. I'm most certain that your analyais in the 4 and a half  hours you have been a member is much more compelling than the debate among experts specializing in the logs; who decided they should not be posted on EE.  I will have to get an email off to the top-experts to let them know that jboz24, wants the rule changed, and I sure they will convene a meeting at the highest level to get that done.

Cd&
0
 
LVL 1

Expert Comment

by:jboz24
ID: 14114689
First, the logs have a lot of value especially to experts who are researching a fix.  Being able to specifically query on a particular entry and match it to existing fixes is invaluable.  In the forums that I normally reside, we have quite a few members that follow existing posts to research their particular problems and solve the issue on their own.

Second, rather than discounting the length of my membership, perhaps you should actually READ my post and its suggestion.  I'm not suggesting re-writing the rules but creating a separate sub-forum to deal with this escalating problem.  You have a lot of experts on the web that are willing to provide their expertise.  If you wish to push them away from this forum with witty sarcasm, that is fine.  I'm merely making a suggestion, hence the "Just my $0.02" moniker at the end of the post.

(Third) As for this statement, "You have experts that want to deal with these problems in a straight-forward manner and don't want to click on multiple links to get to the log."

I was only stating that most experts (from other sites) that deal with spyware/malware/trojan issues like to deal with these issues without having to click on multiple links in order to access the information and post instructions to fix the particular infection.  I wasn't making assumptions about your site as, yes, I have only been a "REGISTERED" user for a couple of hours.  

As an expert in the field of spyware/malware, I do have considerable experience in fixing individuals computers.  In my "four" hours of viewing time, I have seen many incorrect statements on how to address a particular problem.  That being said, I don't wish to see anyone have to re-format their computer due to bad advice.

I'm willing to share my expertise and simply made a suggestion -- please take it as such -- as suggestion.  If suggestions for the development of this site are discouraged, my bad.
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 14114917

You will forgive my intrusion, but I did start this ... in a sense:

http://www.experts-exchange.com/Security/Bugs_Alerts/Q_21426310.html

EE not being a (HJT) log analyser forum, perhaps jboz24 expert time should be spent on those specialysed forums and websites?

But, don't misunderstand me, we do need good experts around here!

We just don't need the clutter of HJT logs.

Zee
0
 
LVL 1

Expert Comment

by:jboz24
ID: 14115475
Blue_zee -- you're not the only one. I was referred here on a second thread as well.  Being new, I was unaware of the HijackThis log rule so I was provided this link from another member as well.  

To all -- In the short time that I've had to view this site, it seems that providing a subforum for intrusion related issues may be necessary.  There are many security professionals that are having to deal with an escalating problem of removing spyware off of employee's computers.  By providing a sub-forum, we can publish known fixes for various issues and keep them organized.  Although most of the spyware sites have these fixes, they are usually only available to those registered as spyware "trainee's" and above on the sites.

Many of these issues have a specific sequence to removing the malware (see my post for Smitfraud -- http://www.experts-exchange.com/Security/Bugs_Alerts/Q_21426310.html) from the system otherwise the virus will mutate and re-establish itself.

The value of keeping the HijackThis logs along with the instructions is that you can search on older entries to discern exactly which infections are affecting your system.  For security folks, knowing what you are fighting is a HUGE part of the battle.

If I'm off-topic with all of this, I apologize.  But this seems to be a knowledge base for many computer related issues of which this (spyware) is becoming a larger component.  At Interop, there were many vendors releasing enterprise solutions that specifically targeted spyware so I don't feel that I'm completely crazy in suggesting this.  Money and time are being spent on this problem and it is continuing to grow.  

I feel that I've made a decent case so I won't beat a dead horse any further.  Hopefully, any further criticism is garnered constructively.
0
 
LVL 1

Expert Comment

by:jboz24
ID: 14116163
COBOLdinosaur,

I was referred to this link by another member (blue_zee) of the site.  I was unaware of the purpose of this forum.

" This isn't high school, and you will find some of us take what happens on th esite very seriously"

I'm an IT pro in the business for many years, please do not assume that I am some "script kiddie" looking to start a useless arguement.  I made a suggestion -- you obviously disagee.  No need for the continued petty comments.

I take my job and my comments seriously and I have written them respectfully and tactfully.  I appreciate the information for the other links -- I will check them out.  
0
 
LVL 53

Author Comment

by:COBOLdinosaur
ID: 14116782
>>>I'm an IT pro in the business for many years, please do not assume that I am some "script kiddie" looking to start a useless arguement.

I am not assuming anything about you.  Your profile is a blank page.  I deal with hundreds of people on this site everyday.  Some I know very well, some I know what they have posted in their profile and some are a blank page.  I prefer to gear my comments to the person I'm addressing them to.  How do you communicate with a blank page all I have is the impressions I pick up from the few posts they have made.  

there has been no introduction.

Hi, I'm COBOLdinosaur i'm and arrogant, opinionated, heavy weight on the site.  I'm page editor for 9 topic, a former MOderator, and former member of the Expert Advisory Board the help guide the site out of bankruptcy.  I'm 24th on the all time experts Hall of fame. I'm ranked in 9 topics, certified in 6 and the number on expert 3 and I'm15th in total number of questions answered.

I make a living doing custom servers, db design, security architecture primariy on mainframe class computer doing OLTP  on secure private networks; in the technology division of an insurance company. Clients are primarily in Government, health Care, and financial services.  Been dong it for 40 years.

So who ar you? ;^)

Cd&
0
 
LVL 1

Expert Comment

by:jboz24
ID: 14117329
I'm jboz24 -- I like to help people, make suggestions, and welcome constructive criticism.  I've been an employee in the private sector for over 15 years including networking, database development, security, web design, unix admin, and some mainframe (yes, I've programmed COBOL!).  I've also formerly owned my own business building custom boxes for home PC use.

Recently, I've become heavily involved in R&D and troubleshooting with many of the spyware sites which has become my primary focus.  My main specialty is debugging many registry issue, primary with XP Pro.  Hence, why I have come to this site in order to help out on those posts that I have commented on and subsequently ended up here.

I have moderated on two boards, developed real time trading models for a Fortune 500 company (Goldman Sachs), and I'm also employed by one of the largest insurance carriers in the country.

Perhaps I'll add this to my profile -- you could at least have given me another hour ;-)
0
 
LVL 53

Author Comment

by:COBOLdinosaur
ID: 14117376
You might be just thick-skinned enough to survive the slings and arrows of the EE user.  hang on tight it can be a wild ride.  If you like to help, you will find this site is Disneyland for the ego, and more fun than hitting a home run in Yankee Stadium.

Cd&
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 14136200
":0)  Well said, Cd& .... Asta
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Problem I downloaded the Microsoft Internet Explorer 9 Beta, today, to give it a test drive and maybe write a review for the site, and it failed miserably and got stuck in a crash restart loop. The error message given is as illustrated below i…
It's here again; Microsoft is launching a new version of Internet Explorer: Internet Explorer 9, with noticeable changes on its interface, functions and new tools. As they say on its promotional video: "It's time to play, on a more beautiful web", f…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now