Here is a good guide on how to read the log and decide good from bad within it:D

http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm

This is a good source for more info on Hijackthis:D

http://spywarewarrior.com/viewforum.php?f=5

http://spywarewarrior.com/viewtopic.php?t=1044

Great thread/link for those who don't quite know how to read the logs Kendan, good thinking for linking it (hey that kinda rhymes!)

That being said, if you *aren't* sure what something is, please check before removing it, you can really screw up your machine if you're not careful. [/end friendly warning]

Bumpity bump

Nice Kendan, didn't see this... There is also very limited information included with the tool, some of which the link you gave elaborates on:


The different sections of hijacking possibilities have been separated into these groups:
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key

You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.

bump

bump for you.

Nice links.

I vote sticky (if this hasn't been duplicated elsewhere); there's a lot of stuff in the links I didn't even know...

Bump

well now if you go to http://www.hijackthis.de/en you can just copy and paste or upload your log file right to the webpage. then it will analyze it and give you a description and security level for each process it finds. has really come in handy for me.


agentbad

well now if you go to http://www.hijackthis.de/en you can just copy and paste or upload your log file right to the webpage. then it will analyze it and give you a description and security level for each process it finds. has really come in handy for me.


agentbad


Thats pretty cool. I will check it out the next time I run hijackthis. thanks for the link.