HJT Log Parser Tool at http://hjt.iamnotageek.com/ (Expert Opinions, Please)

I just found an online HJT log parser that you can paste a HJT log into and, within seconds, get an analysis.

Link: http://hjt.iamnotageek.com/

Although several of the items from my HJT log indicated "Unknown Item" it at least did not find any "Bad" items. Some of the items color-coded as "Unknown Item" had a description anyway. Many did not. (It appears their database needs updating.)

In any case, it seems to be a helpful tool for people who wish to learn more about HJT logs and how to interpret them, specifically with recognizing malicious items.

Any experts here have opinions about that HJT parser they'd like to share?

How about your opinions about the "I Am Not A Geek" site in general. Do you think their info is reliable?

If you'd rather keep your opinions confidential, please PM me and I will not disclose your opinions.

 

Hi Mailman,

That HijackThis log parser has been around for awhile.

Read this:
http://www.wilderssecurity.com/showthread.php?t=62759
Merijn (HijackThis author) has a response in Post #56

And this:
http://www.wilderssecurity.com/showthread.php?t=62044
Again, Merijn responds in Post #17

---------------------------------------------------------------------------

I am sure that iamnotageek.com's information is accurate to the best of their knowledge. But, in my opinion, obtaining the most information about a particular problem is better. Whenever I have a problem with anything, I seek multiple opinions.
Google is my best friend.

Take care,
ski123

 

Thanks, ski123. I appreciate your response and links.

Google is my best friend too lately.

Thanks agin.

 

I am familiar with that one and several others as well as downloadable stand alone analyzers.
In my experience that particular one is one of the least valuable.
I can also say that in my experience those are prone to false positives and missed nasties.
However the biggest problem is that most of the time they fail to give you links to additional information on the items they do identify.
This leads to the misconception that Hijackthis is a removal and repair tool . It is not. It is an ennumerator, designed to show the entries in specific locations of the windows registry and system files so that a trained analyst or someone otherwise familiar with malware identification can recognize and identify problems and plan out a treatment process. This often involves either linking to specific sites with specific manual removal proceedures for known nasties, or giving links and instructions on using specific removal tools for specific known infestations. In some extreme cases, it involves more detailed analysis to figure out the changes made by the nasty and then planning out a strategy to identify them and reverse them.

Remember, Hijackthis is an ennumerator first and foremost. While it can remove some of the items (specific registry entries) which it lists, it does not automatically remove other entries which do not show up which may have to be found and removed. Likewise, many of these malware require that you remove them in a specific manner and repair certain files they have damaged or you will loose internet connectivity or worse (there are a few out there which will remove all admin priveleges from all accounts in XP if you try to remove them with Hijackthis or other similar tools).

 

Hi, oshwyn5.

Would you care to refer me to other HJT analyzers that you have found useful? I like to tinker with such things.

I understand. I will never use HJT to "fix" or remove items without understanding the potential consequences.

In the case my computer should get spyware on it, I would certainly get expert advice on removal because I'm well aware different types of malware have to be removed in very specific ways.

 

That is where the big danger lies. Hijackthis should not be "used to fix or remove" anything unless you are familiar with the infestation and know that the entry hijackthis shows is the only entry it makes and also that hijackthis is capable of correctly removing that particular entry type. Some it can and some it cannot, but the big danger is that you will use hijackthis to remove something which one of these auto analyzers shows as bad, without knowing that the infection either requires using a specialized removal tool and can cause damage to your system if it is removed incorrectly ; or that it has additional components not detected by hijackthis which will remain and continue to be active but no longer be detectable.

If you are interested in the fight against malware, I suggest you join the forums at http://forums.tomcoyote.org/
and/ or
http://forums.spywareinfo.com/index.php?

Once you are a member, PM one of the board admins and explain your background and reasons for wanting to become a trained analyst and request admission to their classroom. This is free training, but remember it takes several months and true dedication to complete and master.

 

Hi, oshwyn5.

I got the hint. I'll look around on my own.

I haven't enrolled in any of their "bootcamp" malware removal training programs because I haven't wanted to devote the necessary time and energy to become an expert (not yet anyway).

However, I do enjoy occasionally looking at other people's HJT logs in various forums (including the ones you mentioned above). I sometimes quiz myself on which HJT log entries I think may be indicative of malware. Then I compare my predictions with the experts' follow-up messages. (It's a little like watching a game show on television.)

I will not claim to be an expert and offer help with HJT logs and subsequent malware removal merely by studying what experts recommend (in the same way as I would not claim to be qualified to be a contestant on Jeopardy even if I watched that game show daily for years). Until I have properly earned such recognition after proper training from a reputable organization (such as spywareinfo.com, spywarewarrior.com, tomcoyote.org), I will simply use people's HJT logs for my personal entertainment/education only.

If I decide to pursue the role of recommending courses of action beyond the typical initial strategies, such as running reputable scanners (trusted AV software, Spybot S&D, Ad-Aware, etc.), I will be certain to acquire appropriate training first.

I appreciate your apparent apprehension regarding publicizing HJT "analyzers" here so people who may read these forums don't take unnecessary, incorrect, and/or potentially catastrophic, actions with their computers.

I will see what Google can do for me.

Thanks for your reply.

 

Hi Mailman, I am with oshwyn on this too. I have been doing HJT logs for a long time now and you cannot rely on any of those "quick fix" HJT log analyzers.

Really they are more dangerous, IMO, because if you take out one wrong line you can totally ***** your system bad.

Just deleting a line in HJT is not always the answer, there are many times when you need to run various programs, go into the registry, delete files or folders, etc to get rid of some infections/problems.

Your best bet is to go to http://tomcoyote.org/ and sign up for the forums and read, and read and read more.

 

Hi, mlegg10.

Thanks for your cautions. I will proceed with extreme caution and I will continue to read the tomcoyote.org forum messages.