# HijackThis log file analysis tool



## It Wasn't me (Nov 11, 2003)

I found this to be a useful tool. I am posting this to find out what other people think of it. I in no way think that it should be used in the place of professional help with a hijackthis log. I am just looking for opinions.
http://hijackthis.de/index.php?langselect=english


----------



## Skivvywaver (Mar 18, 2001)

I have used it. It is useful but definitely not a replacement for a good human.

It gives me some false positives. It hits popupcop every time as nasty. If popupcop is a HiJacker I have been willingly HiJacked for about 4 years.

It is good for people like me that know what is supposed to be on their machine but once in awhile might see a stranger lurking in the log.


----------



## It Wasn't me (Nov 11, 2003)

Yes I agree. It is NOT to used as a replacement for a human but I believe it can be used as and educational tool that will help those who don't know how to read Hijackthis logs. Most times it states (possible nasty) unless you recognize it. Then those who don't know should Google the possible nasty and find out what it is.


----------



## Skivvywaver (Mar 18, 2001)

Yep, I agree. If I get something I don't know about for sure I see the crew in the security forum.

They are so busy in there I try not to bother them unless I am for sure whacked. I don't read HiJack logs well, but I get by OK most of the time.

Remember the story about the Dutch boy that stuck his finger in the dam? I have about 50 Dutch boys on this machine. I run more security than is most likely needed but I don't get whacked very often. 

Knock on wood I don't think I have had a log in security for almost a year.


----------



## It Wasn't me (Nov 11, 2003)

Thanks SKIVVY 
Good Humor your good you!


----------



## hewee (Oct 26, 2001)

My log was looked at today as being clean, but here is the "Short analyzing" you get from clicking the link at the bottom.

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\PROGRAM FILES\SPYCATCHER\SCACTIVEBLOCK.DLL - Unknown
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit - Unknown
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE - Unknown
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE - Unknown
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe - Unknown
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe - Unknown
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - - Possibly nasty === " This is for the inlone housecall "

So I have used just to look at a log but I go by what other people here say. Then I keep and date the log so I can look at it later and see if there are changes etc.


----------



## foxfire (Jan 14, 2003)

It Wasn't me said:


> I found this to be a useful tool. I am posting this to find out what other people think of it. I in no way think that it should be used in the place of professional help with a hijackthis log. I am just looking for opinions.
> http://hijackthis.de/index.php?langselect=english


Yes, I have used this whilst learning to analyse HJT logs but I have found that it is NOT FOOLPROOF.

Unless the user understands exactly what it coughs up as malware, it can be 
misinterpreted.

I would suggest that its useful as a guide but that a technical expert, as present in our Security Forum is far safer. :up:

Foxfire


----------



## sachinsurose (Feb 15, 2008)

From where to download HJT?


----------



## hewee (Oct 26, 2001)

sachinsurose said:


> From where to download HJT?


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis


----------

