Know how - HijackThis

[Ruby]

Welcome to HijackThis.eu
(Deutsche Version)



Download HijackThis from one of the following download locations:

HijackThis v1.99.1

TrendMicro™ HijackThis™

Please post the logfiles like this example...

Code it

HijackThis log file analysis

analysis

Welcome to HijackThis.de Support Board!

English-Help

Please read our basic rules:

• Each thread should contain all logs for the same user.
  Please do NOT post your log file in a thread started by someone else, even if you have the same problem as someone else.

• Do not post a new thread for each log or if you are not getting any responses.

• Please do not 'bump' your post. If you want to add information to your post, use the button instead of adding a new reply. Our helpers search for posts by date, so replying in your own thread will only delay you receiving help.

• Please do not post your email address without replacing @ with [at] and {.dot.} or something similar.
  Spambots may search the forum looking for email addresses.

• Try to give a short explanation of what the problem is.
  Just posting the logfile doesn't help us to help you.

• Make sure you have the latest version as it is updated often to keep up with the latest threats.

• Please do not send personal messages to our helpers.
  We don't answer PMs containing HijackThis logs or questions.
  Post all your questions, answers and results into your own thread on English-Help.

• Our users are asked to omit from assistance to other users, unless it concerns certified, effective help.
  We are no user2user forum.
  If you are interested in becoming a helper on English-Help, please read our Advertisement of a Vacancy and contact Matze.

• Helpers will take action as quickly as possible. Please be patient.

English Spoken?

Go to "Kontrollzentrum" (User Control Panel/User CP)
"Einstellungen ändern" (Edit Options)
"Verschiedene Einstellungen" (Miscellaneous Options)
"Sprache der Benutzeroberfläche" (Forum Language)
[Auswahl / choose it]
[Änderungen speichern / Save Changes]

Install HijackThis

--> C:\Program Files\HijackThis

do you need IZArc?

Tutorials for HijackThis

How to post a HijackThis Logfile
How to use HijackThis

Information about HijackThis

HijackThis Tutorial

More Information

Free Tutorials

Do you know this unknown application, entry, process of website?
Please give us this information to be added at the database:

Feedback

Welcome to the File Database!

File Database

Where can unknown files be found?

ProcessLibrary - I am not a geek
Processes in Windows NT/2000/XP
Google

Online analyse for unknown files
www.virustotal.com and virusscan.jotti.org

some more new online multi virus scanner:
virscan, viruschief, virus.org

Load up of unknown files for manually analyse
UploadMalware.com and www.thespykiller.co.uk
You could better ask us - we will help you.

Need Help at once?

HJT-First Help - Security Tips - Need Help ?



Malware Guide



Donations are Welcome

Konto EN - PayPal-US PayPal-DE - Konto DE

Work together with us?

Advertisement of a Vacancy

Meet each other?
Come to:

HijackThis Chat
(irc.quakenet.org #hijackthis)

[Ruby]

Malware is getting more and more pushy.
So, while cleaning up your machine, it can happen that it crashes down.
Need software to backup your own files?
Cobian Backup and CDBurnerXP or DeepBurner
are free.
Note: Save your own files on DVD-RW, DVD+RW or DVD-RAM.

First Steps to analyse your system

STEP 1
Make sure you set Windows to see the hidden files and folders

STEP 2
Start Spybot Search&Destroy, deactivate the "Resident TeaTimer".
(Click onto "Advanced mode" > "YES" > "Tools" Menu > Click
onto "Resident" > take off the checkmark with "Resident TeaTimer"
"activ." Box > exit.)

STEP 3
(Windows 2000 and Windows XP)
The first thing you could do to get rid of malware is: restore the operating system to a previous state - have a look here:

• 1. Log on to Windows as Administrator.
• 2. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
• 3. On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
• 4. On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
• 5. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
• 6. Log on to the computer as Administrator. The System Restore Restoration Complete page appears.
• 7. Click OK.

STEP 4
Download one of these two versions of HijackThis

HijackThis v1.99.1 or HijackThis.v2.02 by TrendMicro.

• Double-Click onto HTJInstall
• Install it

• Use HijackThis with a Double-Click onto its Icon.
  (Getting problems, please use: run with administrator rights) > run it.
• Click onto Do a system scan and save a Logfile
• Click OK
• You will get a new window with a textfile copy its content and paste it to your thread.

STEP 5
Due to many malware which is attacking HijackThis by the moment, we need to ask our users to rename HijackThis v1.99.1

Hijackthis.exe -> into -> HJT1991.exe.

Run HJT1991.exe and let it scan.
Save the fresh HJT logfile and post it.

STEP 6
NOTE: Please use ONE of these File list Versions !

(NOT Windows Vista)

1. Download the filelist.zip
   (FAQ) to your desktop.
2. Unzip this file to your desktop (free Zip-Tools)
   
3. Restart your system
4. Doubleclick onto the filelist.bat to run it
5. Your editor program will open
6. Highlight the content, chose copy & paste it to your following posting
7. Please note: we only need the last 30 days of every directory of this file

• Many Thanks to our Moderator Karl83 for creating this new tool.

• Directory of C:\
• Directory of C:\WINDOWS\system32
• Directory of C:\WINDOWS
• Directory of C:\WINDOWS\Prefetch (Windows XP)
• Directory of C:\WINDOWS\tasks
• Directory of C:\WINDOWS\Temp
• Directory of C:\DOCUME~1\Name\LOCALS~1\Temp

-> Please post all wanted information.

(Windows Vista)

1. Download VistaFindbat. zip to your desktop
2. Unzip the vistafind.zip > extract all...
3. Open the new folder VistaFindbat on your desktop.
4. Double-Click onto vistafind.bat
   (Getting problems, please use: run with administrator rights) > run it.
5. You will get a textfile.
6. Copy & paste its content to your thread.
7. Note: Post the Logfile in [code]
   We only need the last 30 days of every directory of this file

Many Thanks to our Moderator Xeranox for creating this new tool.

• These are the directories which can be read using the VistaFind.bat:

• Directory of C:\
• Directory of C:\WINDOWS
• Directory of C:\WINDOWS\system
• Directory of C:\WINDOWS\system32
• Directory of C:\USER\Name\Temp
• Directory of C:\WINDOWS\Prefetch
• Directory of C:\WINDOWS\tasks
• Directory of C:\USER\Name\Temp
• Directory of C:\Program Files\ <--please post all files of this directory

-> Please post all wanted information.

• Delete now the vistafind.txt

(Windows All)

1. Download the hjtscanlist.zip to your desktop
2. Unzip it to your desktop
   (IZArc is free)
3. Windows Vista: Rightmouse Click onto the file hjtscanlist.bat > chose (run as an administrator),
4. all other Windows: Doubleclick the file hjtscanlist.bat to run it

• Windows XP: "XP"
• Other Windows Versions: "X"
• Windows Vista: "V"
• -> Chose "Q" for Exit > [Enter]

• Chose the selection what was given to you in your thread "1", "2", or "Q" > [Enter]
• Notepad will open, copy&paste the contents of this new text file to your thread

Lots of Thanks to our Team Member Mopao for creating this new tool.

• These are the files, which we want to see:

• Directory of C:\
• C:\Windows
• C:\Windows\System
• C:\Windows\System32
• C:\Windows\Prefetch
• C:\Windows\Tasks
• C:\Windows\Temp
• C:\Users\Name\AppData\Local\Temp
• C:\Program Files
• C:\ProgramData\..
• C:\Windows\system32\drivers\etc\hosts
• Additional Information

-> Please post all wanted information.

The logs can be very big, so please use vB Code

[Ruby]

Introduction of our Helpers on HijackThis.eu

Admin
Matze

Super Moderator
Speedy

Moderators
Karl @ Marco Polo @ Petra @ Xeranox @ Yourhighness @ Jintan

Team-Members
Argos @ Atribune @ ElPiedra @ ipl_001 @
@ Mopao @ Runa @ S!Ri @Spirit

Team-Candidates
cosinus @ Troja

Malware Experts
AndyManchesta @ JoK @ Laur3n7 @ Lutz @ Marc @ Marckie
@ miekiemoes @ mmk @ Ninja @ raman @ sUBs @ TonyKlein
and some experts from other boards who are well known with us

Free Helper
Robert


We all will do our best
to help you as fast and good as possible,
to clean up your systems from malware.


Regards
Ruby

[Ruby]

Donations are Welcome



Konto EN - PayPal-US - PayPal-DE - Konto DE