A "proported" Hjt Expert Says.........

baker7

By baker7,
in Open Chat

 Share Followers 0

Recommended Posts

rv56

rv56

Posted
Posted

Well I'm definitely no HJT Expert by any means...but I still had a good laugh just the same.. :lol:

Thanks for sharing baker7 as that was a good one....and I guess this could be considered a warning to watch out for this person also. <_<

B)

Link to post
Share on other sites
Chappy

Chappy

Posted
Posted

I posted to that guy....first time I've posted there since....well, you know.

But this guy is an idiot X-trordinaire, and he deserves the roasting he's getting. If he ever did post at TC's, he'll never post again if he does tell us his username there, Gal will make sure of that after she reads that POS post.

If they ever did post that kind of advice here baker7, we would have that post removed SO FAST, that nobody would have the chance to read it anyway.

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Hmm, Interesting...

I hope I don't get flammed on my own forums for saying what I'm going to say now, but here goes.

The person who started that thread is neither wrong nor right. Now let me explain why he is not wrong to a certain degree.

You can theoretically delete everything in a HJT log, but (of course there's always a but) it does depend on the log itself. Windows services will not be deleted, but they will be disabled most likely, which means you'll have to restart them manually. However, as stated they are not deleted. Services by the way are the O23 in HJT logs. Other things such as O4's are startup programs or things that load when you startup. Now, sometimes there may be a case when something is needed to load when Windows boots, but, yes those can be deleted as well depending on what they are. The R0-R1, O2, O3 entries are commonly associated with web browsers like IE.

Now, I actually did try deleting my entire HJT log, just a few minutes ago, then I rebooted and re-scanned, everything was working fine, the Windows services were still there as well. Anyway, I still would not recommend deleting everything in a HJT log. However, depending on the HJT log it can be done without any harm.

Note: I want to make this clear, I would not recommend deleting everything though. That is not the correct way to analyze a HJT log. I would also like to say he would not be put on our HJT Team and I don't want anyone to think I'm saying that he is 100% correct, because he is not, however he is not 100% wrong with some of his statements.

Now, I hope I don't get flammed. ;)

B

Link to post
Share on other sites
Chappy

Chappy

Posted
Posted (edited)
Now, I hope I don't get flammed.

Ha....too late!!

In a way, I agree, but it also all depends on exactly WHAT is displayed in the log.

For instance, if the TCP/IP stack has been compromised with a New.net line, deleting the entries would most definately break the computer's ability to connect. In most cases that area is not listed unless there has been a change to it, so in those cases deleting everything would not harm it, but in others...

Yah you know, all the services are protected, and the startups are all a matter of choice....in XP, but what would happen in W98 when you delete systray and explorer.exe? I wonder if the system would protect those startups and replace them on reboot.

This is going to be an interesting debate me thinks, and I'm willing to test things out with a VMWare XP OS if needed, too bad I don't have a 98 on there.

Edited by Chappy
Link to post
Share on other sites
Matt

Matt

Posted
Posted

Also, besides the fact that "fixing" everything could, as Cahppy said sometimes compromise some functionality, it probably won't fix the problem. Most new malware today can't be removed by just using HJT. If you've ever had a log analyzed, the helper probably had you download one or more other tools to help with the fix. I feel sorry for anyone this guy has "helped" as his idea of "fixing everything" may not have harmed the computer, but it probably didn't help with their problem.

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted (edited)
Yah you know, all the services are protected, and the startups are all a matter of choice....in XP, but what would happen in W98 when you delete systray and explorer.exe? I wonder if the system would protect those startups and replace them on reboot.

I have a Windows ME disk, I could install that on a VM and try it, just probably not today. B)

BTW, I did this test on XP.

And yes, you're correct about O10's which are associated with TCP/IP stacks. That could potenially cause harm as they wouldn't be able to access the internet. Like I said it depends, but you're better off not deleting everything without a doubt.

B

Edited by Besttechie
Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted
Hmm, Interesting...

I hope I don't get flammed on my own forums for saying what I'm going to say now, but here goes.

The person who started that thread is neither wrong nor right. Now let me explain why he is not wrong to a certain degree.

You can theoretically delete everything in a HJT log, but (of course there's always a but) it does depend on the log itself. Windows services will not be deleted, but they will be disabled most likely, which means you'll have to restart them manually. However, as stated they are not deleted. Services by the way are the O23 in HJT logs. Other things such as O4's are startup programs or things that load when you startup. Now, sometimes there may be a case when something is needed to load when Windows boots, but, yes those can be deleted as well depending on what they are. The R0-R1, O2, O3 entries are commonly associated with web browsers like IE.

Now, I actually did try deleting my entire HJT log, just a few minutes ago, then I rebooted and re-scanned, everything was working fine, the Windows services were still there as well. Anyway, I still would not recommend deleting everything in a HJT log. However, depending on the HJT log it can be done without any harm.

Note: I want to make this clear, I would not recommend deleting everything though. That is not the correct way to analyze a HJT log. I would also like to say he would not be put on our HJT Team and I don't want anyone to think I'm saying that he is 100% correct, because he is not, however he is not 100% wrong with some of his statements.

Now, I hope I don't get flammed. ;)

B

No, B - I won't flame you - This guy is not 100% right, and he is apparently NOT 100% wrong, but when you have novices that come to a forum for advice and this guy says that he can make a machine run ("purr like a kitten") well by deleting the contents of a HJT log, and do that alone, that is rediculous - and to have this dude say that he is an A+ Certified professional that does this action daily is crazy - This guy probably won't even answer Chappy's question about his username at TC Forums, because when the admins read this half right/half wrong post, they will probably delete him from the system.

Besttechie would NEVER advise that, and I would not advise anyone to delete the whole contents of a log either, as this does not seem to assist the log readers with problems - I am glad that we have good people that know what the hell they are doing with this stuff - This guy will get the snot kicked outta him because of what he says - heheheh I would love to see what TC has to say about this post ;)

Laugh on Gents ;)

Brian

Link to post
Share on other sites
Makai

Makai

Posted
Posted

It won't let me in.

I've been trying to refer people from G4 over to here, not because there's anything wrong with the experts there, it's just that they can't be there all the time and guys like this (and far worse) are giving advice when they clearly don't know what they're doing.

Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted (edited)
I posted to that guy....first time I've posted there since....well, you know.

But this guy is an idiot X-trordinaire, and he deserves the roasting he's getting. If he ever did post at TC's, he'll never post again if he does tell us his username there, Gal will make sure of that after she reads that POS post.

If they ever did post that kind of advice here baker7, we would have that post removed SO FAST, that nobody would have the chance to read it anyway.

Go get 'em Dave: He uses the same Username on TC firums apparently hhehehehehehehee

and um - he is from *COUGH* *WHEEZE* Cana*cough*da heheheheh

SevenOwl

Authentic Member

Member Group: Slyware Cadet

Joined: 21-June 04

Active Stats

User's local time Nov 28 2005, 10:30 PM

Total Cumulative Posts 49

( 0.1 posts per day / 0.04% of total forum posts )

Most active in OPEN (Not for computer help, this is for open news and talking)

( 13 posts / 32% of this member's active posts )

Last Active 12th August 2004 - 06:57 PM

Status (Offline)

Information

Home Page No Information

Birthday 20 December 1968

Location Canada

Interests Computers. Is there anything else

Communicate

No Information

No Information

No Information

No Information

Send a Personal Message

Send an Email

Brian

Edited by baker7
Link to post
Share on other sites
Chappy

Chappy

Posted
Posted
Go get 'em Dave: He uses the same Username on TC firums apparently hhehehehehehehee

and um - he is from *COUGH* *WHEEZE* Cana*cough*da heheheheh

Yah, I noticed....

Makes me almost embarassed to be from the same country as he is. He must be from Winnipeg ;)

I've contacted an admin at TC's that I know well and pointed them to that post, we'll see what kind of action they take towards this person.

I know for sure that they'll get a very stern PM from my friend at least, and possibly some other action, as any teacher at TC would NEVER allow that type of advice from a member.

Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted

Go get 'em Dave: He uses the same Username on TC firums apparently hhehehehehehehee

and um - he is from *COUGH* *WHEEZE* Cana*cough*da heheheheh

Yah, I noticed....

Makes me almost embarassed to be from the same country as he is. He must be from Winnipeg ;)

I've contacted an admin at TC's that I know well and pointed them to that post, we'll see what kind of action they take towards this person.

I know for sure that they'll get a very stern PM from my friend at least, and possibly some other action, as any teacher at TC would NEVER allow that type of advice from a member.

heheheh that guy has had the radish hehehhehe :)

Thanks Dave - G4 or any place on the net that provides Tech help don't NEED that CLOWN doing crazy BS like that hhehehe ;)

Brian

Link to post
Share on other sites
Flatiron

Flatiron

Posted
Posted

It won't let me in.

I've been trying to refer people from G4 over to here, not because there's anything wrong with the experts there, it's just that they can't be there all the time and guys like this (and far worse) are giving advice when they clearly don't know what they're doing.

You've got to be a member.

I looked in a forum he has posted the most in, but couldn't find any in the

2-3 pages that I looked at so gave up.

Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted

hehehehe looks like sevenowl is a'gonna have to answer to more then just G4's audience - heheheheh - I am glad I ain't in his shoes - I wouldn't be that blatent and stupid hehehehe

Brian

PS: I posted the user information for sevenowl, as I am a member of TC - I wanna REALLY see Tom Coyote go over there and embarrass the hell outta that newb heheheheh ;)

Brian

Link to post
Share on other sites
Chappy

Chappy

Posted
Posted
hehehehe looks like sevenowl is a'gonna have to answer to more then just G4's audience - heheheheh - I am glad I ain't in his shoes - I wouldn't be that blatent and stupid hehehehe

Brian

PS: I posted the user information for sevenowl, as I am a member of TC - I wanna REALLY see Tom Coyote go over there and embarrass the hell outta that newb heheheheh ;)

Brian

Tom has joined into the party at G4, and put this guy into place as have a couple other TC teachers. SevenOwl will NOT be making any more hasty statements like that one anytime soon.

Link to post
Share on other sites
Elrond

Elrond

Posted
Posted

If it is HJT 1.99.1 you will not succeed in fixing the O10 lines. HJT will not do it anymore because of the risk involved. However I am not so sure what will happen if you delete everything in HJT on a infected computer. I have seen a number of cases where the computer gets so unstable that you can not boot when you delete too many items. Besides imagen if it is a business computer that has a complex setup to protect the business. You could open a real can of worms that way. In many cases the computer will work but you never know what the ramifications are of deleteing everything. Could be some fun trying to get it to run everything the victim needs again.

Link to post
Share on other sites
screi

screi

Posted
Posted
Just saw a Post by *Tom Coyote* over at G4 in that thread..

Seems SevenOwl just got removed from the TC Community....

LifeTimeGamerApproved1.jpg

seems to be an appropriate response....pretty serious folks who try to help us against the constant spy ware invasions we all encounter every day...perhaps he(sevenowl) will have learned an important lesson... :whistling::matrix::blink:

Link to post
Share on other sites
mlegg510

mlegg510

Posted
Posted (edited)

So this idiot's post made it here I see :lol:

I am thankful for all the support from you guys who posted there, as well as Tom and the others from

Coyote.

sevenowl made that post with some self absorbed arrogance and I just told him the truth; he was wrong.

I did not want it to be a flame war, though knew it would be when a few other regulars at G4 saw it.

BTW~ I made that thread a sticky for a week so a few if my undesirable idiot know it all members can see

it. Or I can refer them to it in a PM when I see dumb ass sh**. :blink:

take care

Mike

Edited by Chappy
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing