A "proported" Hjt Expert Says.........

baker7

By baker7,
in Open Chat

 Share Followers 0

Recommended Posts

JDoors

JDoors

Posted
Posted
... You can theoretically delete everything in a HJT log ...

Actually, I'm going to commend you for saying so. The guy had a point that Windows will boot and obviously any malware entries would be gone. But that's like swatting a fly with a nuclear bomb. It'll work, but nobody in their right mind would recommend it. :)

My take is the guy just got a little full of himself. You know, "A little knowledge is a dangerous thing." It happens from time to time. I think people got carried away with the importance of his advice, though they are correct to defend TC's honor.

BTW, TC showed a lot of restraint & class with his responses.

Link to post
Share on other sites
Matt

Matt

Posted
Posted
and obviously any malware entries would be gone

Well, this is not entirely true. If you look at my first post in this thread (here), I talk about this. Most malware today won't be gone by just "fixing" the entry in HJT. Often, the helper will supply one or more other tools while analyzing a log. And, even if other tools aren't needed, certain lines in HJT , such as O4s also need to corresponding file to be deleted. So, once again, while it may be safe to do this with HJT, it probably won't help too much with your malware problem.

Matt

Link to post
Share on other sites
Chappy

Chappy

Posted
Posted (edited)

and obviously any malware entries would be gone

Well, this is not entirely true. If you look at my first post in this thread (here), I talk about this. Most malware today won't be gone by just "fixing" the entry in HJT. Often, the helper will supply one or more other tools while analyzing a log. And, even if other tools aren't needed, certain lines in HJT , such as O4s also need to corresponding file to be deleted. So, once again, while it may be safe to do this with HJT, it probably won't help too much with your malware problem.

Matt

Plus...as I mentioned, if there are O10 entries present in the log due to something injecting itself into the TCP/IP stack, they'll break the chain and lose Internet capabilities.

His statement that "everything in the list is suspicious material", is in itself completely false. Windows processes are certainly NOT suspicious, nor are proper browser entries or startups such as AV and firewalls.

Also, any wanted (browser O8 O9's) extras will be deleted by doing this causing the user to loose that funcionality and have to reinstall the extras again.

So, it may be semi-true that you can delete everything, more bad than good can come of it by doing that. I'm still curious to see if W98 breaks trying this, due to systray and explorer being needed startups for that OS.

Edited by Chappy
Link to post
Share on other sites
TheTerrorist_75

TheTerrorist_75

Posted
Posted
I posted to that guy....first time I've posted there since....well, you know.

But this guy is an idiot X-trordinaire, and he deserves the roasting he's getting. If he ever did post at TC's, he'll never post again if he does tell us his username there, Gal will make sure of that after she reads that POS post.

If they ever did post that kind of advice here baker7, we would have that post removed SO FAST, that nobody would have the chance to read it anyway.

I went to TC's forums and researched some of that idiots posts. He would constantly butt into HJT logs. Many of them he would start then sya he had to leave for some purpose and notify someone that would "take" over. He is a danger period. People need to be aware that inayshu320(?) is also a danger with HJT logs.

Link to post
Share on other sites
JDoors

JDoors

Posted
Posted (edited)

and obviously any malware entries would be gone

Well, this is not entirely true. If you look at my first post in this thread (here), I talk about this. Most malware today won't be gone by just "fixing" the entry in HJT. Often, the helper will supply one or more other tools while analyzing a log. And, even if other tools aren't needed, certain lines in HJT , such as O4s also need to corresponding file to be deleted. So, once again, while it may be safe to do this with HJT, it probably won't help too much with your malware problem.

Matt

I chose my words carefully: "any malware entries would be gone" is technically correct since I was addressing the so-called advice to delete the entries. Since the advice is technically incorrect (that deleting all the entries would fix all your problems without causing any new ones) I didn't feel it was necessary to add the additional information you brought up, but yes, while the entries would be gone that's simply not enough to purge all malware from a system, hence the entire point of having to analyze the HJT log in the first place.

<edit> Yup, they can reappear, so even on that level ... he fails:

That guy was so wrong on SO many levels! :D

Edited by JDoors
Link to post
Share on other sites
Matt

Matt

Posted
Posted (edited)

and obviously any malware entries would be gone

Well, this is not entirely true. If you look at my first post in this thread (here), I talk about this. Most malware today won't be gone by just "fixing" the entry in HJT. Often, the helper will supply one or more other tools while analyzing a log. And, even if other tools aren't needed, certain lines in HJT , such as O4s also need to corresponding file to be deleted. So, once again, while it may be safe to do this with HJT, it probably won't help too much with your malware problem.

Matt

I chose my words carefully: "any malware entries would be gone" is technically correct since I was addressing the so-called advice to delete the entries. Since the advice is technically incorrect (that deleting all the entries would fix all your problems without causing any new ones) I didn't feel it was necessary to add the additional information you brought up, but yes, while the entries would be gone that's simply not enough to purge all malware from a system, hence the entire point of having to analyze the HJT log in the first place.

That guy was so wrong on SO many levels! :D

Hi JDoors. Actually, that is still incorrect--sometimes. For example, if a HJT log showed the following lines:

O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\system32\pmkhi.dll

O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll

And you "fixed" them, or everything with HJT, those lines would come back. So, lines wouldn't nessescarily be gone. Certain infections, like this one reappear in HJT if you do not fix them with the correct tools.

Anyway... I'm glad to see this guy is out of the spyware community. Yes, he was wrong on so many levels! :D

Matt

Edited by Matt
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing