HijackThis Auto Analysis

[dvk01]

and even worse (in my view) is this one which changes explorer.exe and leaves no signs
http://www.viruslist.com/en/weblog?weblogid=159054634

and it is spreading quite widely at the moment

[Marja]

So, if you use Process Guard to protect explorer.exe, you wouldn't know it??

Worried,
Marja

[dvk01]

If you use PG then it shouldn't be able to change explorer.exe or any other file on your computer without your knowledge or permission

Thanks, Derek, that's what I thought, but things keep getting more complicated everyday, don't they?

Glad you are all here helping!!

Marja

Removed for Admin review.

Blackspear.

Reviewed - Given the false accusations and trolling comments to insult, and take this thread off-topic; the contents of this post will not be returning - snap

[Merijn]

Hey all, spy1 alerted me to this thread and I've read through its key posts.

First off, HijackThis is NOT an antivirus program. Therefore, it cannot prevent, detect or fix malware that modifies system files. This constitutes a PE virus which is beyond my (and Visual Basic's) capabilities. The only thing that would detect a change like this would be an antivirus program.

Secondly, I'm trying to keep HJT as general as possible so it stays small and fast. I'm not going to build a database of specific things to check and identify it as 'Malware #1253' like Spybot S&D does. HijackThis didn't start out as that and never will become that. There are far better programs to use a database-based targeting method.

Finally, if you come across a method that is frequently used by malware that isn't covered by HijackThis (or StartupList for that matter), let me know about it. I do want to stay on top of these things but stuff like this doesn't always reach me. The few examples Derek and Pieter mentioned are mostly PE viruses, but some are completely new to me and seem interesting enough to review further.

Merijn

[Infinity]

Thanx Merijn for your clarification.

keep up the good work