Bug in HijackThis

One of the most used programs on many security sites is HijackThis.
Unfortunately Trend doesn't look interested in debugging it anymore:

http://www.pieter-arntz.info/wordpressblog/?p=35

Regards,

Pieter

 

I assume this issue was present before TrendMicro took over, so it would be present in previous versions still offered, like 1.99.1. TM may not be able to find solution as they were not the authors, is what I'm getting at. I assumed it was more for promotion than development when they purchased HjT...

 

The same issue was present in 1.99.1 but we can't expect Merijn to fix the problem either, can we?

I must add that Trends' support was excellent initially, but somehow they must have lost interest.

Regards,

Pieter

 

Thankyou Pieter for the info.
Groetjes,

Gerard

 

Doesn't Merijn still distribute 1.99.1 Sorry, I looked it up & answered my own question. From Merijn's page "I no longer own, maintain or support HijackThis. In March 2007, I sold HijackThis to TrendMicro. This includes the complete rights, the source code and customer support. I can no longer help you with error messages in HijackThis, bugs or missing features. If you use an older version of HijackThis, upgrade. If you find a bug, contact TrendMicro." I still use 1.99.1 and got it from his site. I knew of the sale but not of his position after the sale...

 

No problem. It is hard to find, especially with Merijn's sites and pages being offline.

Regards,

Pieter

 

Found another problem. A bit more serious this time.

http://www.pieter-arntz.info/wordpressblog/?p=35#comments

 

"Tony Klein has found a Fact Case exception in support of Metallica's study's conclusion. See: http://www.dslreports.com/forum/r20460519-"

Bill Castner also says "The study is seriously flawed in methodology and erroneous in the conclusions drawn. Not to mention offensive in Tone. The author has revised his original study based on some of the criticism above."

So .......... is Pieter's study flawed or not?

Just interested!

 

BoaterDave,

Not quite sure what exactly bcastner is all upset about. He appears to be reading things into Pieter's comments that just aren't there. As for his comments about whether the results were erroneous, I would suggest he back up and try again. Using the same example that Pieter used, adding funnyfile.exe to the shell=explorer.exe line in the system.ini file on a 98SE system will NOT show up in a HijackThis log. Rebooting the system will cause windows to complain about not being able to find the file, so obviously windows is seeing the change. That is precisely what the point was. HijackThis did not report the change.

And as for the study being revised, the only change was to correct the reference to the system.ini folder to say system.ini file.

Clearly not trying to mislead anyone as to changing the report after the fact.

If someone using 98SE has problems and posts a HijackThis log somewhere to get help, there is a possibility that there may be more to the story than what meets the eye. Pieter did not say don't use HijackThis because it is seriously flawed. Lot of things don't show in it's logs. No secret there. The point is the people that are reading the logs to help others, should be aware of the fact the possibility exists.

So what's the problem?

Best wishes,
VV

 

Where my reporting and testing methods may not have been up to academic standards, I do stand by my conclusions.
And like Vietnam Vet, who was one of the kind people to test this for me, demonstrated, a helper that has read my comments will be quicker to have a closer look at system.ini then one that expects HijackThis to report the change.

The same, although not as serious, can be true for the other problem.
If HijackThis reports a line like this:
O20 - Winlogon Notify: ffaabb - C:\WINNT\
then they might remember that a possible cause is the DllName value to be missing.

Regards,

Pieter

 

@Pieter_Arntz

Do you recommend against depending on Trend's HJT anymore or are these just unfortunately inherent flaws that are minimal but worth keeping a close eye on?

Merjin always kept this great app at it's best and most of us can understand his purpose to finally part with it, but let's hope Trend studies reported issues and corrects them soon.

EASTER

 

There is not much reason to depend less on HijackThis then you did before.
More and more it has become an app to take a first glance, based on which you can choose your follow-up.

It would be nice if they saw fit to correct found flaws though.

Regards,

Pieter