HijackThis Auto Analysis

It was more for fun.

Well my point is something more specififc. HJT shows a process called netcheck.exe , is that good or bad? HJT doesnt tell you any more. This is the same whether you are human or machine.


Inf[/QUOTE]

 

ok, when I got a process

:\program files\internet explorer\connection wizard\netcheck.exe

I'll probably ask the guy to upload / scan it by some online antivirus scanner and that question would not be asked by such an automatic hjt responder if you know what I mean.
And that is what I was trying to say, you get more interaction and advice with a true log reader then with some automatic machine.

that is all

enjoy your eve.

Inf.

 

yes correct DVK01,

I could slightely, just a little tiny bit, see the hand of a master

it would be very easy for us if netcheck.exe was in the plain Windows Folder and the machine would be XP

but that would be waaay to easy ...

 

hello, i would like to ask a few questions regarding HJT and Wilders.

Some time ago i heard the news that Wilders security forums was to stop the processing of HJT logs, now a bit later through a contact at another high profile web security site I hear that Paul Wilders is trying to start a Pay for analysis HJT web site.

I hear this as supposedly Paul has contacted other fourm owners proposing the idea of Pay for help with HJT.

My quesitions are,

How much truth is there in these rumors?

How does this affect the integrity of Wilders forum? (its worth noting the auto scan HJT site has been slammed here repeatedly)


I am by no means accusing anyone or anything, the story was told by a credible source, so i am just asking for an honst answer.

Thank you.

 

Like Derek said, HJT has almost reached it's limit of usefulnes, because the drek coming out now is not caught by HJT.

Have a good day!

 

WTF, if there were any truth in this rumour, which at the moment is just a rumour, would it not be breaking certain ethics.

Jimbob

 

So... in which case... maybe all this talk about auto analysis versus expert analysis is now academic. If HJT has now lost its ability to detect some of the latest malwares, and if it's no longer able to be updated for whatever reason, either no time for the author to do this, or possibly the program is not technically able due to the complexity of the new types of malwares now going undetected, then is it time to stop using it altogether.

Surely a program that is not detecting new malwares is going to give a false sense of security, even though it still finds the more common entries, if other new nasties are not being detected... this can't be considered a good situation... auto or not.

 

As was said before, HJT is a tool, it is not the whole answer to any problem.

 

Concerned,

Would you mind providing a link regarding this information (assuming it was not a private communication)?

As for some background context, please see here, especially post #5 and here.

Blue

 

No it was ME, and I thought it was most likely legimate, but i asked for a scan too.

Nice to see , I gave the same advise to the friend, as a recognised master.

 

I allways am alert when someone claims to be a recognised master especially when they are anonymous...

so tell us: how can we recognise you? will you have a rose in your mouth?



have a wonderful evening


Inf.

 

If this is true then what tools do we have to defeat the latest malware threats? I thought Hijackthis was the tool recommended when all others failed? So if even Hijackthis is now beatable by about 75% of the newer malware, as you say, then what chance do we have against the latest malware? Can you recommend some alternate ways/tools to defeat the newer forms of malware undetected by HJT?

 

Is he the master of computers? Does that guest have a diploma/degree in computer sciences?

 

What Ronin actually said

Giving the same advise is not the same as claiming to be a master.


Someone clearly hasn't mastered reading.

 

no prb Ronin

have fun

Inf.

 

Derek - That's a pretty disturbing statement. Could you give us some examples? Pete

 

Hi Pete,

Examples enough unfortunately.

What are the two most common pests that stay behind after a few good scans have been done?
CWS and VX2

- Some versions of CWS don't show up in a HijackThis log at all, some only show the sites the victim is hijacked to.
For example Holax that changes legit startup files to call the trojan when started:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41046

- One of VX2's latest version mostly only shows up in a log as one line in the Hosts file that was changed.

- The Qoologic trojan is another good example:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_QOOLOGIC.B&VSect=T

And I can come up with a few more without breaking a sweat.

Regards,

Pieter

 

So, if you use Process Guard to protect explorer.exe, you wouldn't know it??

Worried,
Marja