The Mother Board
Protocol for HiJackThis and removal of stubborn infections.

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    The Mother Board Forum Index -> Virus/Spyware/Security
View previous topic :: View next topic  
Author Message
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree


Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl

PostPosted: Wed Jun 29, 2005 3:17 am    Post subject: Protocol for HiJackThis and removal of stubborn infections. Reply with quote

Protocol for HiJackThis and removal of stubborn infections. **

Using HiJackThis to determine an infection by your self or using automated HijackThis Analyzers can have very bad repercussions and it should be limited exclusively to identification of scumware but fixing should be done by experts only.
Remember that they don’t want to be removed from your system and blindly removing things may have serious consequences.

Step #1
Post a HiJackThis log

Download HijackThis and unzip HJT into its own folder, never run it from a temp file or from a program (WinZip, etc.).
C:\HJT or C:\Hijackthis is preferable since the program makes backups of all files removed and they me be needed if something goes wrong.
(Alternate Self-Extracting download of Hijackthis for users without XP or a ZIP utility.
Double click HijackThis_sfx.exe and select Unzip. When done click "OK".
Close the WinZip self Extractor window.
The program will be found in this location when you need to use it. C:\Program Files\HijackThis\HijackThis.exe.
)

A quick tutorial of How to use HijackThis is available Here along with links for security sites that can also review HJT logs.

Run HiJackThis.exe.
Click on the Do a System Scan and save a Log File button at the top.
A text file named "hijackthis.log" will pop up.
To copy the log to a forum simply copy all of the contents of that log into your post. Simplest and safest way is to hit Ctrl+A to select ALL of the text then Ctrl+C to copy that text, then use Ctrl+V to paste that text into the appropriate thread.

Since scumware compromises your system limit your access to secure sites and personal info on an infected computer until the issue is resolved and we know the extent of the damage.

Don’t "EDIT" your HJT log, there is no personal info given and you wont be judged by what’s in there.

Never post a HJT log in someone else’s thread.
Create your own since most infections are very complicated and requires one on one help.
Create a New Topic in the Virus/Spyware/Security area even if you have a thread in another area so it will be seen by those who can help in that field.

Include all issues you have and steps you have gone through to fix it up to this point.

Please be patient for a reply.

Feel free to continue to Step #2 if you have followed all of the above as it might clean your system of most issues.
If you do, make sure you reboot and post an updated HJT log.

Also note that when you reboot some file names may change and you must then post a new log.
This is mandatory and will help you get clean quicker.


Step #2
Run updated Security Programs

Once you have posted a HJT log, there are many free utilities that can possibly clean the system for you.
Note: “By posting a log first (step #1) we can access what was installed/damaged to begin with and any action that may need to be done to fix the “leftovers” of that infection if the other scans are successful.

Update your current Anti-Virus to the latest definitions and do a full system scan.

Download and run the following free Anti-Scumware programs and scanners.Run one or more of the following free Online Scans After running any of the above please post a new HJT log!


Step #3
After the infection is removed, Only!

Always make sure your Security Settings are reset to default since some scumware changes your settings.
Reset IE Tutorial
MS’s Antispyware also has the ability to reset IE and Windows Update settings to default automatically. <(For XP and Windows 2k Only.)


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) XP - Please note you need Administrator Access to clean the restore points
Do NOT attempt this until you are sure the system is clean.
Several COLD reboots are suggested first, at least you will have the option of booting to a infected system instead of not being able to Boot at all!

Windows ME

1. Right-click My Computer and then click Properties.
2. On the Performance tab, click File System
3. On the Troubleshooting tab, click to select Disable System Restore
4. Click OK twice
5. Restart your computer.

6. Right-click My Computer and again click Properties
7. On the Performance tab, click File System
8. Clear the check mark in Disable System Restore check box.
9. System Restore is now active again.

Windows XP

1. Right-click My Computer and then click Properties.
2. Click the System Restore tab.
3. Put a Check in Turn off System Restore.
4. Click Apply, and then click OK.
5. Reboot.
6. Turn ON System Restore by removing the check in Turn Off System Restore by following previous instructions.
7. Click Apply, and then click OK.
8. System Restore is now active again.

Remove Temp and Junk files.
XP users: Start > Run > Type in, cleanmgr > OK. Select the hard drive that has your OS installed and put a check in the first 5 options. Hit OK
Or
Download and run one of the two following programs.
Cleanup!
Cr*p Cleaner


Update Windows
Once your system is clean make sure you update all Critical Service Packs for your system at Microsoft Windows Update.


Free Anti-Virus Programs
AVG
AVAST
AntiVir

Good reads.
Tony Klein's "How Did I get Infected in the First Place?"
Tons of security info here
Both links offer many free programs and tips to protect yourself.


** Any help given is to be used at your own risk


Last edited by kltsin on Wed Jun 29, 2005 11:20 am; edited 2 times in total
Back to top
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger
~PJ~
Black Belt 5th Degree
Black Belt 5th Degree


Joined: 11 Apr 2003
Posts: 5791
Location: Leeds, UK

PostPosted: Wed Jun 29, 2005 5:45 am    Post subject: Reply with quote

Hey Mods - you going to sticky this? Excellent piece of work thanks.
_________________


Let there be respect for the earth,
Peace for its people,
Love in our lives,
Delight in the good,
Forgiveness for past wrongs,
And from now on a new start.
Back to top
View user's profile Send private message
Tolemac
Mobo-fu Master
Mobo-fu Master


Joined: 12 Sep 2000
Posts: 14276
Location: L-1 Bridge

PostPosted: Wed Jun 29, 2005 11:01 am    Post subject: Reply with quote

I'll do ya one better there, PGGB. cool
_________________
The Gift of Healing

Conscious Energy Meditation
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Tolemac
Mobo-fu Master
Mobo-fu Master


Joined: 12 Sep 2000
Posts: 14276
Location: L-1 Bridge

PostPosted: Wed Jun 29, 2005 11:28 am    Post subject: Reply with quote

Ok due to the nature of this thread and info, I'm locking this so that it won't get mucked up. Please create a new thread with your HIJACKTHIS log in it and we'll help you out the best we can. cool
_________________
The Gift of Healing

Conscious Energy Meditation
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Toby B.
Lead Mobo-fu Master
Lead Mobo-fu Master


Joined: 16 Dec 2001
Posts: 14081
Location: Maine

PostPosted: Wed Dec 29, 2010 7:01 am    Post subject: Reply with quote

It helps us a great deal with regaurds to helping get your system clean if we know what we are dealing with... IF you know of a certaing Virus/Trojan/etc, PLEASE help us help you faster by posting any and all availible information. This will in most cases help expediate getting you system cleaned up..

It will also help if your AV program finds a problem (i.e. Virus/Trojan/Worm) please be sure to provide the exact variant if known.. For example, if Norton finds your system infected with the MyDoom virus. Please dont just say "Help I got infected with the MyDoom Virus"; as there are many varients of most of these vireses/trojans/worms that require different tools/steps for removal...

Please keep an eye on this thread as it will be updated and/or modified periodically...
_________________
Compaq-Fu Master
Other sites:
Hydrocephalus-Talk
DSL/Cable Webserver
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    The Mother Board Forum Index -> Virus/Spyware/Security All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group