Spyware Mods/Analysts

This is just a question but how do the people like __RiP_ChAiN_ , TwistedMetal, rridgely etc know what it is to look for when someone posts a Hijack This log for analysis.

I have sat looking through many posts trying to identify patterns, however the logs don't really mean terribly much to me at a glance. It's an area that has interested me for a little while, but I'm not quite sure how to go about acquiring the necessary knowledge!

Have you had an interest/been involved in this area for so long that you recognise patterns, or does your knowledge come from attending a College or University?

Any tips or directions to learning materials would be great!

Cheers

Stryker

They have a free online "university" to learn how to read hijack this logs here:

http://forums.spywareinfo.com/

Any tips or directions to learning materials would be great!

Cheers

Stryker

Hi Stryker,

If you haven't already heard from him,just PM RipChain with a link to your post.He is so busy he may not see it in the Lounge.

:) davey

Thanks Davey. I wasn't sure where the best place to post that question was.

I'll give him a PM.

HijackThis Tutorial & Guide

A guide and tutorial on using HijackThis to remove Browser Hijackers & Spyware

http://www.bleepingcomputer.com/tutorials/tutorial42.html

It does not explain what is good nor bad but using the two tutorials and Google searches you will soon find out how to read the HijackThis logs.

Sorry for being late to this thread, I rarely deviate from the HijackThis forums..

I have sat looking through many posts trying to identify patterns, however the logs don't really mean terribly much to me at a glance. It's an area that has interested me for a little while, but I'm not quite sure how to go about acquiring the necessary knowledge!

Have you had an interest/been involved in this area for so long that you recognise patterns, or does your knowledge come from attending a College or University?

Although it is possible to learn how HijackThis works in detail by reading tutorials on the subject, including the one available from Bleeping Computer, you will still need to go through some sort of training in order to recognize the infections in such logs. I, myself, went through the training course available on GeeksToGo, which is now one of the places I help teach how to work HIjackThis logs at. For more information on training there, you can take a look here.

There are also other schools that will teach you about HijackThis, such as CastleCops, MRU, and Bleeping Computer.

It is really interesting to get such a unique perspective on the way malware infects computers, and the ways used to get rid of such crap.

In addition, the reason people like me just seem to show up from nowhere, is because most of us regularly do work at half a dozen forums, or more. Usually at one of the main fourms, where you can also learn how to read HJT logs from.

Thanks for all the advice. I'll give them a look and let you know how I get on!

Stryker