LEEnoble Posted June 24, 2005 Share Posted June 24, 2005 What are these people ranting on about? I've never had a problem with CCleaner http://www.webuser.co.uk/cgi-bin/forums/sh...ew=&sb=&o=&vc=1 CCleaner fan since 2005 picshack.co.uk - free image hosting Link to comment Share on other sites More sharing options...
DjLizard Posted June 24, 2005 Share Posted June 24, 2005 That's ridiculous. I use the issues tab constantly, 3 or 4 times in a row on every machine I work on all week, every week. His problems probably stem from his own ignorance on the matter. If there are bugs, they should be reported, but instead, they choose to warn the universe that CCleaner's applications and issues tabs are the roots of all evil. I don't get it at all. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
Moderators TwistedMetal Posted June 24, 2005 Moderators Share Posted June 24, 2005 We have also been concerned about some of the latest editions added under the "Applications" tab as it's not entirely clear what exactly the program is cleaning. Some users across the net have complained of Firefox issues after using the utility's Firefox cleaning function and the Spybot & Ad-Aware cleaning features are less than clear. Firefox, they are probably running CCleaner while Firefox is open. This is easy to correct... Spybot & Ad-Aware cleaning features are less than clear, that's just bull@#$! right there. #1. CCleaner's cleaning on them applications is just common cleaning standards. #2. You can always open up any of the ini's and see what it cleans. We recommend Webusers uncheck all boxes under the 'Applications' and 'Issues' tabs and let Crap Cleaner get on with doing the excellent job most of us use it for. Namely, cleaning out temp files and surfing history. Uncheck all boxes under 'Applications'. That's just retarded, even a user with basic Windows knowledge could see none of the entries cleans "required" application files. Just common log, MRU's, and backups that are useless. I have no reason to lie nor am I just saying this because I am a Moderator. I became a Moderator because I liked CCleaner and wanted to help anyway I can. The only box you should uncheck is MS Office if you use it alot or have custom settings. As for Issues, yes it does have it's corks. It sometimes does find registry keys that are vaild, just look over them. If you are unsure, just unselect it. You should always back up your registry before using any registry cleaning program anyways. I just don't think they even took the time to actually see what it cleans nor do I think they even have any basic knowledge of the programs they use or Windows. I will put it this way, you give me an application I have never used before and I will have CCleaner cleaning all traces of using that program (if possible). They have no knowledge of Windows or the applications they use. They are entitled to their own opinion, as am I. But, I love the way people say CCleaner crashed or messed up my system, or something along them lines. They never have any details on what caused it, (if it even was CCleaner). We have not received any posts saying any of the problems stated on they are saying. There are some really smart pc techs on this forum that use this program for work related and never has it caused any of the problems stated. Do as you wish..... Your Friendly Neighborhood Piriform Forum Moderator Quick Links: CCleaner Products | CCleaner Documentation | Knowledge Center | Downloads | Lost License Key Link to comment Share on other sites More sharing options...
Admin MrG Posted June 24, 2005 Admin Share Posted June 24, 2005 You generally get a few posts like that from competitors who try to "put down" other software without giving specific reasons. Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 24, 2005 Moderators Share Posted June 24, 2005 A much safer alternative is to use the Windows based Disk Cleanup function available by clicking on Start > Run and typing cleanmgr into the run box. Windows Disk Cleanup is the reason there are such programs as CCleaner, hence Windows Disk Cleanup isn't very useful and doesn't do squat compared to CCleaner. I don't see how anyone including PC newbies could use CCleaner incorrectly since it's so intuitive and doesn't require any in-depth computer knowledge to effectively clean a system with it. And no CCleaner doesn't wreak havoc with the system registry, nor does it break Windows! Link to comment Share on other sites More sharing options...
chuckarin Posted June 24, 2005 Share Posted June 24, 2005 Firefox, they are probably running CCleaner while Firefox is open. This is easy to correct... Spybot & Ad-Aware cleaning features are less than clear, that's just bull@#$! right there. #1. CCleaner's cleaning on them applications is just common cleaning standards. #2. You can always open up any of the ini's and see what it cleans. Uncheck all boxes under 'Applications'. That's just retarded, even a user with basic Windows knowledge could see none of the entries cleans "required" application files. Just common log, MRU's, and backups that are useless. I have no reason to lie nor am I just saying this because I am a Moderator. I became a Moderator because I liked CCleaner and wanted to help anyway I can. The only box you should uncheck is MS Office if you use it alot or have custom settings. As for Issues, yes it does have it's corks. It sometimes does find registry keys that are vaild, just look over them. If you are unsure, just unselect it. You should always back up your registry before using any registry cleaning program anyways. I just don't think they even took the time to actually see what it cleans nor do I think they even have any basic knowledge of the programs they use or Windows. I will put it this way, you give me an application I have never used before and I will have CCleaner cleaning all traces of using that program (if possible). They have no knowledge of Windows or the applications they use. They are entitled to their own opinion, as am I. But, I love the way people say CCleaner crashed or messed up my system, or something along them lines. They never have any details on what caused it, (if it even was CCleaner). We have not received any posts saying any of the problems stated on they are saying. There are some really smart pc techs on this forum that use this program for work related and never has it caused any of the problems stated. Do as you wish..... <{POST_SNAPBACK}> I don't see a box for MS Office - we use it regularly and don't need problems. Could you be more specific? Thanks! Link to comment Share on other sites More sharing options...
Moderators TwistedMetal Posted June 24, 2005 Moderators Share Posted June 24, 2005 More specific on what, MS Office? Your Friendly Neighborhood Piriform Forum Moderator Quick Links: CCleaner Products | CCleaner Documentation | Knowledge Center | Downloads | Lost License Key Link to comment Share on other sites More sharing options...
chuckarin Posted June 24, 2005 Share Posted June 24, 2005 More specific on what, MS Office? <{POST_SNAPBACK}> Sorry I wasn't clear! I don't see a box labelled "MS Office" to uncheck - which MS box/es are significant? Just want to follow your suggestion - you know better than I, for sure! Thanks for being there. Link to comment Share on other sites More sharing options...
Moderators TwistedMetal Posted June 24, 2005 Moderators Share Posted June 24, 2005 Ok, before anything bad starts. Please read! Everyone is entitled to their own opinion and yes... My post was kind of harsh and I apologize, I was just mad at the time. If any flaming starts between CCleaner and Web User. This thread will be deleted immediately. If you post, post in a nice and non rude manner. This is the only warning! Your Friendly Neighborhood Piriform Forum Moderator Quick Links: CCleaner Products | CCleaner Documentation | Knowledge Center | Downloads | Lost License Key Link to comment Share on other sites More sharing options...
Moderators TwistedMetal Posted June 24, 2005 Moderators Share Posted June 24, 2005 Sorry I wasn't clear! I don't see a box labelled "MS Office" to uncheck - which MS box/es are significant? Just want to follow your suggestion - you know better than I, for sure! Thanks for being there. <{POST_SNAPBACK}> Cleaner > Applications > Applications, if you don't have MS Office listed then you have nothing to worry about. It doesn't do any harm to Office or deletes documents or anything like that. It's that if you have custom settings or custom toolbars in Office it will go back to the default settings. Several people don't like the way CCleaner does the cleaning on Office, but this is the only way to clear the recent opened list. Your Friendly Neighborhood Piriform Forum Moderator Quick Links: CCleaner Products | CCleaner Documentation | Knowledge Center | Downloads | Lost License Key Link to comment Share on other sites More sharing options...
chuckarin Posted June 24, 2005 Share Posted June 24, 2005 Cleaner > Applications > Applications, if you don't have MS Office listed then you have nothing to worry about. It doesn't do any harm to Office or deletes documents or anything like that. It's that if you have custom settings or custom toolbars in Office it will go back to the default settings. Several people don't like the way CCleaner does the cleaning on Office, but this is the only way to clear the recent opened list. <{POST_SNAPBACK}> Thanks a lot! (And your first post was not even "kind of" harsh if judged by what is seen elsewhere, in forums, on the web.) Link to comment Share on other sites More sharing options...
John McKenna Posted June 24, 2005 Share Posted June 24, 2005 Hello CCleaner people. I'm the author (or should I say 'retard'?) of the Webuser thread. First of all I'd like to point out that despite my apparent 'ignorance' of the program in question, I've been using CCleaner myself for nearly a year and I'm a firm favourite of it's use. However, the warning to the Webuser readers (baring in mind the site's members are generally novice users) was on the back of a discussion in a hidden Security Experts forum at Bleeping Computer? (one of the nets foremost computer help sites). The issue was raised by several experts who know far more about computers than I ever will and who's opinion I take note of. My own background is strictly one of Security and malware removal just to get that straight from the off. I'm not concerned with stripping computers down so they run at optimum performance like many of the forum mainstays here 'seem' to be but mearly the safe removal of viri and spyware. When the issue of CCleaner was originally raised, I was as surprised as most but preferred to air on the side of caution. The Security Experts on both Webuser and Bleeping had been advocating CCleaner's use for a long time but issues were being raised about certain aspects of the program (sorry I cannot provide links). I trust the authors of the information I was reading and I don't believe they had an interest in any competitors software). As I revealed at the start, my background is one of Security (not programming) so when acting as a Moderator of Security forums I believe I acted with my own readers interests in mind. That's ridiculous. I use the issues tab constantly, 3 or 4 times in a row on every machine I work on all week, every week. His problems probably stem from his own ignorance on the matter. Registry cleaning tools should be treated with caution at all time regardless of the software title. Due to the issues I'd seen raised, I prefered to warn our novices until I was happy the issues were either ironed out and/or proved unfounded. As someone who has a direct impact on the well being of malware victim's machine's, I don't consider I posted without thought. I did after all request "regulars (ie computer literate) take extra care with which default options they retain". If there are bugs, they should be reported, but instead, they choose to warn the universe that CCleaner's applications and issues tabs are the roots of all evil. I don't get it at all. If the appropriate forum had been here I may well have done that but from what I remember, the relevant soapbox was not present at the time (note the date of my original post please). A quick search on the CCleaner forum reveals only a few threads prior to my own warning. The first in the Bug Reporting Forum was: Problem with registry (5/5/05) which recieved no replies. The other one I found was in the CCleaner Discussion Forum: error with registry issues (27/4/05) <--Unfortunately you won't be able to view this topic as it's been deleted..... Spybot & Ad-Aware cleaning features are less than clear, that's just bull@#$! right there. #1. CCleaner's cleaning on them applications is just common cleaning standards. #2. You can always open up any of the ini's and see what it cleans. Uncheck all boxes under 'Applications'. That's just retarded, even a user with basic Windows knowledge could see none of the entries cleans "required" application files. Just common log, MRU's, and backups that are useless. Are Spybot and Ad-Aware backup logs useless? What happens when one of these programs makes a booboo and removes something it shouldn't have? Both are excellent but accidents do happen. I don't believe CCleaner has any business deleting these log files (especially without specific instructions/reasons for doing so. I can't find any explanation about these on your forums.... As for Issues, yes it does have it's corks. It sometimes does find registry keys that are vaild, just look over them. If you are unsure, just unselect it. You should always back up your registry before using any registry cleaning program anyways. So my warning has some legitimacy in your own words and in a perfect world, users (even novices) would check every registry issue found (and understand it) but in reality that's not the case. If you think otherwise you're just kidding yourself. It's only when people run into problems that folk start to question the integrtity of applications they know and trust. I just don't think they even took the time to actually see what it cleans nor do I think they even have any basic knowledge of the programs they use or Windows. Hopefully my comments so far will go some way to helping you understand how this comment is a little unfounded. I will put it this way, you give me an application I have never used before and I will have CCleaner cleaning all traces of using that program (if possible). As I said previously, I'm not concerned with performance issues, just Security. Your comment here goes a long way to explaining our different angles in reading this issue. They are entitled to their own opinion, as am I. But, I love the way people say CCleaner crashed or messed up my system, or something along them lines. They never have any details on what caused it, (if it even was CCleaner). We have not received any posts saying any of the problems stated on they are saying. Granted some of the issues I raised may have nothing to do with CCleaner at the end of the day but once again I point out that the relevant support forum wasn't available at the the time of my original post. There are some really smart pc techs on this forum that use this program for work related and never has it caused any of the problems stated. Do as you wish..... Nor has it on my own machine but I felt I had a duty to others as I suggested before who may not have the contacts I do and wouldn't think to look at a program they know and trust as a 'possible' cause of system malfunctions. I apologise wholeheartedly for any offence 'finally' caused but hope you understand my reasoning for the warning a few months ago even if it appears ill founded to yourselves. When I unpinned the topic 6 weeks ago, I hoped it would disappear from the google ranks so I hope this thread doesn't resurect the issue. ============================================= Regarding the HJT logs posted on this site (and with all due respect to Tarun because he's had a go), don't be surprised if this user doesn't post back again due to his internet connection being destroyed after following your instructions..... And in this thread. If you want my help to clean the malware I will do so as a goodwill gesture. If you want to clean HJT logs I suggest you do so properley. Simply removing the entries with HJT does NOT fix the problem. Nail.exe requires a specific fix, not just Nailfix. I suggest you leave the HJT logs to the experts (or should that be 'retards' Peace.... HJM Link to comment Share on other sites More sharing options...
Capman Posted June 25, 2005 Share Posted June 25, 2005 It has all come back to me now, as to why I stopped buying: WebUser magazine Although I still ocassionally buy their rival magazine: WebActive magazine Which is the sister magazine of the UK's best selling computer magazine: ComputerActive magazine of which I buy every fortnight without a doubt. Two members of this forum stand out head and shoulders above the rest, one of which is Tarun, who was slightly slated by J Mc K, the other is DjLizard who's posts were quoted by J Mc K, without these two members this forum would struggle a bit. Thanks for your opinion though J Mc K. Link to comment Share on other sites More sharing options...
LEEnoble Posted June 25, 2005 Author Share Posted June 25, 2005 Although I still ocassionally buy there rival magazineWebActive magazine I first found out about CCleaner in a WebActive magazine review last January CCleaner fan since 2005 picshack.co.uk - free image hosting Link to comment Share on other sites More sharing options...
Capman Posted June 25, 2005 Share Posted June 25, 2005 I first found out about CCleaner in a WebActive magazine review last January? <{POST_SNAPBACK}> WebActive and ComputerActive first promoted it soon after it's release, almost. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted June 25, 2005 Moderators Share Posted June 25, 2005 John McKenna what are you saying that Tarun recommended that killed that persons internet connection? Link to comment Share on other sites More sharing options...
Tarun Posted June 25, 2005 Share Posted June 25, 2005 Regarding the HJT logs posted on this site (and with all due respect to Tarun because he's had a go), don't be surprised if this user doesn't post back again due to his internet connection being destroyed after following your instructions..... And in this thread. If you want my help to clean the malware I will do so as a goodwill gesture. If you want to clean HJT logs I suggest you do so properley. Simply removing the entries with HJT does NOT fix the problem. Nail.exe requires a specific fix, not just Nailfix. I suggest you leave the HJT logs to the experts (or should that be 'retards' Peace.... HJM <{POST_SNAPBACK}> Take your own "advice" and leave it to the experts that are here. Being online you can only do as well as the person who follows your instructions. I for one do not welcome you if you come around and have been bashing a perfectly good application, and insult the users of this forum. Don't expect to just jump in here and say you're an expert. Especially when the methods you suggest in the other thread were rather pointless. I do not like people who instantly claim to be the "know-it-all" type either. I know I'm not perfect yet at cleaning HijackThis logs, but I do know I have a 99% success rate. Any mistakes that I have made I was able to correct without any harm to the users system. To come here and preach more of your unintelligent blather is not a good start. I highly suggest you learn how to read as well. You missed that L0SeR's second post had no references to Nail.exe; and as DjLizard stated (whom is quite frankly the world's BEST pc tech), a malware scan in Safe Mode was still needed. You also seemed to miss that L0SeR seems to post roughly every ten days. How is it your type always finds their way to perfectly good forums. John McKenna what are you saying that Tarun recommended that killed that persons internet connection? <{POST_SNAPBACK}> It sure sounds like it. Not a very nice start, is it? Link to comment Share on other sites More sharing options...
DjLizard Posted June 25, 2005 Share Posted June 25, 2005 Mr. McKenna, you have explained everything very well. I don't have a problem with any of what you said. I'm sorry if something I said was slanted, I tend to do that lately. Removing malware over the internet is a tough job, and that's why I make Tarun do it. I can wreck some malware in person, but I won't touch it over the internet. I didn't ever see this post, although I get very busy at work sometimes when I'm reading this forum. Thanks for the heads up on the one 'that got away'. That post is very disconcerting, and I'll have to remember to keep an eye on it. It may have been addressed silently (although MrG's heads-up on fixing it would have been appreciated) or it may have gotten overlooked. I've had so much good luck in the Issues tab that I have let my overconfidence in CCleaner take over, and I should probably be more wary. Thanks for your post. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
Moderators rridgely Posted June 25, 2005 Moderators Share Posted June 25, 2005 Also when he said that removing malware with hijack this is not right, what else are you supposed to do? Link to comment Share on other sites More sharing options...
DjLizard Posted June 25, 2005 Share Posted June 25, 2005 You're supposed to delete the underlying files first, before checkmarking them in HJT, which is what Ad-Aware, Spybot, et al, try to remove (but I usually go in with Autoruns, find all the malware files that AAW and SB didn't remove, and manually delete them) but this is all hard to explain to users over the internet, which is why I don't generally help with malware cleanups on here, except for the occasional comment. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
Bavaria Posted June 25, 2005 Share Posted June 25, 2005 You generally get a few posts like that from competitors who try to "put down" other software without giving specific reasons. <{POST_SNAPBACK}> Yeah!But this applies to stupid(sorry ) people! If you try CCleaner you will know is ok ,and does not affect(in a wrong way) your computer! Just my opinion... Link to comment Share on other sites More sharing options...
John McKenna Posted June 25, 2005 Share Posted June 25, 2005 Tarun I don't wish to start a flame war on this forum but I feel I must respond to your comments. I don't for one minute claim to be an expert but I have studied malware removal on a virtually full time basis for some eighteen months now. Apart from being a Moderator in the Security forums of Webuser, I'm also an authorised malware remover at some of the top anti-spyware forums the internet has to offer. I consider myself more than competant when it comes to removing malware. If that puts me in the "know-it-all" bracket in your eyes then so be it. I for one do not welcome you if you come around and have been bashing a perfectly good application, and insult the users of this forum. I haven't bashed the product at all. I've gone to great lengths to explain the reasons behind the original posting over 2 months ago and I have certainly not come here to insult the members of this forum. I can see how you may view a few of my comments towards yourself as insulting but my intention was never to do that. I apologise for causing such offence but I believe my comments were justified regarding the HJT advice. Don't expect to just jump in here and say you're an expert. Especially when the methods you suggest in the other thread were rather pointless. I do not like people who instantly claim to be the "know-it-all" type either. Ewido is the recognised remover of this infection along with Nailfix. Both must be run in Safe Mode and the temp files must be cleaned. The reason for the temp files? Nail.exe has been morphing of late to Nail1.exe and planting itself in the users temp folder when an attempt to remove it has been made. I posted the recognised 'full' fix so that the user doesn't mess about running scans with Ad-Aware and Spybot when those programs are not effective on this infection. I know I'm not perfect yet at cleaning HijackThis logs, but I do know I have a 99% success rate. Any mistakes that I have made I was able to correct without any harm to the users system. To come here and preach more of your unintelligent blather is not a good start. If all the logs you advise on consist of simply removing the entries with HJT I'm afraid your success rate won't be anything like 99%. When the victim reboots, the entries will all be back again unless you delete the infected files..... I highly suggest you learn how to read as well. You missed that L0SeR's second post had no references to Nail.exe; and as DjLizard stated (whom is quite frankly the world's BEST pc tech), a malware scan in Safe Mode was still needed. True but this line WAS still present which should have alerted you to the fact the infection was still present.... O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe And with regard the malware scan in safe mode, as I've already mentioned, Ad-Aware and Spybot are useless against this infection at present. For what's it's worth (not much in your eyes I'm sure). I've cast my eyes over your recommendations again and make the following comments: On the basis that HijackThis is a program for the removal of malware and the victim came to you wishing to rid themselves of an infection. Disable System Restore. Right click My Computer > Properties > System Restore > Apply a check to "Turn off System Restore on all drives". Why are you suggesting they disable system restore immediately? What happens if anything goes wrong with your fix and the victim needs to roll back to an earlier restore point? An infected restore point is better than no restore points IMHO. I would leave that until the end. The infected restore points are of no harm to the user while you're fixing their log so leave that until they're clean. Created registry value. Safe to remove:R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 All perfectly legitimate entries. Why are you recommending their removal? Changed registry value. Safe to remove:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oemji.com The users start page on IE. Why remove that? It's there for a reason. Enumeration of suspicious auto-loading registry entries. Safe to remove:O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe Xfire messenger....a perfctly legimate program. Certainly not malware by any stretch of the imagination. Recommended to go:(long list of legitimate entries) HijackThis is for removing malware. Many of the entries in the log are not 'needed' for the running of the machine but are nonetheless there for a reason and improve functionality for the user. If the victim had complained of a slow system then by all means recommend the removal of items not required from the startup list. To suggest they should remove virtually everything just because you've researched the item on one of the many online Startup lists and noted the 'not required' comment at the end of the explanation is just bad practice at the very least. Remember, this isn't your machine and you have no business removing legitmate items from a HJT log just because it's what you would do to your own machine. Best sticking to just removing malware unless specifically asked otherwise. New.Net must be removed via Add/Remove programs. Failure to do so may not only crash the machine in question but also damage the winsock layer. Granted you've asked them to use LSP-fix but there really isn't any need if the program is removed correctly. Xfire messenger will not function properley at all now either if the user has used LSP fix. Like I said above, it's a perfectly legit entry. Just because HJT flags it as 'unknown' does NOT mean it's bad. Without sounding condescending Tarun (and I hope you take this the right way) but I recommend you undertake a course in malware removal at one of the following forums. They provide free training in malware removal in a hidden closed environment which will not only teach you good practice but also keep you in touch with all the latest infections and recognised removal procedures. Enrol at any of the following sites if you wish to go down the classroom route. Bleeping Computer Tom Coyote Malware Removal.com You'll learn more in 2 days from these sites than you will from 2 months worth of your own research. Hell, you might even go as far as thanking me through gritted teeth one day if you decide to take my advice. Regards HJM DjLizard Thankyou for your reply. Link to comment Share on other sites More sharing options...
Moderators TwistedMetal Posted June 25, 2005 Moderators Share Posted June 25, 2005 I can answer 1 of them questions. Created registry value. Safe to remove: R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 All perfectly legitimate entries. Why are you recommending their removal? He's not, Safe to remove: it's a program generated log. He made a program for reading HiJackThis logs. It explains everything in the log for easy reading, you can choose to remove it or not. Your Friendly Neighborhood Piriform Forum Moderator Quick Links: CCleaner Products | CCleaner Documentation | Knowledge Center | Downloads | Lost License Key Link to comment Share on other sites More sharing options...
John McKenna Posted June 25, 2005 Share Posted June 25, 2005 I can answer 1 of them questions. Created registry value. Safe to remove: R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 All perfectly legitimate entries. Why are you recommending their removal? He's not, Safe to remove: it's a program generated log. He made a program for reading HiJackThis logs. It explains everything in the log for easy reading, you can choose to remove it or not. <{POST_SNAPBACK}> And there lies the problem with automated HJT readers. It hasn't flagged the malicious 023 service entry connected to the original infection and suggests removing a legitimate entry from the winsock layer as safe. By simply posting the list, it's tantamount to suggesting their removal. Most novice users IMHO would remove all of those entries listed thinking they weren't necessary when in reality most of them are. As I've tried explaining, HJT is a tool for removing malware. If you're going to use it, it needs supporting instructions of what to delete file wise, not just a list of entries which may or may not be safe to remove. You're treating HJT as if it were CCleaner. It's not as easy as marking the entries and hitting Fix Checked and expecting the infection to be removed. Link to comment Share on other sites More sharing options...
Tarun Posted June 25, 2005 Share Posted June 25, 2005 Tarun I don't wish to start a flame war on this forum but I feel I must respond to your comments. I don't for one minute claim to be an expert but I have studied malware removal on a virtually full time basis for some eighteen months now. Apart from being a Moderator in the Security forums of Webuser, I'm also an authorised malware remover at some of the top anti-spyware forums the internet has to offer. I consider myself more than competant when it comes to removing malware. If that puts me in the "know-it-all" bracket in your eyes then so be it. <{POST_SNAPBACK}> And how would you feel if someone suddenly appeared on some forums and started the same thing you are now doing? Just a thought. Ewido is the recognised remover of this infection along with Nailfix. Both must be run in Safe Mode and the temp files must be cleaned. The reason for the temp files? Nail.exe has been morphing of late to Nail1.exe and planting itself in the users temp folder when an attempt to remove it has been made. I posted the recognised 'full' fix so that the user doesn't mess about running scans with Ad-Aware and Spybot when those programs are not effective on this infection. True but this line WAS still present which should have alerted you to the fact the infection was still present.... O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe <{POST_SNAPBACK}> I am learning and I'm not afraid to admit it. Surely you too overlook things? From what I've seen, you really do. And with regard the malware scan in safe mode, as I've already mentioned, Ad-Aware and Spybot are useless against this infection at present.For what's it's worth (not much in your eyes I'm sure). I've cast my eyes over your recommendations again and make the following comments: On the basis that HijackThis is a program for the removal of malware and the victim came to you wishing to rid themselves of an infection. Why are you suggesting they disable system restore immediately? What happens if anything goes wrong with your fix and the victim needs to roll back to an earlier restore point? An infected restore point is better than no restore points IMHO. I would leave that until the end. The infected restore points are of no harm to the user while you're fixing their log so leave that until they're clean. <{POST_SNAPBACK}> You do seem to like to overlook things. I suggest that people disable System Restore and reboot into Safe Mode to run the anti-malware scanners, virus scanners and other items to full remove anything while they are in Safe Mode. PC Maintenance is a definite read. All perfectly legitimate entries. Why are you recommending their removal? The users start page on IE. Why remove that? It's there for a reason. Xfire messenger....a perfctly legimate program. Certainly not malware by any stretch of the imagination. <{POST_SNAPBACK}> Hardly. See below. HijackThis is for removing malware. Many of the entries in the log are not 'needed' for the running of the machine but are nonetheless there for a reason and improve functionality for the user. If the victim had complained of a slow system then by all means recommend the removal of items not required from the startup list. To suggest they should remove virtually everything just because you've researched the item on one of the many online Startup lists and noted the 'not required' comment at the end of the explanation is just bad practice at the very least. Remember, this isn't your machine and you have no business removing legitmate items from a HJT log just because it's what you would do to your own machine. Best sticking to just removing malware unless specifically asked otherwise.<{POST_SNAPBACK}> You do not know me, so who are you to try and say what I should and should not do. Advice is well and good, though do you realize you are also saying untrue statements that could potentially damage my credibility and reputation. I'm sure you would be the same as I am right now highly defensive if you have this happening to you on a forum where you frequent. When I clean a user's HijackThis log I also very carefully look over the O4 - Startup section. A lot of unnecessary applications get loaded on startup and they are informed of this. Only once have I suggested the removal of an item from startup that was needed (for a software firewall I believe) but I helped that user restore it. All perfectly legitimate entries. Why are you recommending their removal? The users start page on IE. Why remove that? It's there for a reason. Xfire messenger....a perfctly legimate program. Certainly not malware by any stretch of the imagination. <{POST_SNAPBACK}> Hardly. See below. HijackThis is for removing malware. Many of the entries in the log are not 'needed' for the running of the machine but are nonetheless there for a reason and improve functionality for the user. If the victim had complained of a slow system then by all means recommend the removal of items not required from the startup list. To suggest they should remove virtually everything just because you've researched the item on one of the many online Startup lists and noted the 'not required' comment at the end of the explanation is just bad practice at the very least. Remember, this isn't your machine and you have no business removing legitmate items from a HJT log just because it's what you would do to your own machine. Best sticking to just removing malware unless specifically asked otherwise.<{POST_SNAPBACK}> You do not know me, so who are you to try and say what I should and should not do. Advice is well and good, though do you realize you are also saying untrue statements that could potentially damage my credibility and reputation. I'm sure you would be the same as I am right now highly defensive if you have this happening to you on a forum where you frequent. When I clean a user's HijackThis log I also very carefully look over the O4 - Startup section. A lot of unnecessary applications get loaded on startup and they are informed of this. Only once have I suggested the removal of an item from startup that was needed (for a software firewall I believe) but I helped that user restore it. New.Net must be removed via Add/Remove programs. Failure to do so may not only crash the machine in question but also damage the winsock layer. Granted you've asked them to use LSP-fix but there really isn't any need if the program is removed correctly. Xfire messenger will not function properley at all now either if the user has used LSP fix. Like I said above, it's a perfectly legit entry. Just because HJT flags it as 'unknown' does NOT mean it's bad.<{POST_SNAPBACK}> Xfire may employ companies and people to perform tasks on its behalf, and will need to share personal information with these agents to establish and deliver service to the individual. Xfire's agents do not receive any right to use personal information beyond what is necessary to perform these tasks. Xfire will not disclose registration information to third parties, including, but not limited to, companies affiliated with Xfire, without your consent or as otherwise stated in this privacy policy. If at some point Xfire sells all or a portion of its assets, customer information is one of those assets that would be transferred or acquired by a third party; the third party would then have the right to continue using the personal information as set forth in this policy. For more information see our Privacy Policy Changes section below. Xfire may release or exchange personal information if required to do so to comply with applicable law or to enforce its rights or agreements or prevent fraud or reduce credit risk. In addition, Xfire may contact you to inform you of updates or new features. Yet you ask me why I don't like this application and recommend removal? That privacy policy is just too shady. Read more... This has been covered before. They collect information that they really don't need to run this "service". Without sounding condescending Tarun (and I hope you take this the right way) but I recommend you undertake a course in malware removal at one of the following forums. They provide free training in malware removal in a hidden closed environment which will not only teach you good practice but also keep you in touch with all the latest infections and recognised removal procedures. Enrol at any of the following sites if you wish to go down the classroom route. Bleeping Computer Tom Coyote Malware Removal.com You'll learn more in 2 days from these sites than you will from 2 months worth of your own research. Hell, you might even go as far as thanking me through gritted teeth one day if you decide to take my advice. Regards HJM DjLizard Thankyou for your reply. <{POST_SNAPBACK}> I will look into it, as I'm always looking to learn. Wow, gotta split this into a few more posts. Link to comment Share on other sites More sharing options...
Recommended Posts