Tarun Posted June 25, 2005 Share Posted June 25, 2005 I can answer 1 of them questions. Created registry value. Safe to remove: R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 All perfectly legitimate entries. Why are you recommending their removal? He's not, Safe to remove: it's a program generated log. He made a program for reading HiJackThis logs. It explains everything in the log for easy reading, you can choose to remove it or not. <{POST_SNAPBACK}> Correct, and you never know when/if those may have been hijacked or changed by installing another application. And there lies the problem with automated HJT readers. It hasn't flagged the malicious 023 service entry connected to the original infection and suggests removing a legitimate entry from the winsock layer as safe. By simply posting the list, it's tantamount to suggesting their removal. Most novice users IMHO would remove all of those entries listed thinking they weren't necessary when in reality most of them are. As I've tried explaining, HJT is a tool for removing malware. If you're going to use it, it needs supporting instructions of what to delete file wise, not just a list of entries which may or may not be safe to remove. You're treating HJT as if it were CCleaner. It's not as easy as marking the entries and hitting Fix Checked and expecting the infection to be removed. <{POST_SNAPBACK}> Don't start bashing my program. That's just. No. It's a sure-fire way to get onto my poo list. The program is constantly changing and growing. It is not automated, the user still has to go through and find the entries to keep and which to remove. It then generates the code into BBCode or HTML. That means that because it is not automated it is as simple as an overlooked entry. If you look to the PC Maintenance page, you will see that CWShredder, Spyware Blaster, Microsoft Anti-Spyware, Ad-Aware, Spybot, CCleaner, and HijackThis are on the list. It tells what order to do these things and how to use them. MSAS, Ad-Aware, Spybot and CCleaner (Yes, it can remove malware in the Temp directories) are all part of removing malware. That is why I tell people to run and refer to the Anti-Malware package first, then to post their HijackThis log. Hopefully this will clear some things up. Don't mind my defensiveness, I do appreciate the tips and advice; it just could have been worded a LOT better. Link to comment Share on other sites More sharing options...
gunner Posted July 4, 2005 Share Posted July 4, 2005 Hey John: With that avatar, why don't you just "bless" the crap away and save us all? If it isn't broke, tweak it. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted July 5, 2005 Moderators Share Posted July 5, 2005 Hey John: With that avatar, why don't you just "bless" the crap away and save us all? <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
Recommended Posts