HiJackThis Self Help

[office politics]

i've been thinking it might be cool to create a hijackthis log scanner. I'm not sure what TF's processes are for scanning the logs, but if they are doing them manually, they could benefit from setting up an auto scanner to catch most obivious fixes. I'll let someone from TF post, Yes, we would like.. or No, that's ok, before diving into my ideas for the project.

However, I was able to find a online scanner already made. I noticed an issue where it tells me certain programs such as JRE & AV are typically save to a folder in c:\programme. I'm thinking this is a config issue on their end. The site is .de and we are en. I don't think they consider the conversion of file paths via the translation links on their website.

HijackThis Logfileauswertung

 

[KSoD]

I have used the site. It is okay for some things but not all. It will mark all items that have (no file) as items to be removed and the problem with that is that some of those files are actually legitimate and shouldnt be removed. They are used for various plugins for browsers and are not active during the scan which is why they are showing up that way. It is for that reason that while we can use that site, you still have to know and understand what the entries are to be able to distinguish the difference between a real entry that needs to be removed and one that is inactive at that time.

 

[office politics]

my question would be how much of pain is it to review a log, time after time? do you think we can speed up the process by capturing the knowledge of the user and enabling the system to process the information?

currently, this is what I'm envisioning. create a application, whether its web-based or not, that loads a hijackthis log. next to each line item you have three columns. Keep, Remove, and Comments. The person reviewing the log fill out the columns as they see fit. Once complete, they click submit and a report is generated. Information about each line item is svaed on the backend for future use. As time progresses, more and more info about entries are captured. Now, we need to show previous info about each line item when new hijackthis logs are loaded. We could add a fourth column named Suggested. The recommended action would popluate when the log is loaded.

If ya'll ever decide that the system is perfect enough to release to the public, then we've reached the goal and created a Hijackthis Self Help App

 

[KSoD]

But that is already what that site does. But only to a certain extent. It will allow users to vote on if a file is safe or not and so on. But who is to say that the information provide is correct?

The problem is that with the millions and millions of infections out there to date and the increasing number that get released daily this tool could never make it off the ground. Having to start from scratch with basically 2 people who know how to read these logs having to incorporate this database.

It takes only a few seconds to read a log. About as much time as it would to copy/paste, click submit and get results. Maybe for a new person it takes much longer, but since Osiris and myself are the 2 main people here that read logs we have gotten efficient at it. By the time you get this program to the point that it can operate to the speed we do, we will be even faster.

If you want to take the time to develop it, i am not saying no. But it isnt going to help us much. We can basically just look and be able to pinpoint issues with just a look over.