Question about Hijackthis (Found similar topic, no need to reply)

[Kyle4]

I see all these posts in this section of people posting the logs from Hijackthis and the higher-up and more experienced members reading over them and helping them solve their issues with what they are able to find in the log that others can't.

My question is, what do you look for? How do you tell between what is wrong with the log and what is normal. Do you have extensive knowledge of normal parts that are usually found in the log, and then research the other parts to see if it is (or know from experience that it is) an infection? Is there any tutorial to help someone understand these logs? Does it take a MAJOR amount of extensive knowledge, or something that can be learned and understood with some effort and practice?

I personally don't have an issue that requires one of these scans at the moment, but it would still be nice to be able to understand these so that if I need this tool I can use it and settle out the issue independently, or help someone who used this tool, like members like Mak213 helps analyze and interpret problems with these logs.

*Edit: Found Similar topic with answers I needed (http://www.techist.com/forums/f51/hijackthis-question-166066/), no need to reply to this one xP. Feel free to delete this topic

 

[KSoD]

Well the thing is both myself and Osiris have been reading these things for so long that we recognize issues without much effort. After a while you just notice problems. But yes reading guides offered by Bleeping Computers will help. But you do need some knowledge to know what is good and what isnt.

Easy example is this. The file lsass.exe is a good Windows file but it is also an infection. So how do you distinguish the difference? That is where the expertise comes into play. Knowing where good Windows files are supposed to be located is very helpful. They can be in C:\Windows or C:\Windows\system32. So which one is right? That is something that takes knowledge to know.

While it can be learned. It isnt as easy as just reading a few guides and logs and knowing.

 

[Kyle4]

Aaah, i see, well hopefully soon enough ill get enough practice and experience in reading and analyzing these logs to be able to be helpful with them as well

 

[KSoD]

It took me almost 2 years of reading logs in my spare time to be able to know this type of information. If your really looking to learn this stuff, geekstogo.com has a malware removal school. That might be a better choice than to just try it on your own.

 

[Kyle4]

Dang, 2 years? That IS a long time, but even so, cant hurt to study and learn from what i see done on here and stuff, dont necessarily need to apply it at this point in time but i'd still like to reach tht level =]