Difference between revisions of "Importing a HijackThis log"
(First draft) |
m (Made HJT a link) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Image:Opensbieditlite-hijackthis-example.png|thumb|300px|Import dialog]] | [[Image:Opensbieditlite-hijackthis-example.png|thumb|300px|Import dialog]] | ||
| − | HijackThis, sometimes abbreviated HJT, is a tool that lists important system startup location entries and allows to remove them. When the author, Merijn Bellekom, sold it to Trend Micro, it got into the hands of a corporation the we cannot recommend to trust, but our [[RunAlyzer]] allows to create compatible logs as well. | + | [[HijackThis]], sometimes abbreviated HJT, is a tool that lists important system startup location entries and allows to remove them. When the author, Merijn Bellekom, sold it to Trend Micro, it got into the hands of a corporation the we cannot recommend to trust, but our [[RunAlyzer]] allows to create compatible logs as well. |
| + | |||
| + | [[OpenSBI Edit Lite]] is able to convert selected entries from HJT logs into [[SBI Commands|OpenSBI code]]. | ||
==Quick Steps== | ==Quick Steps== | ||
| Line 22: | Line 24: | ||
It is sometimes difficult to find out the exact registry location a HijackThis entry results from; also, HijackThis logs do not contain additional file information in its default mode. OpenSBI Edit Lite adds multiple SBI code lines for these sometimes, and it is up to you too choose the proper one, and updated it with advanced parameters to make sure to avoid [[False positive|false positives]]. | It is sometimes difficult to find out the exact registry location a HijackThis entry results from; also, HijackThis logs do not contain additional file information in its default mode. OpenSBI Edit Lite adds multiple SBI code lines for these sometimes, and it is up to you too choose the proper one, and updated it with advanced parameters to make sure to avoid [[False positive|false positives]]. | ||
| + | |||
| + | [[Category:Tutorials]] | ||
Latest revision as of 19:05, 27 May 2008
HijackThis, sometimes abbreviated HJT, is a tool that lists important system startup location entries and allows to remove them. When the author, Merijn Bellekom, sold it to Trend Micro, it got into the hands of a corporation the we cannot recommend to trust, but our RunAlyzer allows to create compatible logs as well.
OpenSBI Edit Lite is able to convert selected entries from HJT logs into OpenSBI code.
Quick Steps
- Run OpenSBI Edit Lite.
- Start a new file (menu File: New).
- Open the import dialog (menu File: Import: Import HijackThis logs).
- Select one or more log files as created by HijackThis or RunAlyzer.
- Make your choice of changes to detect by selecting the checkboxes next to them.
- Finish by pressing the OK button.
- Add useful descriptions for files (see description templates).
- Update the advanced file parameters where required (see the tutorial Choosing advanced file parameters).
Details
The import dialog will give you two tabs:
- The Items tab, which is the main one. It lists all HJT categories with their respective location. If you click the checkbox next to each item, code for detection for this item will be added to the preview tab.
- Another tab named Preview, which will give you a preview of the SBI code that will be added to the editor when you press OK.
Warning
HijackThis lists all entries in the locations it knows, not just bad ones.
It is sometimes difficult to find out the exact registry location a HijackThis entry results from; also, HijackThis logs do not contain additional file information in its default mode. OpenSBI Edit Lite adds multiple SBI code lines for these sometimes, and it is up to you too choose the proper one, and updated it with advanced parameters to make sure to avoid false positives.
