Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Learning resources, recommendations
- Thread starter dyarwood
- Start date
diogenes10
Technical User
bootcamp
(I've not done this)
A masochistic streak:
thread760-802867
doxdesk, kephyr, and pestpatrol have a lot of comments and manual removal instructions about assorted pests which are useful in reviewing log posts.
There are assorted sites that give you things like startup program, bho, and clsid lists. My preference is to, most of the time, just use google with the item in question because in going down a hijack this log, different items will trip different sites or different blocks of threads.
Lots of time for the learning process.
I open up notepad and two explorer windows. Hold the site thread with the log I'm analysing in one window, copy the log to note pad, and use the second explorer window for searches. If Im going to be a long time with analysis, Ill put the thread link, poster name, and other ref info I want to get me back to the precise thread Im reviewing at the top of notepad. At this point, you then edit the log in notepad.
Check the op system. If it's xp or me, you have to present about disabling and reenabling system restore.
Check the explorer version. If it's not updated, remind them to get their security updates.
Two things I've not done - because of the amount of time involved - carefully organize your favorites listings so you can find resource materials you need and post them into responses. And create some canned responses of your own with links to appropriate tutorials or program downloads. My time to do logs has been limited so Ive focused on that, but investing 8-12 hours in those two steps would probably dramatically improve my ability to respond effectively to some logs.
At this point, you have to go through the log. I am handicapped here and will never be able to be better than a second rate responder, because I know almost nothing about the various operating systems and what should be there. I have to research everything. I am also not a programmer so I cant write spiffy little tools to research some new thing that goes wrong or analyse files submitted by someone having trouble. Google on each program in the list. Figure out based on references which are bad and which are good.
You will find resource with list for different areas of the log. You will also find threads. I put higest priority on posts I find at wilders, computercops, spywareinfo and gladiator security. Any response anywhere by pieter arntz or tony klein is solid gold, you'll learn the other really knowledgeable responders at various sites. Study the thread where you item is and work out in your mind why it was or was not recommended for removal. Repeat for next item and so on. When you determing something is good, remove it from the notepad list. When you are finished, you have a list of bad programs (in the program list and process lines) and processes that need to be fixed. Get all the processes in a group, get the programs/folders below, add the instructions for fixing, rebooting and deleting, and other editorial comments, then copy the notepad list back to the original thread and post it. (Or if it is on your own machine, just take the actions.)
My other big problem is poor memory, I have a lot of difficulty remembering things I've learned are bad in a previous log, so doing a log becomes a significant time investment for me because I have to research almost everything.
Computercops has guest forums. The site management prefers you to register and post in forums in the site, but people still persist in posting logs in the guest forums. And in the forums, they have more log postings than they can handle. On the theory that the best way to learn was to do logs, for about two months as cghost and football I just kind of ignored the posts from site responders suggesting that the individuals register and post in the site, and made a response to almost every hijackthis log in one of the guest forums. I got a lot of egg on my face, but I also helped some folks, just from careful research, and learned a lot in the process.
At this point I have an assortment of increases in work load and personal crises which prevent me from making many responses. It hurts to scan those logs and know that if I had 45 minutes to an hour I could go through them and get answers for someone, but Im simply unable to do it. The field is wide open, you can find more learning experience than you can possible handle.
Your programming will stand you in good stead because some of the current things, coolwebsearch and others, are getting more complex with hidden routines and you need more skills to analyse, work with registry, use tools other than hijack this, and so on.
I may not have said all this very clearly, but if you can sit down for at least two hours a day for a week with two explorer windows, notepad and google, and review logs for a response site such as computercops, I think it will make sense and you will have a good idea of what you personally need to do next to improve your skills.
Good luck.
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
diogenes10
Technical User
Hijackthis - a little more:
I didnt have this link the other day - it's another one I found helpful as I started.
And of course, Merijn's site:
Most of the tutorial there is covered in the other sites, but if you're having a particular issue, a quick cross check for really current info is worthwhile.
And you will need other tools too. There are downloads pages at computercops and majorgeeks, you will see recommendations in threads on this site, and you will stumble onto other things in threads as you research logs. Again the real key here is getting the stuff organized somehow on your working machine. I haven't figured out how to do that effectively so I dont have good suggestions for you.
Security:
I havent had time to follow these forums lately so not aware of current discussions, but good starting places on our site
Information Security Group
Security, Hacker Detection, and Forensics
(More remote but Data Recovery might offer a bit too.)
Looking quickly two threads that looked like they might be useful:
thread1117-839735
thread1117-809501
Then it seems to me that finding one or two security related forums would give you all kinds of ideas.
Three possibilities:
I've come onto sites in various ways:
You can do a google search on security forums, or something like that.
When you are researching hijackthis logs, you will get hits for all kinds of sites.
Look around them and if you find one you like, mark it and join.
When you have some time, take a security related issue and figure out google searches for it and see what turns up.
Two possibilities that have led me to interesting places are researching forensics software and hardware tools and researching whether it's possible to crack harddrive (not bios) passwords.
(Have some control and/or backup on your machine or be prepared to hit the off button-you can stumble into some ugly situations doing this.)
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
I didnt have this link the other day - it's another one I found helpful as I started.
And of course, Merijn's site:
Most of the tutorial there is covered in the other sites, but if you're having a particular issue, a quick cross check for really current info is worthwhile.
And you will need other tools too. There are downloads pages at computercops and majorgeeks, you will see recommendations in threads on this site, and you will stumble onto other things in threads as you research logs. Again the real key here is getting the stuff organized somehow on your working machine. I haven't figured out how to do that effectively so I dont have good suggestions for you.
Security:
I havent had time to follow these forums lately so not aware of current discussions, but good starting places on our site
Information Security Group
Security, Hacker Detection, and Forensics
(More remote but Data Recovery might offer a bit too.)
Looking quickly two threads that looked like they might be useful:
thread1117-839735
thread1117-809501
Then it seems to me that finding one or two security related forums would give you all kinds of ideas.
Three possibilities:
I've come onto sites in various ways:
You can do a google search on security forums, or something like that.
When you are researching hijackthis logs, you will get hits for all kinds of sites.
Look around them and if you find one you like, mark it and join.
When you have some time, take a security related issue and figure out google searches for it and see what turns up.
Two possibilities that have led me to interesting places are researching forensics software and hardware tools and researching whether it's possible to crack harddrive (not bios) passwords.
(Have some control and/or backup on your machine or be prepared to hit the off button-you can stumble into some ugly situations doing this.)
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
- Status
Similar threads
- Locked
- Question