Advanced....
If you are somewhat experienced, you may want to use the a-squared free utility program "Hi Jack Free". It is much like a do it yourself advanced HiJackThis type program with instantaneous results for your own diagnosis of possible threats.
a-squared Hi Jack Free is available from popular Emsisoft.Com here:
http://www.hijackfree.com/en/
Like the Windows Task Manager, the a-squared HiJackFree Processes section lists all running processes. But additionally it shows tons of useful information at the details pane. File properties, loaded modules, online information and process details that indicate whether the program runs as a service, was started by an autorun entry or opens TCP and UDP ports.
The Ports section of a-squared HiJackFree shows all local open ports. An open port means that there is a process running which listens on the port number for input from outside. The Ports Manager shows also the processes which listens on the ports so you can quickly see which processes must be shut down to close a specific port. You can kill a process and put it to quarantine for a later restore if needed.
More....
http://www.hijackfree.com/en/hijackfree/
More Website Forums that accept Hi Jack This Logs:
Forums (see disposable domain websites and command prompt services in the news - make sure you visit only known and recommended Forums offereing HJT Log analysis with specialized removal tools):
(http://aumha.net/viewforumphp?f=30 ) (http://www.bleepingcomputer.com/forums/forum22.html ) (http://castlecops.com/forum67html ) (http://forums.maddoktor2.com/index.php?showforum=17 ) (http://www.spywarewarrior.com/viewforum.php?f=2 ) (http://forums.spywareinfo.com/index.php?showforum=18 ) (http://www.wilderssecurity.com/forumdisplay.php?f=24 ) http://boards.cexx.org/index.php?board=1
(http://forum.gladiator-antivirus.com/index.php ) (http://www.dslreports.com/forum/security ) http://www.malwarebytes.org/
B A S I C
~ P R O C E D U R E S::::
THE BEGINNING STRING POST WILL LOOK LIKE THIS:
"Fwd: Form Mail - Site: Main Site - Page - Submit HiJackThis Logs .....
somebody-name-here-HiJackThisLog" .....
IF YOU ARE EXPERIENCING SEVERE PROBLEMS - PLEASE INSTALL AND RUN THE
FOLLOWING WHICH WILL REMOVE KNOWN WORST OFFENDERS --- DANGEROUS
WORMS / VIRUSES THREATS (others):
Malicious Software Removal Tools....
Microsoft Free Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx AVERT Stinger
http://vil.nai.com/vil/stinger/
Norton Removal Tool now apparently fee-based
http://www.symantec.com/business/security_response/removaltools.jsp
=================================== || .
To begin..... there are handfuls of what are called "same name
threats" which are malware (trojans, viruses, worms, spyware) that
intentionally have files that have the same name usually of Windows
Operating System (OS) files or other softwares - intentionally to
attempt to hide from security scans by antivirus and antispyware or
real time detection by them, detecting malware in computer memory
attempting to run. Attempting manual removal of these takes great
diligence in identifying malware files as opposed to legitimate files
to avoid fatal errors - corrupting Windows and/or other software
(s ). Not recommended unless an Advanced User.
Generally, the first section of the Hi Jack This Log area are running
processes of Windows and of course are many of the "same name
threats" targets. These type malwares can be ruled out as present by
full scans with quality antivirus and antispyware softwares that will
be able to quarantine or delete the malware files without harming
Windows and/or other software (s ).
General Windows Processes in HJT Logs:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
SAME-NAME THREATS EXAMPLES:
smss.exe
-------------------
smss.exe - smss - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/smss/
smss.exe is a process which is a part of the Microsoft Windows
Operating System. It is called the Session Manager Subsystem and is
responsible for handling sessions on your system. This program is
important for the stable and secure running of your computer and
should not be terminated.
Note: smss.exe is a process which is registered as a trojan. This
Trojan allows attackers to access your computer from remote
locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system.
What is smss.exe? Is smss.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/smss.exe.html
Process name: Windows NT Session Manager
Product: Windows
Company: Microsoft
File: smss.exe
Security Rating:
This is the session manager subsystem, which is responsible for
starting the user session. This process is initiated by the system
thread and is responsible for various activities, including launching
the Winlogon and Win32 (Csrss.exe) processes and setting system
variables. After it has launched these processes, it waits for either
Winlogon or Csrss to end. If this happens "normally," the system
shuts down; if it happens unexpectedly, Smss.exe causes the system to
stop responding (hang).
Note: The smss.exe file is located in the folder C:\Windows\System32.
In other cases, smss.exe is a virus, spyware, trojan or worm! Check
this with Security Task Manager.
Virus with same name:
W32.Dalbug.Worm - Symantec Corporation
Adware.DreamAd - Symantec Corporation
W32.Resdoc - Symantec Corporation
Adware.Advision - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
and more....
winlogon.exe
--------------------------------
winlogon.exe
Process Name: Microsoft Windows Logon Process
winlogon.exe - winlogon - Process Information
http://www.liutilities.com/products/wintaskspro/processlibrary/winlogo
n/
Windows errors related to winlogon.exe ?
winlogon.exe is a process belonging to the Windows login manager. It
handles the login and logout procedures on your system. This program
is important for the stable and secure running of your computer and
should not be terminated. Note: winlogon.exe is a process which is registered as a trojan.
This Trojan allows attackers to access your computer from remote
locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system. Determining whether winlogon.exe is a virus or a legitimate Windows
process depends on the directory location it executes or runs from.
What is winlogon.exe? Is winlogon.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/winlogon.exe.html
Process name: Windows NT/2000/XP Logon Application
Product: Windows
Company: Microsoft
File: winlogon.exe
Security Rating:
The process "winlogon.exe" runs in the background. It's a part of the
Windows Login subsystem. Winlogon is necessary for user authorization
and checks the Windows XP activation code.
Note: The winlogon.exe file is located in the folder
C:\Windows\System32. In other cases, winlogon.exe is a virus,
spyware, trojan or worm! Check this with Security Task Manager.
Virus with same name:
W32.Netsky.D - see McAfee Symantec Corporation Trend Micro
iexplore.exe
------------------------------
iexplore.exe - iexplore - Process InformationProcess Name: Microsoft
Internet Explorer
http://www.liutilities.com/products/wintaskspro/processlibrary/iexplor
e/
Windows errors related to iexplore.exe ?
iexplore.exe is the main executable for Microsoft Internet Explorer.
This Microsoft Windows application allows you to surf the world wide
web and the Internet. This program is a non-essential process, but
should not be terminated unless suspected to be causing problems.
Note: iexplore.exe could also be a process which belongs to the .
This program is a non-essential process, but should not be terminated
unless suspected to be causing problems. Note: iexplore.exe is a process which is
registered as a trojan. This Trojan allows attackers to access your computer from
remote locations, stealing passwords, Internet banking and personal data.
This process is a security risk and should be removed from your
system. Determining whether iexplore.exe is a virus or a legitimate Windows
process depends on the directory location it executes or runs from.
Check that iexplore.exe is stable on your computer.
What is iexplore.exe? Is iexplore.exe spyware or a virus?
http://www.neuber.com/taskmanager/process/iexplore.exe.html
Process name: Microsoft Internet Explorer
Product: Windows
Company: Microsoft
File: iexplore.exe
Security Rating:
"iexplore.exe" is the Internet Browser from Mircosoft. It is a part
of the Windows Operating system. Check the security settings for this
program to minimize the risk when you are surfing.
Get more detailed information about iexplore.exe and all other
running background processes with Security Task Manager.
Note: Any malware can be named anything - so you should check where
the files of the running processes are located on your disk. If
a "non-Microsoft" .exe file is located in the C:\Windows or
C:\Windows\System32 folder, then there is a high risk for a virus,
spyware, trojan or worm infection!
========================================================||
UPDATE:
Skimming through your log......
.......looking for obvious threats
.......will post results shortly for that
....... feel free at anytime to post comments or questions.
GROUP OWNER / MODERATOR
BLUE COLLAR PC YAHOO GROUP
========================================================||
* WE BEGIN REVIEWING THE FIRST SECTION OF YOUR HJT LOG SUBMISSION....
* RESULTS WILL BE POSTED AFTER INSPECTION COMPLETE OF EACH OF THE
THREE OR FOUR SECTIONS OF THE FULL LOG AND A FINAL REPORT WITH FULL
GENERAL SUGGESTIONS AND / OR REMOVAL INSTRUCTIONS......
* THERE MAY BE SEVERAL RECOMMENDED ACTIONS FOR DETECCTION AND REMOVAL
ANYTIME THROUGH THIS PROCESS SUCH AS RUNNING A FULL SCAN TO REMOVE
THREATS DETECTED....
* YOU MAY BE ASKED TO POST A SECOND HJT LOG
* RESULTS POSTED SHORTLY OF THE FIRST SECTION INSPECTION FOR THREATS AND THEN THEREAFTER
* NOTE THAT HI JACK THIS IS NOT RECOMMENDED OR PRACTICAL TO USE AS A REMOVAL TOOL
EXCEPT IN SPECIAL CASES SOMETIMES INVOLVING LETHAL TROJANS AS
EXAMPLE AND 'IN THE WILD' --- AND ONLY INSTRUCTIONS TO DO SO BY AT LEAST AN ADVANCED USER
THAT CAN DIRECT YOU TO SPECIFICALLY LOOK AT A FILE OR KEY ON YOUR PC FOR VERIFICATIONS.
========================================================||
RECOMMENDATION - INSTALL.....
Microsoft AntiSpyware is now Windows Defender
[working-freeware from Microsoft]
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Windows Defender is a free program that helps protect your computer against
pop-ups, slow performance, and security threats caused by spyware and other
unwanted software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.
