September 26th, 2004, 07:23 PM
Avoiding Hijack This!
This page lists all the places HJT looks for possible Hijacks. What I am wondering, is why it only looks in these places? There are many, many places that a program can install itself to that will avoid HJT.
Here is one that I didn't see on that list-
That will run whenever another executable is launched in Windows. For instance I fire up notepad, and unknowingly, I change my default homepage as well.
That's one way I can think of avoiding HJT... I realize that HJT is not our savior when it comes to fighting malware, but I do think that a more comprehensive version of it can be, to the people that are willing to learn it.
Other ways to beat HJT anyone? Would a comprehensive version of HJT be useful to you?
September 26th, 2004, 09:20 PM
That list is by no means comprehensive... It's a tutorial giving examples of each code... not the complete listing... For Example:
Are all scanned by HJT yet don't appear on that page.
I did test the HKCR\Exefiles\Shell\Open\Command and it is definately not detected... However the number of places that you could possibly hijack in the registry are quite numerous... With each version more and more places are being added... but if the program grows too large it'll lose it's purpose and become a registry scanning/cleaning tool more than anything else... I'd suggest you send an email in and request that that Key be added to the list of locations that HJT checks...
There are obviously places that it doesn't look and places that people won't know to look... but that's why they pay us the big bucks... and that's why there are programs to look for specific pieces of malware...
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".