-
July 14th, 2006, 08:52 AM
#1
Junior Member
About using Hijackthis..
Hi My apologies for asking a probably much-asked and much-answere question probably in the wrong forum. but it's short so here goes:
--Is is best to use hijackthis in Safe Mode or not?--
anyway, thanks muchly to anyone who can give me a hand.
-
July 14th, 2006, 09:31 AM
#2
Re: About using Hijackthis..
Originally posted here by Gallo_Pinto
Hi My apologies for asking a probably much-asked and much-answere question probably in the wrong forum. but it's short so here goes:
--Is is best to use hijackthis in Safe Mode or not?--
anyway, thanks muchly to anyone who can give me a hand.
The answer is just as short: yes
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 14th, 2006, 09:32 AM
#3
Soda_Popinsky's HJT thread is here
but it does not state, safe or normal mode
but as it makes a list of RUNNING apps, may I suggest running it in normal mode
not forgetting to run it from its OWN folder in the C: root [ie - C:\HJT]
as it tends to have issues if you run it from the temp folder that you D/Led it to
IF this was a rhetorical question, and you have the time
run HJT in normal mode and then in safe mode
saving both outputs and do a comparison
just to see what, if anything IS different
not forgetting to post results back here ...........
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
July 14th, 2006, 12:14 PM
#4
Run it both ways (it won't take long). I've used HJT extensively, and usually ran it in normal mode, figuring it gave me a truer picture of the startups in Windows. But generally it is easier to remove spyware from safe mode, so there may be some advantage there.
Be aware, HJT is almost obsolete in the face of newer forms of spyware, at least when it comes to removing them. I remove a lot of this cr@p from PC's and much prefer manual removal and online scans. Online scans will turn up more rogue files than HJT, so you might try that in conjunction with HJT.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
July 14th, 2006, 12:25 PM
#5
My advice would be:
1. Update all your anti malware scanners
2. Reboot into safe mode and run them
3. Reboot into normal mode and run HJT
If you find anything malicious, reboot into safe mode and run it again. You will have a better chance of a successful removal in safe mode.
-
July 14th, 2006, 12:28 PM
#6
Hi
Here is a good Tut on HJT as it will show you step by step how the HJT program runs...
HJT Tutorial
Warning
HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. You should also attempt to clean the Spyware/Hijacker/Trojan with all other methods before using HijackThis. If you allow HijackThis to remove entries before another removal tool scans your computer, the files from the Hijacker/Spyware will still be left on your computer and future removal tools will not be able to find them.
luck
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
July 14th, 2006, 11:58 PM
#7
1. Update all your anti malware scanners
Would you trust those updates on a malware infected pc? If you can shuttle them in via USB or otherwise in safe mode... you'd be better off.
-
July 15th, 2006, 04:25 AM
#8
Junior Member
awesome, thanks everyone.
I've just gotten over recovering my PC from a virus that almost forced me to reformat/reinstall. I'm just doing a very thorough scan of my PC using all mnner of software to make sure it's not gonna come back and bite me again. I remember runnign HJT before I was fully recoverd, and found a file it said I should remove. That file has sicne been removed by ewido anti-malware, so this is really just a precautionary measure, nothing super-serious.
thanks again
-
July 15th, 2006, 06:12 AM
#9
Hi Soda~ ,
Would you trust those updates on a malware infected pc? If you can shuttle them in via USB or otherwise in safe mode... you'd be better off.
Actually I am not aware of anything that interferes with the actual update other than to block access to AV sites. Some stuff will also kill or frustrate the scanning process, so safe mode is advisable to run the scans.
There are so many AV and anti malware tools that it would represent a rather daunting task to the malware author? AFAIK they use techniques like the alternate data streams or already running processes as a means of avoiding removal.
The best cleaning methods are:
1. A bootable RW CD/DVD with the scanners on it.
2. Slave the HDD onto another machine.
That way you don't even boot from the potentially infected drive, so nothing gets started.
This is the professional approach, but it does rely on the fact that you have a clean machine to work with.
EDIT: You are even more secure if your "cleaner" boots linux, given that there are so few cross-platform malwares
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|