how-to block ads
|
blu87
join:2004-03-23
| Difference between SDFix and HJT to fix problems
I thought it might be better to ask this question here rather than in the 'security cleanup' forum since I don't actually need help with cleaning anything up. I'm trying to learn something here, I'm not asking for help on how to clean up my logs or anyone elses.
What I'd like to know is if a person has entries in their HiJackThis log that need removing, why not just fix them with HJT rather than using something like SDFix? Is SDFix better at removing certain entries? The entries that I'm particularly interested in would be these:
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O2 - BHO: (no name) - {5277E001-1190-3001-0699-ca3230262a11} - C:\Program Files\Common Files\System\wship_help.acm (file missing)
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
I'm only asking because I like to learn things from reading through various malware removal forums. I noticed some people suggest to use SDFix for those entries while others suggest HJT. If there's a difference in what each of those programs do in order to fix those specific entries, I'd like to know. I mean, is one generally safer than the other? | |
TheJoker
Premium,MVM
join:2001-04-26
Alexandria, VA
| The best answer would be to join one of the training programs at one of the many excellent ASAP sites that are available. If you want, I can list some once I get home (I'm at work and don't have all my Favorites here). I would only recommend the use of SDFix and several other tools by a trained Helper. Doing otherwise could have the potential for causing errors, and anyone using those tools would need to know how to recover from an error, or where to request assistance if necessary. It's best to also know where to reasearch entries, for instance your second entry:
»www.castlecops.com/tk54962-wship···acm.html
Much of what HijackThis lists is essential to the proper operation of a system, and it's improper use can cause all sorts of problems, such as a inability to connect to the Internet (such as from using it to "fix" an 010 entry).
Part of the issue would be needing to review an entire log, rather than individual lines out of context, and not making changes in a vacuum. Depending on what was found, might it be necessary to run other utilities that produce other logs before proceeding? Or ask other questions, such as is a user in a corporate environment where making system changes might result in disciplinary action (it would where I work)? The disable regedit entries that you list can be installed by malware. But what if that was the only questionable item you saw? It's possible that the disabling of regedit and/or other functions might have been done with the Group Policy Editor or some other utility legitimately as part of system modifications intended to prevent the user from modifying the system. The system I'm typing this on right now has been modified that way as part of a corporate policy.
--
Proud ASAP member since 2005 | |
-
|
