Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HJT: Main discussion thread - improvement & development & news #4

Closed
dragokas opened this issue Aug 16, 2017 · 15 comments
Closed

HJT: Main discussion thread - improvement & development & news #4

dragokas opened this issue Aug 16, 2017 · 15 comments

Comments

@dragokas
Copy link
Owner

dragokas commented Aug 16, 2017

Hi, everyone !!!

Welcome to the HJT development thread.

Here you can ask fast basic questions about HiJackThis Fork.
However, for our convenience, it's better that you create new issue for your case, especially for bug reports.

Don't forget to read HJT tutorial and Wiki-pages before asking questions.
Do not post HJT logs here for analyzing. Instead, create a new thread (issue).

Most of the news is published most quickly on general forum in our Russian-speaking community.
This topic will be updated with news as far as possible.

To post here you need to process a simple registration on GitHub.

Sometimes, new version of binary coming before pushing the source code. If you want you can test actual alpha/beta-version by this link: https://dragokas.com/tools/HiJackThis_test.zip

I wish you nice day and no viruses,
Stanislav.

dragokas added a commit that referenced this issue Dec 3, 2017
Added new Microsoft root certificate's hash.
.
2.7.0.18
Added cheking of registry type virtualization. No more double records for keys in log, if key has 'Shared' type.
Added universal iteration of registry hives. Now all hives: HKLM / HKCU / HKU (default, SID of services and other logged users) will be checked in every section.
Added O4 - Win9x BAT: C:\Windows\System32\Batinit.bat
Added O4 - Win9x BAT: C:\Windows\WinStart.bat
Added O4 - Win9x BAT: C:\Windows\DosStart.bat
Added O4 - Win9x BAT: C:\AutoExec.bat
Added O4 - WinNT BAT: C:\Windows\System32\AutoExec.nt
Added O4 - WinNT BAT: C:\Windows\System32\Config.nt
Added O4 - AlternateShell (SafeBoot):
Added O4 - ScreenSaver:
Added O4 - RunOnceEx:
Added O4 - RunServicesOnceEx:
Added O4 - Autorun.inf:
Added O4 - MountPoints2:
Added O7 - Taskbar policy:
O16 - Trusted Zone and Trusted IP range: added checking of https protocol.
O16 - ProtocolDefaults: added cheking of ldap, news, nntp, oecmd, snews, knownfolder protocols.
Added O21 - ShellExecuteHooks:
Introduces a new postfix "(folder missing)".
Added selection of menu item in scan results window by right mouse button click.
.
2.7.0.17
Added opportunity to download and launch programs for checking and cure shortcuts (Check Browsers' LNK & ClearLNK) via the menu Tools -> Shortcuts.
Accelerated creating of huge and debugging logs (optimized class of strings concatenation StringBuilder).
Accelerated creating of huge logs in /silentautolog mode (records are no longer added to ListBox). Fixed crash due to the ListBox overflow in /silentautolog mode.
.
2.7.0.16
O17 - DHCP DNS: fixed error when DNS is not displayed (curve code from Microsoft ^).
.
2.7.0.15
All windows from 'tools' section will no longer lost the focus when you move mouse to the some items of main window.
F0, F1 didn't work after 2.7.0.1 (fixed).
F0, F1 is now show full path to file.
O1 - accelerated fix.
R1 - for ProxyServer: added displaying of status (enabled / disabled)
R1 fix for ProxyServer: added disabling of proxy.
O3 fix: added fix of WebBrowser and ShellBrowser keys.
.
2.7.0.14
R3 - Default URLSearchHook is missing: added CLSID fix
R3 - fixed error with redirector.
O2 - added checking of HKCU keys
O3 - added checking of HKCU keys
O3 - removed some white lists
O3 - added cheking of \Software\Microsoft\Internet Explorer\Explorer Bars
O8 - added checking of HKLM keys
Improved compatibility with Windows 2k.
.
2.7.0.13
Added animation of progressbar in task bar when scanning processed.
Fixed work of ignore list.
Added O4 - HKLM\..\BootExecute
Added O4 - HKLM\..\FileRenameOperations
Cheking of launching from %temp% is now ignored for the switch /silentautolog and other switches.
Added possibility to install HiJackThis in folder 'Program Files' and menu 'Start' (File -> Install HJT).
Restored function of automatic HJT scanning at system startup.
Added button "Add ALL to ignore list" in context menu.
Added command line switch /install - to install HJT.
Added command line switch /autostart - to set HiJackThis for automatical scanning at system startup (use with /install)
Added warning if system has outdated Service Pack.
Added jumping to file or registry record via the result scanning window (look to right mouse click, Context menu => Jump to Registry / File).
.
2.7.0.12
Added detection of OS Revision.
.
2.7.0.11
EDS: fixed critical error in caching mechanism.
Now program will always run from the main menu, if not setted mark "Do not show this menu after starting the program". Earlier 2-nd program execution led to transition to the scan results window.
.
2.7.0.3 - 2.7.0.10
v Added full registry backup:
(!) called by pressing "Fix Checked" button, not more than once a week
(!) saved to a folder C:\Windows\ABR\<Date>
(!) used utility ABR by Dmitriy Kuznetsov, so backups are compatible with UVs.
(!) recovering from backup is available with several ways:
 - via HiJackThis: Main Menu => List of Backups => select item "<Date>: REGISTRY BACKUP" => Restore.
 - run file C:\Windows\ABR\<Date>\restore.exe
 - via UVs v.4.0.8+ => Menu "File" => Restore registry from catalogue ... => select backup you need => Recover.
 - via Windows RE: In command line of recovery environment enter <disk>:\Windows\ABR\<Date>\restore <disk>:
(!) recovery from backup will call system rebooting without warnings.
(!) Uninstallation of HJT will lead to removing of backups from the folder C:\Windows\ABR, if only they was create via HJT.
(!) All backups that is older than 28 days are removed automatically when new backup is created.
(!) If system drive contains less than 1 GB of free disk space backups will not be created (!). You will see a warning in the section O7 - TroubleShoot: Free disk space on C: is too low = NNN MB.
.
2.7.0.10
Accelerated work of the program on highly loaded systems on the CPU (due to the miners, etc.)
Fixed crash (clsStringBuilder)
.
2.7.0.9
Menu has been reorganized, added icons.
Added output of OS version from NTDLL.dll file if it is different from the version obtained in the standard way.
Added output of Uptime (OS operating time).
Added output of "FirstRun" sign ("yes", if the scanning executed first time after system rebooting).
Added output of message, whether integrity of program is corrupted (e.g. due to the infection by file virus or due to the downloading of HiJackThis from non-official source).
O7 - TroubleShoot: added cheking of availability at least 1 GB of free disk space on system drive. Fix will call execution of Microsoft CleanMgr utility.
O7 - TroubleShoot: [Network] added checking whether computer name has empty name. It can lead to network problems.
Batch digital signature checker: added "Has internal signature?" field to the CSV report.
.
2.7.0.4
Added displaying of default browser (for http protocol)
.
2.7.0.3
O25 - WMI: fixed white lists.
O7 - IPSEC: reworked.
O17 - Added white list of good known DNS.
R4 - detalization of parameter names; checking is appended.
EDS: fixed cheking on Win 7 SP0.
Safe obtaining of environment variables.
.
2.7.0.1
The program is transferred to the Pre-Alpha status.
The code is significantly reorganized (refactoring).
Removed backup module due to the process of its full replacing.
.
v Added checking for updates avaliability via Internet.
(!) called from menu "Help" or "Misc Tools"
(!) available new option "Check updates automatically when program is starting".
.
v Ignore list: earlier you was unable to add entry with Russian or unicode characters.
.
v Added ASLR, DEP protection.
.
v Accelerated:
 - EDS checking.
 - saving huge reports.
 - O1 - Hosts: if there are more than 40 records, the log will contain all of them, and results window will contain only first 20 and last 20 records + item "Reset contents to default".
 - inteface navigation.
.
v Batch digital signature checker: added new fields to CSV report:
 - is PE (whether the file is PE EXE format)
 - Signer name
 - Signer email
 - Catalog path (path to the security catalogue, in which hash of the file was found)
 - PE hash
 - Algorithm of certificate hash
 - Algorithm of signature digest
 - Time Stamp (time when file was signed)
.
v Changed encryption:
 - Program settings is now stored in HKLM\Software\TrendMicro\HiJackThisFork
.
v O26 - Image File Execution Options:
 - added detection of AVRF Hook/DoubleAgent
 - added checking of HKCU и Wow64.
.
v Compatibility impovements:
 - Windows Server with Terminal services.
 - Cheking OS version.
.
v Security improvements:
 - Blocked removing of Microsoft services.
(!) Now system services can be removed only via menu "Tools" => "Delete Service".
(!) "Tools" => "Delete Service" is now allows to enter display name of the service.
(!) HTTP links have been replaced by HTTPS.
.
v Hyperlinks have been replaced and devided by languages for:
 - "Analyze report" button
 - sending error messages
 - list of updates
 - Online Guide in main menu
 - Help => Support
.
v Added menu:
 - Help => Support
 - Help => Users' Manual => Sections' description
 - Help => Users' Manual => Command line keys
.
v Updated GitHub Wiki pages: https://github.com/dragokas/hijackthis/wiki
v Opened common topic for discussing by English-speaking users: #4
.
v Size of program:
 - HiJackThis.exe is now not packed by UPX due to the fact that UPX brokes binary compatibility when analyzing Crash-dumps.
@colok
Copy link

colok commented Nov 13, 2018

I introduce myself: I'm Colok, the administrator of the website www.Colok-Traductions.com where I've been offering french free translations for more than 18 years

sans titre

Before Merijn, the author of HiJackThis, sold it to Micro Trend, I made the French translation of this program. If you are interested, I can offer you this french translation for free.

You can contact me at this address xxxxxxxxxx

You can see the last French translation before purchasing the program by Trend Micro : https://www.colok-traductions.com/modules.php?name=Blogs&op=billet&bid=163#billet

Best regards
Colok

@dragokas
Copy link
Owner Author

Hi, colok!
Thank you. I will contact with you by email.

@dragokas
Copy link
Owner Author

Unfortunately I can't send you an email:

Remote Server returned '550 5.5.0 Requested action not taken: mailbox unavailable.'

That's why I will double my message here:

I'm thankful for your offer to give me French translation of original HiJackThis.

However, I am afraid that I will have to put it in the archive for a long time, because I have no specialists to continue translation based on your version.

Since original HJT, my fork contains about 1500 lines of text (when original ~ 250 lines).

If you can offer to make a complete translation, or you know the people who can translate it free of charge, it would be very interesting for us.

Also, when I open your website, I'm constantly see this warning instead of real webpage (see screenshot).

111

Have a nice day,
Stanislav Polshyn.

@colok
Copy link

colok commented Nov 13, 2018 via email

@colok
Copy link

colok commented Nov 13, 2018 via email

@colok
Copy link

colok commented Nov 13, 2018

It's better to send me email with a real address, not via this forum...

@dragokas
Copy link
Owner Author

dragokas commented Nov 13, 2018

I can do it

What you mean? Can you make a translation? It would be excellent.

It's better to send me email with a real address, not via this forum...

I can't send it to you (I tried my 2 different servers). Your email system refuse my emails.

Remote Server returned '550 5.5.0 Requested action not taken: mailbox unavailable.'

Here is my email: xxxxx

@colok
Copy link

colok commented Nov 13, 2018 via email

@dragokas
Copy link
Owner Author

dragokas commented Dec 6, 2018

French translation is done in v2.9.0.11.
Well done, Colok!
Very fast and qualitatively.

Final corrections will come soon.

@colok
Copy link

colok commented Dec 6, 2018

Great !

@peddy22
Copy link

peddy22 commented Mar 9, 2020

Where can I post my log to be analysed? Me and a couple of other people from Reddit are having some issues with a ebay hijacker

@dragokas
Copy link
Owner Author

dragokas commented Mar 9, 2020

Hi,

each one have to create separate topic in this section: https://github.com/dragokas/hijackthis/issues

by following this instruction:

@mauriciogracia
Copy link

First of all thanks for keeping this project alive and for your improvements

Would it be possible to provide a FILTER on the found results of HijackThis ?

When SEARCH is executed the filter will only shows lines that match that pattern, this combined with the select all current results will allow you to FIX all the results that say "file missing" for example or when you are looking for a specific process or file name.

Here is a very crude prototype

image

@dragokas
Copy link
Owner Author

dragokas commented Nov 2, 2020

Hi. Understand. It is possible. Can you open a new issue for it?

@mauriciogracia
Copy link

Great, here is the issue - #114

Repository owner locked and limited conversation to collaborators Feb 23, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Projects
None yet
Development

No branches or pull requests

4 participants