Malware Removal: Getting Expert Help With Your HijackThis Log
From CastleCopsWiki
Only if your problems persist after completion of Malware Removal, consider submitting a post for review by CastleCops experts. Before posting, please obtain an updated (post-scan) HijackThis log:
To obtain the post-scan HijackThis log:
- Double-click the HijackThis desktop shortcut or navigate to the C:\Program Files\Trend Micro\HijackThis\ folder and double-click HijackThis.exe. Vista users should launch HijackThis by right-clicking the HijackThis desktop shortcut or HijackThis.exe and choosing "Run as Administrator" (if you see an error about being denied write access to the Hosts file, then you have not done this correctly)
- Select the Do a system scan and save a logfile option.
- HijackThis will analyze your system, and automatically open a notepad text file containing the HijackThis log when the scan is done.
- This time, when you save the scan results, they will be saved to the default log filename hijackthis.log in C:\Program Files\Trend Micro\HijackThis or whatever you have chosen as your HijackThis folder.
The file hijackthis.log represents your post-scan HijackThis log.
PLEASE DO NOT ATTEMPT TO FIX ANYTHING WITH HIJACKTHIS UNTIL YOU ARE INSTRUCTED TO DO SO. MOST OF THE HJT LOG ENTRIES ARE CRITICAL TO THE PROPER FUNCTIONING OF YOUR COMPUTER. REMOVING ESSENTIAL ENTRIES CAN POTENTIALLY CAUSE SERIOUS DAMAGE TO YOUR COMPUTER.
Asking for Expert Assistance:
Use Windows Explorer to locate your pre-scan (reference) and post-scan HJT logs. If you used the Hijackthis installer program, your pre-scan and post-scan logs will be located in C:\Program Files\Trend Micro\HijackThis\hijackthisref.log and C:\Program Files\Trend Micro\HijackThis\hijackthis.log, respectively. If you did not use the HJT installer, then subsitute whatever name you selected for your HijackThis folder for C:\Program Files\Trend Micro\HijackThis. Double-click each of the logs when located, to open a notepad text file containing each one.
Next, start a new topic at the Hijackthis - Spyware, Viruses, Worms, Trojans Oh My! CastleCops Forum (The HJT Forum) and give your topic an appropriate descriptive title. Our experts are always busy thus a full and complete submission will allow a speedier response. With that in mind, please INCLUDE ALL FIVE OF THE FOLLOWING ITEMS. Your log will not be analyzed until all items are submitted in this order:
- A brief but informative description of your problem.
- A summary of the anti-malware tools you have used to complete your preliminary scans. You may also describe anything unusual you may have encountered while running your scans.
- A summary of any additional steps that you may have performed on your own that were not included in the Malware Removal Procedure
- Your pre-scan (reference) HijackThis log - hijackthisref.log (reflects the state of your system before any automatic removal tools were run) ** Not necessary, if you have already posted a log in your current HJT topic.
- Your post-scan HijackThis log - hijackthis.log (reflects the state of your system after completion of malware removal programs)
Notes:
- You must copy and paste the contents of your log files into your HJT post:
- Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
- From within the browser window and with the message body text box selected, click Edit -> Paste.
- POST ONLY AT THE HJT FORUM. Posting elsewhere leads to needless time wasted to move posts, etc. Only certified CastleCops staff are allowed to respond to your post at the HJT Forum, thus providing you with our assurance of the best possible advice.
The series was developed as the key deliverable of the Cleaning Malware Project. |
| Malware Removal and Prevention Overview |
| Malware Prevention |
| edit this template |
