Can/should I put HJT or other scan programs on a USB drive to help others?

  • 8 Replies
  • 6291 Views
*

Offline Emmie

  • Bronze Member
  • 55
Hello all!

I'm not sure if this is the best place to post this, so moderators who feel it should be moved please know I will take no offense  ;d

After having gone through the distress of my system being infected, I have noticed that there are friends of mine who have also been infected with some virus/trojan/malware/etc and did not jump as quickly as I did to see if they needed a deeper look at things.  In fact, I have heard many people say "Oh..... maybe that browser redirect and the fact I cannot get online means something... else." 

Please note: I do not accept emails from them any longer once I hear this; I usually hear it over the phone or in person anyway!

But every once in a while I get a distress call about a friend having a system disabled by a virus.  By that point it usually ends in "And I cannot access the internet!!!"   :i

So I am wondering about these few things:
* Can I put Hijack This! onto a USB/thumb drive?  (I have a 2G and 8G and could spare one or either.)
*Can I install HJT from that drive?
*Assuming I can do both of the above, can I save the log to the USB drive safely?
**If I can, is it safe for me to then upload it to the site from there?
*Can I help a person by uploading the log for them, or would that just confuse things more?

I am no expert, so I do not want to offer more than what I should... but I know friends of mine have paid $250 in fees just to look at their system and find nothing... and then find out there was malware hanging around in the background, and have to go back. Plus, I think there is a lot of value in taking steps on your own under instruction, and gaining some understanding of how the process works.

I'm sure this is not the only time this has been asked, but I can not find another reference to it. Any advice would be appreciated, thank you!

Emmie


*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #1 on: November 09, 2010, 07:49:55 AM »
Hello again Emmie,

You could certainly do what you had in mind with no problems. It's fairly common that folks post requests for help on behalf of someone else's system. Rather than just storing Hijackthis on removable media, I might include the instruction for downloading DDS along with it.

These days, most "browser redirect" issues are rootkit related and require a more in depth look at the system than Hijackthis offers. Those tools however are used to get a good start at analyzing what's going on with a system. Hope that helps you determine what you were trying to accomplish.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #2 on: November 09, 2010, 09:01:54 AM »
It is a good question, so I am going to move it to our "How to..." forum where it may get more exposure.
Don't Read?  Can't learn!

*

Offline Emmie

  • Bronze Member
  • 55
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #3 on: November 21, 2010, 05:37:52 PM »
Thank you for the replies to this!  I've had a few family issues come up recently that have taken a lot of my time, so this is my first chance to respond.

I am much more a "tech savvy" person than many of my family and in-laws... my mother, for example, when she hears a computer has a virus, will make jokes about putting penicillin in the CD drive and then says very honestly "I really do not know what that means at all."  Other people I know get very nervous about possibly having "something" on their system and unplug it completely.  I know a few people are of the mindset that "if you have a virus, it may spread to others or in your system faster if you are on the internet."  I understand that is not necessarily the case, but for anyone who is convinced that is how viruses spread or replicate, it can be difficult to convince them otherwise until they have had a 3rd party tell them they can do so safely.

If you are nervous or unsure about doing certain tasks that are suggested, it can be even more intimidating.  Having said this, I know  first hand that the instructions given on here are always very clear and easy to understand. I am a complete beginner in general.  The folks who volunteer on this forum are a great example of people who know what to look for and how to do so, as well as how to find the proper fix!  I might feel a bit nervous to poke into some areas of my system files, but I know if I follow the instructions given, I will be fine. Some people just need to see that it is just that easy.

I don't pretend to be able to do any of the analysis and work that is done on here, but I am sure I can at least help someone run a scan and help them post it for further assistance. (1972vet, thanks for confirming that it would be okay to post on someone's behalf.  That would help a lot if someone were unsure of what to do or felt anxious about logging on and posting at all.)  I could, for example, do a HJT scan and use my laptop to post the results by transferring the log to my USB drive and uploading it that way.  Once a scan is run and posted, I think the people whom I refer to will probably feel more comfortable logging on and being able to download things on their own.

So, if I have a USB drive to spare, and could put a few basic things on it to help someone clean up their system and/or do a preliminary scan, what would you suggest?  Right now I have an 8 GB thumb drive, but holidays approach and these gizmos go on sale for amazing prices all the time :-)  Let's assume I want to have a few basics on hand to help people, and leave a bit of room to save a few logs for uploading from my laptop (if they really don't want to connect to the internet right now) or just for reference.

My thoughts so far:
*A basic set of instructions on how to check the drive for errors and such.
*CCleaner and DeFraggler from Piriform.com (run them to see if they help at all in case the issues are due to a hard drive in serious need of a cleanup instead of a virus.)
*HiJackThis!
*DDS (or at least the instructions to download, install and run it.)


What else would be a good idea to have on this portable "let's see if you need help" kit?  What should I not have on there?

For anyone who has dealt with a nervous great aunt or neighbor or grandparent around such issues... what have you found to be helpful in discussions or explanations? 


Thanks again,
Emmie

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #4 on: November 21, 2010, 06:14:21 PM »
I like your idea, and I like what you named it..."let's see if you need help" kit. If you intend to use this to try getting help for your friends and family on our web site, then what you have already listed there is just fine. If you are able to obtain scans using those tools, and post them here, the data should be sufficient for us to make a determination as to what the next step should be. As for analysis tools, I would stop with what you  have already mentioned.

Anything else that WE might want to use, is probably best left for us to determine as we go along. I wouldn't want to think you might have something included in your kit that would, or could cause some harm if performed improperly. The tools you have mentioned are simple to use. I would just like to mention, that you should probably emphasize that using hijackthis to scan with is fine, but I would caution anyone else to make certain not to use it to remove anything until one of us has a chance to look at the results.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline Emmie

  • Bronze Member
  • 55
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #5 on: November 21, 2010, 09:21:55 PM »
Thanks very much, 1972vet, that makes a lot of sense!  Nice to see you again  :w2

I figure that a cleanup of the registry and temp files will not do any harm, but I would not want to add to the problem by trying something further without advice.  If that doesn't help, and if whatever antivirus or internet security is on board does not seem to be helping (or if it says things are fine yet things do not change or get worse), then I figure they should look for more help. I based the whole idea of my little "let's see if you need help kit" around that concept.

Sometimes the whole problem is because there is a lot of junk that is blocking the way.  I have a spare room in my home that just winds up holding all the "stuff" I accumulate. (I accumulate a lot of stuff, too!) I clean it out from time to time, and people squeal over the new windows and floor.  But honestly by clearing the junk out I could reach the windows and clean them, and you can walk through the room without climbing over or moving around boxes and piles.  So when things are running slow running CCleaner and DeFraggler makes a lot of sense to me as a first step.

I know that the whole idea of the forums is to help folks, and HJT is one of the first scans anybody should do in order to let someone with knowledge help figure out if anything else might be wrong. I think it is a wonderful tool because it is so simple to use and seems to give so much information about where to look next.  I would not want to have somebody go any further than that, though, because I would not want to lead them in the wrong direction. 

I would rather help somebody post  a HJT log and have it be a "false alarm" than to ignore the situation and have it get worse OR to unplug the machine and stare at it in terror wondering if it will send out tendrils in the middle of the night and take over the vacuum cleaner and the microwave and steal our credit card information while we sleep. Not to mention having to look for pods in the basement.   :JK

Also, I know many people who believe that if there is an issue, they must cart their machine in for service and be without it for a week or much longer... If someone has a warranty or contract or prefers that method fine, but when I hear of people sending their laptop in for 5 days and paying $250 in labor charges to run Defraggler because "I didn't know I could do that by myself" , it makes me angry. 

I am sorry, I am rambling a bit and ranting at the end, hehe!  I will put CCleaner, DeFraggler, and HiJackThis! on my thumb drive if I can get them all on there.  I can also save a Notepad document with instructions on downloading DDS in case that is needed. 

I could make notes on that document as well, of other things that might be helpful for reference or if the browser is acting funny, like the webpage for Malwarebytes.  Are there any other sites or documents that might be good to save for something like this, meaning the first 2 or 3 scans or checks of a system?

Thanks again,
Emmie








*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #6 on: November 21, 2010, 10:49:16 PM »
I think, for your purposes, you  have enough there. I should say though, I don't recommend "cleaning" the registry. The very name the program authors gave it is a misnomer in itself. The registry has no need of "cleaning". What those applications do is to prune the registry. Big difference between "clean" and "prune".

Fact is, even if a registry cleaner were to remove nothing but unnecessary registry entries (and by the way, none of them do just that alone), the result is so negligible that I challenge any and every living sole who reads this to lay claim to it.

Having said that, you can see how pointless it is to even venture down that road. In a worst case scenario, some errant "registry cleaner", could render the system about as valuable as a door stop.

I would only trust an expert to tamper in the registry so if you or your family and friends are one of those, then enjoy...otherwise, I would strongly advise against the use of such programs or even to try manually removing anything from the registry except if I, or anyone else on the malware removal team, were to instruct you in that regard.

The tools you already have mentioned I still believe, are quite sufficient for you to use. In fact, I'll go one step further and say I would actually prefer someone use the DDS utility rather than Hijackthis, if it's something they wanted to use without supervision or instruction. The reasoning behind that is because HijackThis does have the capability written into the program, to remove items from your registry with a click. The DDS utility, by the actual meaning of that acronym, Doesn't Do Squat. Folks sometimes get a chuckle out of that, but the author named it "DDS" for that reason. His intention when he wrote it was to "do no harm". It is non-invasive, makes absolutely no writes to the registry, and isn't even installed! It's a stand-alone utility that even destroys the resulting logs unless you intervene to save them. Otherwise, when you close them, they go away lol...so, you can see why we don't mind if anyone wants to keep that around. It doesn't do squat to the system, nor does it even invade the system. And, if at anytime one would decide they no longer want it, they just right-click the file and select "delete" and it's gone.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • 1947
    • A Beacon of Light
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #7 on: November 23, 2010, 01:30:56 AM »
Also, I know many people who believe that if there is an issue, they must cart their machine in for service and be without it for a week or much longer... If someone has a warranty or contract or prefers that method fine, but when I hear of people sending their laptop in for 5 days and paying $250 in labor charges to run Defraggler because "I didn't know I could do that by myself" , it makes me angry. 


Emmie,

That is so true. 

You could keep all of the links in a document or even create a folder in your FireFox Bookmarks for help & Export to Html.  That would not take up a lot of room.

Here are some links.

http://spywarehammer.com/simplemachinesforum/index.php?topic=9431.0

http://spywarehammer.com/simplemachinesforum/index.php?topic=9433.0

In case it is a rouge (AV, AS, System Tool, etc.) BleepingComputer has a dedicated section on the latest ones & how to remove them. 

http://www.bleepingcomputer.com/virus-removal/

Links to the AV Uninstallers, just in case they are running more than one at a time.

http://spywarehammer.com/simplemachinesforum/index.php?topic=5402.0

Secunia Software Inspector Scan, to check for other outdated software - http://secunia.com/software_inspector/

Thanks,

Faith
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10632
Re: Can/should I put HJT or other scan programs on a USB drive to help others?
« Reply #8 on: November 23, 2010, 09:41:40 AM »
Hi Emmie,
Please remember that running DIY general scans is fine as long as you know what changes those scans have made to the system. It is important that the user keep notes and that follow-up logs be posted in the Malware Removal Form. At that time he will need to let his helper know the details of any scans that were run prior to posting.  The trained helper can address any vulnerabilites that caused the user to become infected, and prevention can be prescribed.

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-