Support Forums
HJT Questions... - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: HJT Questions... (/showthread.php?tid=6686)

Pages: 1 2 3 4 5


HJT Questions... - Nemmyy - 04-28-2010

Can I delete entries with no name and file like this?
Code:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

What about entries that say missing file like this?
Code:
O23 - Service:@%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
I know that spoolsv.exe is not a virus.

Thanks


RE: HJT Questions... - daneasaur - 04-28-2010

Missing file may simply mean that the program is in use, I think.
It also may be for past programs you have had installed that have not deleted their registry values, I think.

These lines are harmless though, so you might as well leave them alone.


RE: HJT Questions... - Nemmyy - 04-28-2010

Yea i know they're harmless, but I'm a curious kid Big Grin
It's weird because almost half of my "O23 - Service" section says (file missing) and most of them are all Windows processes. You must be right about them being in use.


RE: HJT Questions... - daneasaur - 04-28-2010

It is the same for my computer when I run an HJT log.


RE: HJT Questions... - Nemmyy - 04-28-2010

ok, thanks


RE: HJT Questions... - Support - 04-28-2010

Nemmyy, could you link me to the tutorials you've been reading? Thanks.


RE: HJT Questions... - Nemmyy - 04-28-2010

Have fun, theres a crapload
http://www.hackforums.net/showthread.php?tid=93500


RE: HJT Questions... - daneasaur - 04-28-2010

Support, you may also want to learn what each 'O' means and take a look through your own HJT log.

One thing to remember is, when looking at files to see if they are safe or not, make sure the location of the file is correct. You can easily have a virus called java.exe but not be in the correct java folder.

If you just google the process name you will find a few sites that explain what the file is used for, where the standard location of the file is, and what its rating is.

I think one good site is called processlibrary


RE: HJT Questions... - Nemmyy - 04-28-2010

(04-28-2010, 03:44 PM)daneasaur Wrote: I think one good site is called processlibrary

Yea, i use that a lot. But since we're analyzing our own computers it's easier because we know what we put on their and what should be there.


RE: HJT Questions... - daneasaur - 04-28-2010

That is true but for any future use and if you comes across a file which you haven't heard of before, it can be helpful.

I know for one, my ATI graphics card drivers call themselves very weird names, if it wasn't for searching what they were, I would have had no idea.