** NEW HJT**

[oddjob]

 :exclamation

The developer of our beloved HJT has sold the program to Trend Micro. Version 2 is now in beta and TM have a [sort of] "automatic analyser" BUT do not rely on it's findings. The analyser won't tell you much. You still need the trained eye to analyse it personally.

Here is the TM thread for anyone who's interested ...

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php


If you have any thoughts I'd be interested to hear them.


OJ

[patio]

Trend Micro not being that bad of a co. hopefully won't ruin it...
I'll continue on for the time being with the last version.
Thanx for the info.

[Calum]

Thanks for the info, hopefully it doesn't take a downward slide . . .

[CBMatt]

I'm not too sure how I feel about this yet, but thanks for the info.

[CBMatt]

Hmm, according to McAfee SecurityCenter, the new HJT is a P2P worm (W32/Generic.worm!p2p to be exact).  As soon as I try to extract the executable, McAfee removes it.  What are your thoughts on this, oddjob?

[oddjob]

This will be a "behaviourial" problem. New HJT is acting like malware, McAfee is not yet programmed to know what it is so it thinks it's the malware. Probably due to one of the new HJT entries.

I'm investigating and will post news here as I find things out.

CBMatt ... here is a thread at G2G for you on the issue. Please feed back here any useful info ....

http://www.geekstogo.com/forum/_HJT_v2_beta_from_Trend_Micro_-t151726.html"]http://www.geekstogo.com/forum/_HJT_v2_beta_from_Trend_Micro_-t151726.html

Thanks.



OJ

[CBMatt]

Unfortunately, that topic has apparently been moved to the Trusted Helpers forum, so I can't view it.  Right now, the only other topic I can find is in GeekU...

http://www.geekstogo.com/forum/index.php?showtopic=151782

It's private to just about everyone here at CH, but if anything of interest comes up, I'll relay it.

[oddjob]

Further update this morning.

False Positives, by McAfee, DrWeb, and Panda ('suspicious file') have already been reported.

Two people from TrendMicro have now registered over at SWI and they welcome our input. This is what one of them had to say ....

Hello:

My name is George Moore and I work for Trend Micro. I wanted to bring everyone up to speed on the state of HijackThis.

I知 sure you are all aware by now that Merijn has in fact sold HijackThis to Trend Micro. We will be further developing HijackThis from where Merjin left off and you will see new versions of the utility coming out in the future. Currently the pages and build accessible at the link posted here are all still in beta. Version 2.0.0 Beta includes features Merjin added since 1.99.1.

I will be an immediate point of contact for anyone who posts here in the expert forum. If anyone has encountered any bugs or has suggestions they would like to make feel free to post them here or PM me.

We are listening! I can稚 stress this enough, feedback from communities who regularly use HijackThis like SpywareInfo will drive the future development of HijackThis.

We have a feedback form linked from the Quickstart guide for general public feedback. This form is currently available at the following url: trendsecure.custhelp.com

The pages at trendsecure.com will be getting refreshed later this week; I will make a post in this forum when the changes are made. Trend welcomes any suggestions on this content as well.

Thanks,
George Moore
Trend Micro Inc.

So ... like I said before ... all views, problems, comments good & bad welcome and it seems TM are listening.


CBMatt ... .I had a feeling you wouldn't be able to access that forum. You will get there one day. Keep at it.


OJ

[patio]

This is a good sign...

[oddjob]

This is a good sign...

Yes, but what is definitely NOT a good sign is TM's EULA for HJT v2. It is littered with restrictions and nasty clauses. Not least of which is that it seems HJT cannot be hosted anywhere except at TM. At the moment version 1.99.1 is all over the web.

All in all I don't think it's looking good. We may have to start using a different scanner such as SREng. That needs a different approach but it does dig deeper than HJT so it reveals more.

The bad news is that it's Asian and the only user guide officially in the wild is in Chinese.

Try it here .... http://www.kztechs.com/eng/download.html

You can run it on a clean machine without harm but don't be surprised if you can't fully comprehend the results.


I belong to another site where one of the restricted forums is translating and advising on how SREng is to be used and how the results are to be interpreted.


OJ

EDIT 15.3.07 >> the latest release of SREng will probably give you a log which is easy to follow. However, if run on an infected machine the log could still be difficult to read.

[pantherman]

AVG anti virus told me the new HJT has the Worm/VB AWA. AVG deleted the program.

[oddjob]

Just another FP. These are all supposed to be fixed in due course.


OJ

[CBMatt]

Small update...

McAfee has fixed their FP issue with the new HJT.  AVG appears to have done the same.

[oddjob]

Returning to the issue of TM's EULA there is a particularly nasty condition (number 5, if you are interested to read it).

This condition seems to say that you permit TM to use your log entires in any way they deem fit if you "submit" your log to their auto-analyser.

My advice ... DON'T submit the log.

Just tell the user to post a log here or on another HJT specialist site.


OJ

[CBMatt]

My advice would be for infected users to not use the program at all until it's released from beta.