Jump to content
nosirrah

Odd bug

Recommended Posts

If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry .

Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it .

Share this post


Link to post
Share on other sites
If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry .

Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it .

Is there a shortcut pointing to the old hi-jack this file somewhere?

Share this post


Link to post
Share on other sites

I tried to reproduce this with no luck, can you give me specifics on which version of HTJ and where it was downloaded from, and how it was installed?

Share this post


Link to post
Share on other sites

HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen .

I will try to find the exact key .

Share this post


Link to post
Share on other sites
HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen .

I will try to find the exact key .

Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat.

Share this post


Link to post
Share on other sites

Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat.

:idea: but probaly very off target.

Try it on a system that has had Vundo infection,Y'know the one that likes filtering HJT results.Possibly it sets a reg key value....

Share this post


Link to post
Share on other sites

So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch .

Share this post


Link to post
Share on other sites
So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch .

It happened on my 'puter 2 as well.You are never alone :lol:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...