Jump to content
nosirrah

Odd bug

By nosirrah, in Suggestions

Recommended Posts

nosirrah   

nosirrah
Posted

If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry .

Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it .

Share this post

Link to post
Share on other sites

SUPERAntiSpy   

SUPERAntiSpy
Posted
If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry .

Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it .

Is there a shortcut pointing to the old hi-jack this file somewhere?

Share this post

Link to post
Share on other sites

nosirrah   

nosirrah
Posted

HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen .

I will try to find the exact key .

Share this post

Link to post
Share on other sites

SUPERAntiSpy   

SUPERAntiSpy
Posted
HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen .

I will try to find the exact key .

Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat.

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted

Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat.

:idea: but probaly very off target.

Try it on a system that has had Vundo infection,Y'know the one that likes filtering HJT results.Possibly it sets a reg key value....

Share this post

Link to post
Share on other sites

nosirrah   

nosirrah
Posted

So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch .

Share this post

Link to post
Share on other sites

fatdcuk   

fatdcuk
Posted
So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch .

It happened on my 'puter 2 as well.You are never alone :lol:

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Suggestions
×