nosirrah Posted April 23, 2007 If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry . Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it . Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 23, 2007 If you rename HijackThis and then run it and then run a SAS scan a 0 byte HIJACKTHIS executable will appear on your desktop (or wherever you ran the renamed HijackThis from) when SAS hits the Hijackthis key in the registry .Renaming HJT is a common procedure because numerous infections will detect its process by name and kill it . Is there a shortcut pointing to the old hi-jack this file somewhere? Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 23, 2007 I tried to reproduce this with no luck, can you give me specifics on which version of HTJ and where it was downloaded from, and how it was installed? Share this post Link to post Share on other sites
nosirrah Posted April 23, 2007 HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen . I will try to find the exact key . Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 23, 2007 HJT does not install . I have HJT renamed (V1.99) and HiJackThis_v2.exe (new trend micro version) on my desktop . If I run a SAS scan every time it hits the key for HJT an all caps 0 length executable HIJACKTHIS appears on my desktop . This has been happening for quite some time and at first though that malware was responsible for this . I am on my third install with this happening so I know that it is a bug . If you do not rename HJT it won't happen . I will try to find the exact key . Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat. Share this post Link to post Share on other sites
fatdcuk Posted April 23, 2007 Can you give me specifics on how you set it up, etc. as I tested here and can't get it to repeat. but probaly very off target. Try it on a system that has had Vundo infection,Y'know the one that likes filtering HJT results.Possibly it sets a reg key value.... Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 23, 2007 I actually got it to happen, so I am working on it. Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 23, 2007 Resolved. The fix will be in the next public release. Share this post Link to post Share on other sites
nosirrah Posted April 23, 2007 So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch . Share this post Link to post Share on other sites
fatdcuk Posted April 24, 2007 So I am not going nuts . Talk about one heck of an odd bug . If you have to have a bug it might as well be something harmless like this . This was nothing more than a very confusing glitch . It happened on my 'puter 2 as well.You are never alone Share this post Link to post Share on other sites