It would be best to post the entire line/log from HijackThis as there is no way to see what it is referring to in this context.

Originally Posted by Corrine

It would be best to post the entire line/log from HijackThis as there is no way to see what it is referring to in this context.

Sorry Corrine, its from a "hijackthis" tutorial i am looking at.
Which i probably have answered the question myself...
But if there is anything to add to this or if this is wrong please post back

I have since found out some information, (ie) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell.

The shell is "explorer.exe" so i take it this is the shell statement in the windows NT versions.
I am a bit new in this area, and i have to look up many "terms" used like shell
Which states "shell" is the software that interacts with you on the part of the O/S the windows GUI that comes with all of the windows O/Ss is one of these shells.
(ie...windows and icons that you see on screen)

F0, F1, F2, F3 Sections

These sections cover applications that are loaded from your .INI files, system.ini and win.ini, in Windows ME and below or their equivalent places in the registry for Windows NT based versions. The Windows NT based versions are XP, 2000, 2003, and Vista.
A F0 entry corresponds to the Shell= statement, under the [Boot] section, of the System.ini file. The Shell= statement in the system.ini file is used to designate what program would act as the shell for the operating system

Hi, carl424.

The Bleeping Computer tutorial is for general information. Most of what is found in a HijackThis log is harmless and even necessary. In fact, due to the way malware has evolved, you will find that most security forums have moved away from HJT. That said, since HJT uses a white list, generally any F0 items found in a log are fixed. It is necessary to research anything found before removal. Task List Programs - AnswersThatWork's famous Database of Windows Task Manager Processes, Windows Startup Items, XP Services, Vista Services, Process List is one source.

Originally Posted by Corrine

Hi, carl424.
you will find that most security forums have moved away from HJT. That said, since HJT uses a white list, generally any F0 items found in a log are fixed. It is necessary to research anything found before removal. Task List Programs - AnswersThatWork's famous Database of Windows Task Manager Processes, Windows Startup Items, XP Services, Vista Services, Process List is one source.

Thanks for the reply corrine and info.

you will find that most security forums have moved away from HJT

Does this mean most security forums are using something else to diagnose malware
If they are moving away from HJT, what would they be moving to.
Would there be better scanning utilities available

Yes, because of the manner in which malware has evolved, HJT is no longer effective in diagnosis. Generally, a rootkit scan and custom analysis tools are used. They purposely don't have removal capabilities but provide more indepth information.

Originally Posted by Corrine

Yes, because of the manner in which malware has evolved, HJT is no longer effective in diagnosis. Generally, a rootkit scan and custom analysis tools are used. They purposely don't have removal capabilities but provide more indepth information.

Originally Posted by corrine

Most of what is found in a HijackThis log is harmless and even necessary.

I see, so you could say HJT is like a first stop in other words, to give security forums an indication of whats there, if they choose to use HJT first as the scan is very quick.
Or on some other forums they might just ask you to do a rootkit scan first.

Anyway thanks corrine for giving me that info..