Just curious

[Pietzki]

I noticed this in another thread, and was just wondering why one needs to do that?

[...] Once done, please navigate to C:\Program Files\Trend Micro\HijackThis and rename HijackThis.exe to scanner.exe (or anything else that's not HijackThis.exe) and post a new HijackThis log as well.

cheers,
Pietzki

 

[PohTayToez]

Due to the increased popularity of HiJackThis, some malware will hide itself when Hijackthis.exe is ran. When you rename it, this trick no longer works and you can detect the malware.

 

[ceewi1]

Exactly. It's a Vundo infection, in this case, which will hide all O2s and O20 Winlogon Notify's from any process called HijackThis.exe. Renaming HijackThis.exe will reveal the missing entries.

 

[Pietzki]

aaah, interesting.. thanks a lot!