HiJack Remote

[CGB]

Found this site, http://www.hijackremote.com/ Is it legit.? Notice it
isn't HighJack This but similar sounding name.

Thanks.

C.B.

[Mich]

"CGB" <nospam@nospam.net> wrote in message
news:H5ydndaDhrn2OwnYnZ2dnUVZ_uiknZ2d@comcast.com. ..
> Found this site, http://www.hijackremote.com/ Is it legit.? Notice it
> isn't HighJack This but similar sounding name.
>
> Thanks.
>
> C.B.
>
http://wiki.castlecops.com/HijackRemote_Assessment

Hmmm .... perhaps this does deserve closer examination. A CastleCops First
Responder, wng_z3r0 decided to investigate and posted his blow-by-blow
findings.

In summary, wng_z3r0 deliberately infected a machine and sought help. Just
over 24 hours later, he received a report with an explanation. He allowed
HijackRemote to continue, rebooted and upon reboot, the computer was
declared malware-free. He confirmed such was actually not the case. He
states:

"Wow. It doesn't know anything for sure, and it proclaims the computer
free. What I find most disturbing is the fact that there is no chance at a
dialog. It's a one shot and you're done kind of thing. I can guarantee you
that some malware infections are impossible to clean without getting more
info about them, or trying to figure out what the infection is in the first
place." - wng_z3r0

His report then explores the poor quality of diagnosis:

"Lack of humans at the admin level-To apply you didn't have to be
approved by a human. This is unacceptable. How is one supposed to keep out
untrained helpers when all they have to do is answer 6 questions that can be
found in 2 minutes of google searching? I would be afraid to put my computer
in the hands of someone like that." - wng_z3r0


Heh? Don't they train and qualify helpers? Let's have a look at the
HijackRemote Quiz questions used to qualify a HijackRemote helper.

!! Many people that come to CastleCops ask for help with cleaning malware,
could answer that quiz! It sure doesn't seem overly difficult to become a
HijackRemote "expert".


It's not looking good is it. OK, but this could be an example of "learning
pains". It's such a different concept that it might need some time to work
out the kinks, perhaps?

Well, let's look at an even more disturbing aspect. A malware expert who
frequents CastleCops as Security Expert, Subratam, wrote about HijackRemote
ownership in his blog. He connects HijackRemote site ownership information
originally discovered by Suzi, another CastleCops Security Expert to two
sites known to distribute spyware and concludes:

"All three domains are registered with the same info, so the
Hijackremote site is owned by someone who is installing
adware/indirectly/directly related in distributing adwares." - Subratam

Subratam adds that Merijn, the person who developed the Hijackthis logging
program, is having second thoughts about having his name and product being
associated with this site.


So here's what we know so far:

1. A utility of unknown veracity is allowed to freely examine an
unattended computer for a day or so.
2. A trial run failed to weed out malware a properly trained trained
helper would have spotted.
3. HijackRemote helpers do not have to pass any sort of rigourous
training.
4. Finding allow for no interaction with the helper.
5. The site is owned by known spyware perpetrators.

This is a disturbing picture. Based on what we know so far, CastleCops
cannot endorse the HijackRemote malware removal methodology. While it is
understood that cleaning malware can be a difficult and painful process,
HijackRemote could well exacerbate a victim's situation. Not only could the
victim be left with a false sense of security that pre-existing malware was
removed, but it is possible that even more insidious malware has been put in
place. Indeed any valuable information residing on the computer may be
directly compromised by allowing the HijackRemote client to be present for
an extended period of time! ... while unattended!!

All victims of malware infestation are advised to avoid the HijackRemote
site.

Mich...

[CGB]

Thanks for the replies.

Leythos, I am familiar with the original author's site but this "remote"
program sounded interesting. I somehow got the idea it was more automatic
and perhaps monitored for a while. It seemed different enough from what I
believe to be a good program that it piqued my interest.

Mich, that made for some interesting and justified, I think, my reservations
about the program. I am leery about some of this stuff and perhaps
fortunately so. I will use the conventional uses of HighJack This before
being the first kid on the block to try the remote thing.

Thanks.

CB