We all have security software on our computers. Ideally those security software will protect us against malware but sometimes that doesn’t work so well; either the software don’t detect malware or they can’t properly remove it. If you suspect your computer is infected with malware and running scans with your security software isn’t fixing it, HijackThis may be the tool for you.
WHAT IS HIJACKTHIS
HijackThis is a small, portable tool that scans specific areas of your computer where malware are likely to reside or make changes to, areas such as registry keys, services, BHOs, and the HOSTS file. It then displays the scan results, allowing you to manually fix areas that you think are infected. If you are not tech savvy enough to figure it out yourself, HijackThis has the ability to save scan results in text files which you can share with techie friends who can then identify areas that might be infected.
Exactly what areas of your computer does HijackThis scan? The following:
R – Registry, StartPage/SearchPage changes
R0 – Changed registry value
R1 – Created registry value
R2 – Created registry key
R3 – Created extra registry value where only one should be
F – IniFiles, autoloading entries
F0 – Changed inifile value
F1 – Created inifile value
F2 – Changed inifile value, mapped to Registry
F3 – Created inifile value, mapped to Registry
N – Netscape/Mozilla StartPage/SearchPage changes
N1 – Change in prefs.js of Netscape 4.x
N2 – Change in prefs.js of Netscape 6
N3 – Change in prefs.js of Netscape 7
N4 – Change in prefs.js of Mozilla
O – Other, several sections which represent:
O1 – Hijack of auto.search.msn.com with Hosts file
O2 – Enumeration of existing MSIE BHO’s
O3 – Enumeration of existing MSIE toolbars
O4 – Enumeration of suspicious autoloading Registry entries
O5 – Blocking of loading Internet Options in Control Panel
O6 – Disabling of ‘Internet Options’ Main tab with Policies
O7 – Disabling of Regedit with Policies
O8 – Extra MSIE context menu items
O9 – Extra ‘Tools’ menuitems and buttons
O10 – Breaking of Internet access by New.Net or WebHancer
O11 – Extra options in MSIE ‘Advanced’ settings tab
O12 – MSIE plugins for file extensions or MIME types
O13 – Hijack of default URL prefixes
O14 – Changing of IERESET.INF
O15 – Trusted Zone Autoadd
O16 – Download Program Files item
O17 – Domain hijack
O18 – Enumeration of existing protocols and filters
O19 – User stylesheet hijack
O20 – AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 – ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 – SharedTaskScheduler autorun Registry key
O23 – Enumeration of NT Services
O24 – Enumeration of ActiveX Desktop Components
In addition to scanning the above-mentioned areas of your computer, HijackThis has the ability to create a special report of just startup processes, a process manager, a HOSTS file manager, the ability to delete a user-defined file on reboot, the ability to delete a Windows NT service, an ADS Spy utility, and a basic uninstaller.
WHAT HIJACKTHIS IS NOT
HijackThis is not an anti-virus, anti-spyware, firewall, etc. HijacThis does not automatically detect and remove malware. HijackThis is a tool for manual analysis of areas of your computer that are likely to be infected if you have malware. HijackThis does have the ability to remove/”fix” what is infected but you must manually tell HijackThis what to fix — it doesn’t do it automatically for you.
HOW TO USE HIJACKTHIS
When you run HijackThis (remember, it is portable so no installation is necessary) you will be asked what you want to do:
Do a system scan and save a logfile scans your system, displays the results to you, and saves the results in a text file (which is placed in the same folder as where you have the HijackThis EXE file). Do a system scan only does a system scan and displays the results to you but does not save the results in a text file.
Scans are pretty quick and the results are displayed to you on-screen:
Once you have the scan results, it is up to you to look through the list and determine what – if anything – is infected. If you cannot understand the results shown to you, using the Save log button allows you to save the scan results into a text file (be sure to add a .txt extension to the file name when saving the log otherwise it won’t save as a text file) which you can then share with someone who can help you.
If you are not sure what an item is, selecting it (single left-click) and hitting the Info on selected item… displays more information on what the item is:
If you decide there is something that is infected, checking the checkbox next to that item and hitting the Fix checked button tells HijackThis to try to fix that specific item. How HijackThis fixes the item depends on what you selected, for example if you select a BHO it will be removed by HijackThis. HijackThis makes automatic backups of everything before applying any fixes so you can easily restore at a later date if you make a mistake.
On the other hand, if you know for sure something is safe and you don’t want HijackThis scanning it in the future, you can check the checkbox and hit the Add checked to ignorelist to tell HijackThis to ignore that item in the future.
At at the scan results window there is an AnalyzeThis button which makes it sound like HijackThis will analyze the list and tell you if anything is infected. In reality, however, that button simply opens a web page in your default browser window telling you that you should submit the scan results to a tech help forum:
HIJACKTHIS SETTINGS AND OTHER TOOLS
Hitting the Config button from the main program window gives you access to HijackThis settings, ignorelist, backup list, and the other tools it has:
CONCLUSION AND DOWNLOAD LINKS
HijackThis isn’t a magic wand for fixing your computer. However, it is a very useful tool to help analyze and catch malware; the ability to share scan results is a huge plus for people who aren’t tech savvy themselves.
You can grab HijackThis from the links below:
Supported OS: All Windows
Download size: 380 KB
Malware status: VirusTotal malware scan (0/43)