[[spyware_malware:hijackthis]]
 
Trace: » solaris_10_installation » apple_osx_tips_and_links » converting_video_formats » wireless_networking_setup » how_to_convert_dv_to_xvid » how_fast_is_my_connection » how_to_remove_incredimail » vista_take_file_ownership » upatched_security_exploits » hijackthis
Table of Contents

HijackThis

by ilago

HijackThis is a utility originally developed by Merijn Bellekom but sold to TrendMicro as of Monday 12/03/07. Information on any changes to HijackThis use or download sites will be entered here as they come to hand. It does a scan of your computer and lists all of the processes that are running and shows where they are starting from in the operating system. It's major use is for tracking down virus, trojan and spyware infections. But it can be used for assessing what is running a computer that has problems that a user can't describe well in words. It shows what is happening at the time the log scan was carried out. It has many utility functions but the major function is the system scanning tool. If you have an old version please make sure you are using the most recent version by downloading it again.

If the download site recommended is the TrendMicro site, DO NOT run Scanalyzer. It is not designed to find malicious software and gives misleading information. It's designed to collect statistical information for TrendMicro.

The logs show a lot of information. Some of what is shown is important, even critical, for the correct operation of your system. Incorrect use of HijackThis can result in an unbootable computer. It should be used in conjunction with an expert helper or by technical users with in depth operating system knowledge. Please don't use it without help unless you are very sure of what you are doing. It is quite safe to make a log for posting.

**For Windows 98, Windows 2000, Windows XP**

Download the most recent version of HijackThis from one of the links below these instructions. Save HJTInstall.exe to your desktop.

  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

http://www.bleepingcomputer.com/files/hijackthis.php
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

There is some malware that recognises HijackThis. HijackThis has been renamed in the links below to deal with this problem. You will be advised if you need to use one of these versions with a different name. Right click the file and rename it to Findbadstuff.exe. Then double click on that file and a screen will open. Click on the Do System Scan and make Log file button. A file will open in Notepad or Wordpad.

Download HijackThis from these sites. It is the correct file. Make a new folder and put Hijackthis in the new folder. Something like My Documents\HijackThis would be OK. If you use it from a temporary folder it is likely to be deleted as part of the fix procedures. If you use it from your desktop, it will save backup files on the desktop - not a disaster but very untidy. You will also not be able to reverse changes if necessary.:

http://www.bleepingcomputer.com/files/hijackthis_sfx.php

**For Windows Vista**

Note: Hijackthis is not designed to handle the registry and system structures of Vista system design. It if of limited value for diagnosis of infections outside browser related infections. It still has some uses, but only use if directed by a malware removal person who is aware of the limitations and the type of infection.

Please download the TrendMicro version of HijackThis from Trend.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

For HJT to work properly in Vista, you have to right click on hijackthis.exe (or findbadstuff.exe)and select Run as Administrator. You will need to agree to the licence for use conditions. When HijackThis opens it will sometimes present the Scan window. Click on the Main Menu button and select Do system scan and make log file. Logs from Vista have some unfamiliar entries, but many of the entries are related to Vista and are not necessarily related to malware. HijackThis still works the same way.

Follow the instructions above to make a new folder for HijackThis. Do not run it from a Download folder, a Temp folder or the Desktop.

If you have UAC enabled click Allow on any alerts that you get.

**For Windows 7**

HijackThis is of limited value. Windows 7 has further separated the user/system functions and structures. If you think you are dealing with an infected Windows 7 system follow this procedure:

  • Microsoft Malicious Software Removal Tool - download the tool directly from Microsoft The tool is free and does provide a report in the event that it detects malware.
  • Malwarebytes Antimalware - Download MBAM from Malwarebytes.org. Install the application and follow the prompts to update and launch it. Run the Quick Scan. When it's complete make sure that you select to perform all actions if any malware is found and a listing window appears. It may ask to reboot and it will provide a log that opens automatically in Notepad.

To post a HijackThis log in Techtalk:
Make a new topic with the name of the worst problem you have. Titles like Help or Virus!! don't give much information.

Post the whole log and include what you have already done and as many details of the problems you are having as possible. Often what is happening on your computer is just as important as anything the HijackThis logs show.

Select about half the log in Notepad - up to about the end of the O4 entries and post them into the forum in a new topic. Then click on reply and post the rest of the log. Check that all entries are posted. There is a limit to the length of the posts so check where the first post stops and click on Reply. Select the rest of the log and post that. Some really bad logs can take three or even more posts.

HijackThis Log Tutorials

This list can likely be pruned, however here are 3 hijackthis tutorials that I reference to when in doubt. The Tutorial at BleepingComputer is regularly updated.

Bleeping Computer HijackThis Tutorial
Aumha HJT Tutor

There will be some changes to this page as the scanner used may be updated from HijackThis fairly soon.

 
spyware_malware/hijackthis.txt · Last modified: 2010/06/10 04:41 by quinquenervia
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki