User User name Password  
   
Monday 14.10.2024 / 09:48
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis 101
Show topics
 
Forums
Forums
HijackThis 101
  Jump to:
 
Posted Message
AfterDawn Addict
_
11. September 2013 @ 21:33 _ Link to this message    Send private message to this user   

HijackThis 101 ? A comprehensive Tutorial for using HijackThis when cleaning a computer.

ATTENTION: This tutorial is under construction! Please do not post to it!

If you wish to comment, query or just put in your 2 cents, start a new thread with: 2oG/HJT added to your subject line. That way I?ll pick it up quicker.

ddp informs me that anyone posting to this sticky will be banned from AfterDawn until AfterMidnight, ostracized, chastised and beaten severely about the head and shoulders with a wet noodle! Got the picture?




What is HijackThis?

A now legendary program written by Merijn Bellekom, initially based on the article Hijacked!, HijackThis (you've got to love the attitude in the name) was a general homepage hijack detector and removal tool for the methods used by browser hijackers to force you onto their sites. Later it was expanded with other checks to inspect malware hiding places.

For some time, HijackThis was the preferred tool used by helpers to interrogate a computer system to get an understanding of what files or programs were being run and how they were being launched. The log produced by HijackThis displayed entries by various categories - R3, O4, and O23 are three examples. Though HijackThis is not used as widely now, newer tools and helpers still refer to these categories...

HijackThis makes no separation between safe and unsafe settings in its scan results, leaving you or your helper to analyze, find and selectively Fix the ?Bad? items in your machine. The vast majorities of the items HijackThis displays are harmless, and in many cases necessary for the proper functioning of something legitimate. In other words, you can do a lot of damage with HijackThis if you start deleting items willy-nilly.

Fixing lines in a HijackThis scan removes the registry key that points to the file or program in that line, disabling it from starting and running. It does not remove the file or program (Malware) itself which must be removed manually.

You should attempt to clean Malware with all other methods before using HijackThis! If you allow HijackThis to fix entries before another removal tool scans your computer the files from the Malware will still be there with their registry keys removed and future removal tools will not be able to find them.


Unfortunately, diagnosing the scan results of a HijackThis log can be complicated.
Hopefully my recommendations and explanations will ease the way.

INDEX

This is Merjin?s original Tutorial that I will be updating:

For practical information, click the section name you need help with:

? R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
? F0, F1, F2, F3 - Autoloading programs
? N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
? O1 - Hosts file redirection
? O2 - Browser Helper Objects
? O3 - Internet Explorer toolbars
? O4 - Autoloading programs from Registry
? O5 - IE Options icon not visible in Control Panel
? O6 - IE Options access restricted by Administrator
? O7 - Regedit access restricted by Administrator
? O8 - Extra items in IE right-click menu
? O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
? O10 - Winsock hijacker
? O11 - Extra group in IE 'Advanced Options' window
? O12 - IE plugins
? O13 - IE DefaultPrefix hijack
? O14 - 'Reset Web Settings' hijack
? O15 - Unwanted site in Trusted Zone
? O16 - ActiveX Objects (aka Downloaded Program Files)
? O17 - Lop.com domain hijackers
? O18 - Extra protocols and protocol hijackers
? O19 - User style sheet hijack
? O20 - AppInit_DLLs Registry value autorun
? O21 - ShellServiceObjectDelayLoad Registry key autorun
? O22 - SharedTaskScheduler Registry key autorun
? O23 - Windows NT Services024 - ActiveX Desktop Components
? O24 ? ActiceX Desktop Components






There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 28. September 2013 @ 19:56

Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis 101
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork