HijackThis 101 ? A comprehensive Tutorial for using HijackThis when cleaning a computer.
ATTENTION: This tutorial is under construction! Please do not post to it!
If you wish to comment, query or just put in your 2 cents, start a new thread with: 2oG/HJT added to your subject line. That way I?ll pick it up quicker.
ddp informs me that anyone posting to this sticky will be banned from AfterDawn until AfterMidnight, ostracized, chastised and beaten severely about the head and shoulders with a wet noodle! Got the picture?
What is HijackThis?
A now legendary program written by Merijn Bellekom, initially based on the article Hijacked!, HijackThis (you've got to love the attitude in the name) was a general homepage hijack detector and removal tool for the methods used by browser hijackers to force you onto their sites. Later it was expanded with other checks to inspect malware hiding places.
For some time, HijackThis was the preferred tool used by helpers to interrogate a computer system to get an understanding of what files or programs were being run and how they were being launched. The log produced by HijackThis displayed entries by various categories - R3, O4, and O23 are three examples. Though HijackThis is not used as widely now, newer tools and helpers still refer to these categories...
HijackThis makes no separation between safe and unsafe settings in its scan results, leaving you or your helper to analyze, find and selectively Fix the ?Bad? items in your machine. The vast majorities of the items HijackThis displays are harmless, and in many cases necessary for the proper functioning of something legitimate. In other words, you can do a lot of damage with HijackThis if you start deleting items willy-nilly.
Fixing lines in a HijackThis scan removes the registry key that points to the file or program in that line, disabling it from starting and running. It does not remove the file or program (Malware) itself which must be removed manually.
You should attempt to clean Malware with all other methods before using HijackThis! If you allow HijackThis to fix entries before another removal tool scans your computer the files from the Malware will still be there with their registry keys removed and future removal tools will not be able to find them.
Unfortunately, diagnosing the scan results of a HijackThis log can be complicated.
Hopefully my recommendations and explanations will ease the way.
INDEX
This is Merjin?s original Tutorial that I will be updating: For practical information, click the section name you need help with:
? R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
? F0, F1, F2, F3 - Autoloading programs
? N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
? O1 - Hosts file redirection
? O2 - Browser Helper Objects
? O3 - Internet Explorer toolbars
? O4 - Autoloading programs from Registry
? O5 - IE Options icon not visible in Control Panel
? O6 - IE Options access restricted by Administrator
? O7 - Regedit access restricted by Administrator
? O8 - Extra items in IE right-click menu
? O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
? O10 - Winsock hijacker
? O11 - Extra group in IE 'Advanced Options' window
? O12 - IE plugins
? O13 - IE DefaultPrefix hijack
? O14 - 'Reset Web Settings' hijack
? O15 - Unwanted site in Trusted Zone
? O16 - ActiveX Objects (aka Downloaded Program Files)
? O17 - Lop.com domain hijackers
? O18 - Extra protocols and protocol hijackers
? O19 - User style sheet hijack
? O20 - AppInit_DLLs Registry value autorun ? O21 - ShellServiceObjectDelayLoad Registry key autorun
? O22 - SharedTaskScheduler Registry key autorun
? O23 - Windows NT Services024 - ActiveX Desktop Components
? O24 ? ActiceX Desktop Components
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
This message has been edited since posting. Last time this message was edited on 28. September 2013 @ 19:56
