Are you fed up of reinstalling your Windows due to Malware or Spyware? Or you think that your computer might have gotton hijacked? This is where HijackThis comes in, it will Scan Your Registry and various other files for entries that are similar to what a Spyware or Hijacker Program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed.
In TrendMicro’s own words,
HijackThis lists the contents of key areas of the Registry and hard drive–areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.
After you download this software(no installation needed), make sure that you put it in the folder and then run it because it will make all backups inside that folder. When the program is launched for the first time, you will see a screen similar to the image below .
Now click the None Of The Above, Just Start The Program button. You will then be presented with the main screen as shown below.
Before you run the scan, go to Configuration by clicking the Config button. Then confirm that yours Settings are marked the same way under the Main tab as shown below.
Now you can start Scanning your computer for possible Hijackers. After the scanning is complete, you will then be presented with a screen listing of all the items found by the program as shown below.
If you want to save the Log then you can do so by clicking the Save Log button.
If you would like to see information about any of the objects listed, you can click on that object, and then press the Info On Selected Item button.
When you are done looking at the information for the various listings and you feel that you are knowledgeable enough to continue, look through the listings and select the items you would like to remove by Placing Check Marks. Once you have selected the items you would like to remove, continue by pressing the Fix Checked button.
Warning: Be careful what you delete with the “Fix checked” button. Scan results do not determine weather an item is bad or not. The best thing you can do is to click on “AnalyzeThis button, this will show you log to the TrendSecure(they are bunch of knowledgeable folks who know which one is the bad file that you should remove).
How To Interpret The Scan Listings
Every line on the Scan List for HijackThis starts with a section name. Below is a list of these section names,
R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3 Auto loading programs
N2, N3,N1, N4 Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2 Browser Helper Objects
O3 Internet Explorer toolbar
O4 Auto loading programs from Registry
O5 IE Options icon not visible in Control Panel
O6 IE Options access restricted by Administrator
O7 Reg edit access restricted by Administrator
O8 Extra items in the IE right-click menu
O9 Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’ menu
O10 Win sock hijacker
O11 Extra group in IE ‘Advanced Options’ window
O12 IE Plugins
O13 IE Default Prefix hijack
O14 Reset Web Settings hijack
O15 Unwanted site in Trusted Zone
O16 ActiveX Objects (aka Downloaded Program Files)
O17 Lop.com/Domain Hijackers
O18 Extra protocols and protocol hijackers
O19 User style sheet hijack
O20 AppInit_DLLs Registry value Autorun
O21 Shell Service Object Delay Load
O22 Shared Task Scheduler
O23 Windows XP/NT/2000 Services
O24 Windows Active Desktop Components
How To Restore Items From Backup
HijackThis comes with a backup and restore procedure in case you mistakenly remove an entry that is actually needed. If the Make Back Ups Before Fixing Items option is checked in the Confuguration before you ran the scan, then it will make a backup of any entries that you fix in a directory called Back Ups that will reside in the same folder where you have put HijackThis program.
If you need to make a backup simply go to the Configurations, and then click on Backup you will have a listing of all the items that you had fixed previously and have the option of restoring them.