Did Your Computer Get Hijacked? Remove Hijacks From Your Computer With HijackThis

Are you fed up of reinstalling your Windows due to Malware or Spyware? Or you think that your computer might have gotton hijacked? This is where HijackThis comes in, it will Scan Your Registry and various other files for entries that are similar to what a Spyware or Hijacker Program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get installed.

In TrendMicro’s own words,

HijackThis lists the contents of key areas of the Registry and hard drive–areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites.

After you download this software(no installation needed), make sure that you put it in the folder and then run it because it will make all backups inside that folder. When the program is launched for the first time, you will see a screen similar to the image below .

clip_image003

Now click the None Of The Above, Just Start The Program button. You will then be presented with the main screen as shown below.

clip_image005

Before you run the scan, go to Configuration by clicking the Config button. Then confirm that yours Settings are marked the same way under the Main tab as shown below.

clip_image007

Now you can start Scanning your computer for possible Hijackers. After the scanning is complete, you will then be presented with a screen listing of all the items found by the program as shown below.

clip_image009

If you want to save the Log then you can do so by clicking the Save Log button.

clip_image011

If you would like to see information about any of the objects listed, you can click on that object, and then press the Info On Selected Item button.

clip_image013

When you are done looking at the information for the various listings and you feel that you are knowledgeable enough to continue, look through the listings and select the items you would like to remove by Placing Check Marks. Once you have selected the items you would like to remove, continue by pressing the Fix Checked button.

Warning: Be careful what you delete with the “Fix checked” button. Scan results do not determine weather an item is bad or not. The best thing you can do is to click on “AnalyzeThis button, this will show you log to the TrendSecure(they are bunch of knowledgeable folks who know which one is the bad file that you should remove).

How To Interpret The Scan Listings

Every line on the Scan List for HijackThis starts with a section name. Below is a list of these section names,

Section Name

R0, R1, R2, R3 Internet Explorer Start/Search pages URLs

F0, F1, F2,F3 Auto loading programs

N2, N3,N1, N4 Netscape/Mozilla Start/Search pages URLs

O1 Hosts file redirection

O2 Browser Helper Objects


O3 Internet Explorer toolbar

O4 Auto loading programs from Registry

O5 IE Options icon not visible in Control Panel

O6 IE Options access restricted by Administrator

O7 Reg edit access restricted by Administrator

O8 Extra items in the IE right-click menu

O9 Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’ menu

O10 Win sock hijacker

O11 Extra group in IE ‘Advanced Options’ window

O12 IE Plugins

O13 IE Default Prefix hijack

O14 Reset Web Settings hijack

O15 Unwanted site in Trusted Zone

O16 ActiveX Objects (aka Downloaded Program Files)

O17 Lop.com/Domain Hijackers

O18 Extra protocols and protocol hijackers

O19 User style sheet hijack

O20 AppInit_DLLs Registry value Autorun

O21 Shell Service Object Delay Load

O22 Shared Task Scheduler

O23 Windows XP/NT/2000 Services

O24 Windows Active Desktop Components

How To Restore Items From Backup

HijackThis comes with a backup and restore procedure in case you mistakenly remove an entry that is actually needed. If the Make Back Ups Before Fixing Items option is checked in the Confuguration before you ran the scan, then it will make a backup of any entries that you fix in a directory called Back Ups that will reside in the same folder where you have put HijackThis program.

If you need to make a backup simply go to the Configurations, and then click on Backup you will have a listing of all the items that you had fixed previously and have the option of restoring them.

Advertisement
  • CZAR

    i want to know how to cancel the restriction on my computer. i can not system restore, regedit. last jan 30 i went for my annual vacation to my home country when i returned back to oman i found my self restricted by the administrator. it seems i cannot do regedit, system restore. can pls anyone knows the solution of this simple problem.

    thanks, czar