MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

AntiSpyware from Microsoft

Free Adware Scanner

Free Anti Virus

Free Browser

Free Browser Exploit Disabler

Free Cleaner

Free Firewall

Free PDF file creator

Free Picasa

Free Popup Blocker

Free Registry Scanner

Free Spam Protection

Free TIFF file creator

Free Vista SP1 Update

Free XP SP3 Update

Hijack This - Analysis Tools

Hijack This - StartupList

Microsoft VM

Process Viewer Utility

ROSE Data Support

SIP client for Mac OS X

SpywareBlaster

Virus Removal Tool from Microsoft

NetBeui on Vista & XP

Business Software Support Download
Home » Download » 

HijackThis Log Tool

HijackThis is a good tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, on-line updates and more.

Intended for advanced users. Here is the step-by-step usage:

  • Download 200KB (small) Version 1.99.1 or the older version 1.98.2
    or from the author's website or alternate site.
  • Unzip to your desktop.
  • Double click on "HijackThis.exe" icon.
    Note: If there is a message "A required .DLL file was not found.", you will need to download the VB6 runtime from this link. And then install it.
  • Click on the "Scan" button, the program will perform a quick scan. 
  • Click the save Log. 
  • Highlight the key and click "Info on select item..." button.
  • Study the prompt.  You may submit your log file here for 3rd Party Opinion (Note: due to our heavy workload, we take about 3 days to response).  Before you submit your log, see some of the free analysis that we have performed below.  It may be similar to what you are encountering.
  • To remove the offending key, click it and click the "Fix checked" button.

For those who have benefited from our analysis, please don't forget to donate to The Salvation Army!

Below is an example of a clean (newly installed) computer's log file.

Logfile of HijackThis v1.97.7
Scan saved at 1:33:34 PM, on 4/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O3 - Toolbar: &Radio - {8E718888} - C:\WINDOWS\System32\msdxm.ocx
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=about:blank

More example

Quick log section name reference:

  • R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
        R0 - Changed registry value
        R1 - Created registry value
        R2 - Created registry key
        R3 - Created extra registry value where only one should be
  • F0, F1 - Autoloading programs
        F0 - Changed inifile value
        F1 - Created inifile value
        F2 - Changed inifile value, mapped to Registry
        F3 - Created inifile value, mapped to Registry
  • N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
        N1 - Change in prefs.js of Netscape 4.x
        N2 - Change in prefs.js of Netscape 6
        N3 - Change in prefs.js of Netscape 7
        N4 - Change in prefs.js of Mozilla
  • O1 - Hosts file redirection
  • O2 - Browser Helper Objects
  • O3 - Internet Explorer toolbars
  • O4 - Autoloading programs from Registry
  • O5 - IE Options icon not visible in Control Panel
  • O6 - IE Options access restricted by Administrator
  • O7 - Regedit access restricted by Administrator
  • O8 - Extra items in IE right-click menu
  • O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
  • O10 - Winsock hijacker
  • O11 - Extra group in IE 'Advanced Options' window
  • O12 - IE plugins
  • O13 - IE DefaultPrefix hijack
  • O14 - 'Reset Web Settings' hijack
  • O15 - Unwanted site in Trusted Zone
  • O16 - ActiveX Objects (aka Downloaded Program Files)
  • O17 - Lop.com domain hijackers
  • O18 - Extra protocols and protocol hijackers
  • O19 - User style sheet hijack
  • O20 - AppInit_DLLs Registry value autorun
  • O21 - ShellServiceObjectDelayLoad Registry key autorun
  • O22 - SharedTaskScheduler Registry key autorun
  • O23 - NT Services, which lists all (non-disabled, non-Microsoft) services, like Msconfig.

Running processes explained:

Besides scanning the registry, HiJackThis can be used to perform the followings:

scan

  • Generate Startup List - A simple tool that lists all and every auto starting program on your system.  Commonly used to troubleshoot malfunctioning systems, trojan/viral infections, new spyware/malware breed and similar in concept with MSCONFIG.
  • Open process manager - Launch the process manager (same as Windows Task Manager).  You can easily double click on its content to study the version of the file.
  • Open host file manager - Use this option to view or launch notepad.exe for editing hosts file in etc directory.
  • Delete a file on reboot - If a file cannot be removed from memory, you can use this option to delete it when system is restarted (reboot).
  • Open ADS Spy - Scan for hidden file stream.  This utility can be used to view ADS streams on Windows 2000/XP systems with NTFS. ADS (Alternate Data Stream) is a technique used to store meta-info on files, which unfortunately is currently being used by the more aggresive browser hijackers.

utilities and tools

Example of a clean HijackThis Logfile

Example of a clean Hosts Log

Example of a clean StartupList


commentPost your comment (7) 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.