Get Geeky and Fix your PC with HijackThis

smileyangry   Get Geeky and Fix your PC with HijackThisWhat is your nastiest experience with viruses and/or other malware? The other day just before presentations my friend came to me with his laptop and showed me the havoc that had reigned on it! He had burnt some discs for others, using data from their USB drive and in the process got infected. Now he was unable to run Powerpoint, nor was he able to scan with the anti-virus as it won’t start a scan due to the infections (see the irony). Just the splash screens and boom – nothing seemed to run.

Boot into safe mode and it got stuck again. We couldn’t just get there. Luckily I had HijackThis in my USB drive and it helped analyse the problem and eventually we cleaned it to the point that he could deliver his presentation.

The moral: No matter what security software you have, you will have to get your hands wet one day so you’d better be prepared!

So what is HijackThis? An anti-virus? Malware removal tool? Anti-spyware? Well nothing fancy, actually its a tool that gives you a log (or dump) of your system’s present state. You can then analyze it yourself or post it at a vast majority of forums that will help you with your problem. In fact a HijackThis log is the first thing they ask for when you discuss your problem on forums. Lets see how you can Make Use Of it!

HijackThis Download and Install

First off you must have HijackThis on your system. Download here and run the executable, then fire up HijackThis. You will be greeted with not much of a fancy but nevertheless a pretty powerful tool.

hijackwelcomepng   Get Geeky and Fix your PC with HijackThis

What can you do?

  • You can scan your system and save a log file.
  • Simply scan your system.
  • Undo the changes you made earlier.
  • View the running processes and perform some actions on them.
  • View the system Host file.
  • Set it up to delete locked files on next system reboot.
  • Delete services, open AdSpy and open a powerful uninstall manager.

Let us begin with a system scan and then I will tell you how to interpret the log (it’s not for the faint hearted!). Click on “Scan and save a log file” or simple “Scan”. You will see a plethora of information in a window like the following, this can seem frightening as none of this makes sense at first but lets take a closer look.

log   Get Geeky and Fix your PC with HijackThis

First thing to take note of is that towards the left (region 1, marked with red) you will see some codes like R1, R2, R3, O8,O9 etc. All these codes have special meanings (refer table). Towards the right (region 2, marked with green) you will see the details of the file in question.

Section Name
Description
R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3Auto loading programs
N1, N2, N3, N4Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2Browser Helper Objects
O3Internet Explorer toolbars
O4Auto loading programs from Registry
O5IE Options icon not visible in Control Panel
O6IE Options access restricted by Administrator
O7Regedit access restricted by Administrator
O8Extra items in the IE right-click menu
O9Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’
menu
O10Winsock hijacker
O11Extra group in IE ‘Advanced Options’ window
O12IE plugins
O13IE Default Prefix hijack
O14‘Reset Web Settings’ hijack
O15Unwanted site in Trusted Zone
O16ActiveX Objects (aka Downloaded Program Files)
O17Lop.com/Domain Hijackers
O18Extra protocols and protocol hijackers
O19User style sheet hijack
O20AppInit_DLLs Registry value Autorun
O21ShellServiceObjectDelayLoad
O22SharedTaskScheduler
O23Windows XP/NT/2000 Services
O24Windows Active Desktop Components
Table from: Bleeping Computer

Now let’s say you notice something fishy with IE or Firefox then you will see the lines marked R0, R1, R2, R3 and N1, N2, N3 and N4 and see if they contain something you don’t think is correct (like free pills!) or don’t remember installing. After confirming that, you can place a check mark on that particular entre and click “fix selected”.

You can also highlight the entry and click on “Info on selected item” to get some more information about the entry, and then you can decide if it’s indeed causing trouble. If you find yourself stuck click “analyse this” and you will be taken to a help page or alternatively you can post your log on forums and get help.

info   Get Geeky and Fix your PC with HijackThis

Some quick tips

All of this information may please a geek but not all of us is one! So I present some personal quick tips from my experience with Windows and the problems it has thrown at my face:

  1. First and foremost check out the automatically starting applications (the entries marked O4) , If anything looks suspicious just Google for the file name and you will know if it’s legitimate or not. Remove it if it’s not legitimate. You can also check at Process Library or visit here and download the list for use in offline enviornments if you can’t get to the Internet.
  2. Use the Process manager from HijackThis or the Windows Task manager to view the processes currently running. Again Google the suspicious filename and end it and remove it from automatically starting by combining this and the previous point.
  3. Make sure you remove the actual file from the computer once you have verified that its harmful. (You might have to show contents of system folders and hidden files to achieve this, or better use the command line).
  4. Check out the entries with the code O23, you will have to Google most of them if you don’t know what they mean but the entries here could be potentially harmful to your system. Remove the non legitimate ones.
  5. Check out R0 – R3 and N0 – N3 if you find your browser misbehaving and redirecting somewhere else where you didn’t want to go.
  6. Boot into safe mode, turn off system restore and do a scan with your antivirus and clean the system. You can also try the latest version of Stinger to find and remove infections from an infected system.
  7. Be careful the next time. I don’t find many users doing this but please if you are using Windows XP then please create a separate limited account and do your routine work from within it. Occasionally log into the administrator account to do maintainance and software installs etc. This is very important because even if you get infected while logged in a non administrator account, the malicious files don’t have enough rights to do as much damage as they can when you are logged in as administrator.
  8. If you can’t make sense of something then visit forums and take help. After doing so once or twice you will gain confidence and will be able to make use of this wonderful tool.

HijackThis is very powerful if you just master how to read and use it. It has a built in uninstall manager to remove misbehaving application. A process manager, backup utility to backup the changes you are going to make, ability blacklist or whitelist items. I planned on giving more information on each and every type but think it will get advanced and long (it already is!) so I am having to limit this.

Do let us know if you will like some more information, or would like to know more about Hijackthis in detail? Or perhaps you know of another tool that does a better job?

(By) Varun Kashyap – A tech enthusiast, programmer and a blogger, who personally loves tools like Hijackthis. Know about such tools and more at his TechCrazy blog.

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

12 Comments -

0 votes

Monica

Will download and keep it in my USB.. I often to have face such problems in my college.. Thanks!

0 votes

darkkosmos

I hope by geeky you don’t mean wasting your time, just get an anti virus and you won’t have to go over this and miss out the virus

0 votes

Varun Kashyap

It’s cannot be taken as “wasting of time”, specially if you do any serious work on your computer, there can be n reasons that an Antivirus can fail to detect an infection. If you like doing advanced stuff with your computer this is the thing you would definitely want to keep, even if you are not of the type you still require it if you want to get help on forums etc because it is the first thing that everyone expects you to be having.
I know the information can seem overwhelming at first but that’s the point. In fact did you know Trend Micro (of PCcillin fame) is now supporting HijackThis?

0 votes

Brainiac

@ darkkosmos

That’s the whole point of HijackThis, it comes to the rescue when the antivirus program fails or can’t be started.

0 votes

Aibek

Varun, thanks for the excellent review. I had a quick look at HijackThis a while ago but didn’t realise it was so thorough. That’s definitely going to my USB drive. This also reminds me of another cool app to keep on your USB stick, check out Net Tools

0 votes

Varun Kashyap

Yes, Net Tools is another such amazing tool, the only issue is that its not portable. Gives amazing info about the system though

0 votes

Aibek

Yeah, it’s a regualr app and needs to be installed before someone can use it.

0 votes

Gary

You mention forums where you can get help with your log; can you recommend some? I’ve lost my desktop icons and taskbar in windows xp (taskmanager, explorer, and dr. watson won’t work either). Hoping HiJackThis might help. Do you know how I could get it to run from a usb drive? Its an older computer-can’t boot from a usb drive. Thanks!

0 votes

Varun Kashyap

Try techsupportforums.com.
This looks like a problem to work with HijackThis! You don’t need to boot from the usb drive, just download HijackThis and extract and Run the executable. Thats it. If you need more help you can connect with me at varun at makeuseof dot com