What is your nastiest experience with viruses and/or other malware? The other day just before presentations my friend came to me with his laptop and showed me the havoc that had reigned on it! He had burnt some discs for others, using data from their USB drive and in the process got infected. Now he was unable to run Powerpoint, nor was he able to scan with the anti-virus as it won’t start a scan due to the infections (see the irony). Just the splash screens and boom - nothing seemed to run.
Boot into safe mode and it got stuck again. We couldn’t just get there. Luckily I had HijackThis in my USB drive and it helped analyse the problem and eventually we cleaned it to the point that he could deliver his presentation.
The moral: No matter what security software you have, you will have to get your hands wet one day so you’d better be prepared!
So what is HijackThis? An anti-virus? Malware removal tool? Anti-spyware? Well nothing fancy, actually its a tool that gives you a log (or dump) of your system’s present state. You can then analyze it yourself or post it at a vast majority of forums that will help you with your problem. In fact a HijackThis log is the first thing they ask for when you discuss your problem on forums. Lets see how you can Make Use Of it!
First off you must have HijackThis on your system. Download here and run the executable, then fire up HijackThis. You will be greeted with not much of a fancy but nevertheless a pretty powerful tool.
Let us begin with a system scan and then I will tell you how to interpret the log (it’s not for the faint hearted!). Click on “Scan and save a log file” or simple “Scan”. You will see a plethora of information in a window like the following, this can seem frightening as none of this makes sense at first but lets take a closer look.
First thing to take note of is that towards the left (region 1, marked with red) you will see some codes like R1, R2, R3, O8,O9 etc. All these codes have special meanings (refer table). Towards the right (region 2, marked with green) you will see the details of the file in question.
|
Section Name
|
Description
|
| R0, R1, R2, R3 | Internet Explorer Start/Search pages URLs |
| F0, F1, F2,F3 | Auto loading programs |
| N1, N2, N3, N4 | Netscape/Mozilla Start/Search pages URLs |
| O1 | Hosts file redirection |
| O2 | Browser Helper Objects |
| O3 | Internet Explorer toolbars |
| O4 | Auto loading programs from Registry |
| O5 | IE Options icon not visible in Control Panel |
| O6 | IE Options access restricted by Administrator |
| O7 | Regedit access restricted by Administrator |
| O8 | Extra items in the IE right-click menu |
| O9 | Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’ menu |
| O10 | Winsock hijacker |
| O11 | Extra group in IE ‘Advanced Options’ window |
| O12 | IE plugins |
| O13 | IE Default Prefix hijack |
| O14 | ‘Reset Web Settings’ hijack |
| O15 | Unwanted site in Trusted Zone |
| O16 | ActiveX Objects (aka Downloaded Program Files) |
| O17 | Lop.com/Domain Hijackers |
| O18 | Extra protocols and protocol hijackers |
| O19 | User style sheet hijack |
| O20 | AppInit_DLLs Registry value Autorun |
| O21 | ShellServiceObjectDelayLoad |
| O22 | SharedTaskScheduler |
| O23 | Windows XP/NT/2000 Services |
| O24 | Windows Active Desktop Components |
| Table from: Bleeping Computer | |
Now let’s say you notice something fishy with IE or Firefox then you will see the lines marked R0, R1, R2, R3 and N1, N2, N3 and N4 and see if they contain something you don’t think is correct (like free pills!) or don’t remember installing. After confirming that, you can place a check mark on that particular entre and click “fix selected”.
You can also highlight the entry and click on “Info on selected item” to get some more information about the entry, and then you can decide if it’s indeed causing trouble. If you find yourself stuck click “analyse this” and you will be taken to a help page or alternatively you can post your log on forums and get help.
All of this information may please a geek but not all of us is one! So I present some personal quick tips from my experience with Windows and the problems it has thrown at my face:
HijackThis is very powerful if you just master how to read and use it. It has a built in uninstall manager to remove misbehaving application. A process manager, backup utility to backup the changes you are going to make, ability blacklist or whitelist items. I planned on giving more information on each and every type but think it will get advanced and long (it already is!) so I am having to limit this.
Do let us know if you will like some more information, or would like to know more about Hijackthis in detail? Or perhaps you know of another tool that does a better job?
(By) Varun Kashyap - A tech enthusiast, programmer and a blogger, who personally loves tools like Hijackthis. Know about such tools and more at his TechCrazy blog.
Enjoyed this article? Subscribe to MakeUseOf and get daily updates about new cool websites and programs in your email for free. Plus get free cheat sheets to your favorite programs.
Filed Under: Cool Software Apps ¦ How-To ¦ Windows
Tags: admin, anti-spyware, anti-virus, How-To, portable app, repair, security, troubleshoot, usb drive, windows tips
Will download and keep it in my USB.. I often to have face such problems in my college.. Thanks!
I hope by geeky you don’t mean wasting your time, just get an anti virus and you won’t have to go over this and miss out the virus
It’s cannot be taken as “wasting of time”, specially if you do any serious work on your computer, there can be n reasons that an Antivirus can fail to detect an infection. If you like doing advanced stuff with your computer this is the thing you would definitely want to keep, even if you are not of the type you still require it if you want to get help on forums etc because it is the first thing that everyone expects you to be having.
I know the information can seem overwhelming at first but that’s the point. In fact did you know Trend Micro (of PCcillin fame) is now supporting HijackThis?
@ darkkosmos
That’s the whole point of HijackThis, it comes to the rescue when the antivirus program fails or can’t be started.
Varun, thanks for the excellent review. I had a quick look at HijackThis a while ago but didn’t realise it was so thorough. That’s definitely going to my USB drive. This also reminds me of another cool app to keep on your USB stick, check out Net Tools
Yes, Net Tools is another such amazing tool, the only issue is that its not portable. Gives amazing info about the system though
Yeah, it’s a regualr app and needs to be installed before someone can use it.
You mention forums where you can get help with your log; can you recommend some? I’ve lost my desktop icons and taskbar in windows xp (taskmanager, explorer, and dr. watson won’t work either). Hoping HiJackThis might help. Do you know how I could get it to run from a usb drive? Its an older computer-can’t boot from a usb drive. Thanks!
Try techsupportforums.com.
This looks like a problem to work with HijackThis! You don’t need to boot from the usb drive, just download HijackThis and extract and Run the executable. Thats it. If you need more help you can connect with me at varun at makeuseof dot com