Get Geeky and Fix your PC with HijackThis
Pinterest Stumbleupon Whatsapp

Get Geeky and Fix your PC with HijackThis smileyangryWhat is your nastiest experience with viruses and/or other malware? The other day just before presentations my friend came to me with his laptop and showed me the havoc that had reigned on it! He had burnt some discs for others, using data from their USB drive and in the process got infected. Now he was unable to run Powerpoint, nor was he able to scan with the anti-virus as it won’t start a scan due to the infections (see the irony). Just the splash screens and boom – nothing seemed to run.

Boot into safe mode and it got stuck again. We couldn’t just get there. Luckily I had HijackThis in my USB drive and it helped analyse the problem and eventually we cleaned it to the point that he could deliver his presentation.

The moral: No matter what security software you have, you will have to get your hands wet one day so you’d better be prepared!

So what is HijackThis? An anti-virus? Malware removal tool? Anti-spyware? Well nothing fancy, actually its a tool that gives you a log (or dump) of your system’s present state. You can then analyze it yourself or post it at a vast majority of forums that will help you with your problem. In fact a HijackThis log is the first thing they ask for when you discuss your problem on forums. Lets see how you can Make Use Of it!

HijackThis Download and Install

First off you must have HijackThis on your system. Download here and run the executable, then fire up HijackThis. You will be greeted with not much of a fancy but nevertheless a pretty powerful tool.

HijackThis Welcome

What can you do?

  • You can scan your system and save a log file.
  • Simply scan your system.
  • Undo the changes you made earlier.
  • View the running processes and perform some actions on them.
  • View the system Host file.
  • Set it up to delete locked files on next system reboot.
  • Delete services, open AdSpy and open a powerful uninstall manager.

Let us begin with a system scan and then I will tell you how to interpret the log (it’s not for the faint hearted!). Click on “Scan and save a log file” or simple “Scan”. You will see a plethora of information in a window like the following, this can seem frightening as none of this makes sense at first but lets take a closer look.

HijackThis Log

First thing to take note of is that towards the left (region 1, marked with red) you will see some codes like R1, R2, R3, O8,O9 etc. All these codes have special meanings (refer table). Towards the right (region 2, marked with green) you will see the details of the file in question.

Section Name
R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3 Auto loading programs
N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2 Browser Helper Objects
O3 Internet Explorer toolbars
O4 Auto loading programs from Registry
O5 IE Options icon not visible in Control Panel
O6 IE Options access restricted by Administrator
O7 Regedit access restricted by Administrator
O8 Extra items in the IE right-click menu
O9 Extra buttons on main IE button toolbar, or extra items in IE ‘Tools’
O10 Winsock hijacker
O11 Extra group in IE ‘Advanced Options’ window
O12 IE plugins
O13 IE Default Prefix hijack
O14 ‘Reset Web Settings’ hijack
O15 Unwanted site in Trusted Zone
O16 ActiveX Objects (aka Downloaded Program Files)
O17 Hijackers
O18 Extra protocols and protocol hijackers
O19 User style sheet hijack
O20 AppInit_DLLs Registry value Autorun
O21 ShellServiceObjectDelayLoad
O22 SharedTaskScheduler
O23 Windows XP/NT/2000 Services
O24 Windows Active Desktop Components
Table from: Bleeping Computer

Now let’s say you notice something fishy with IE or Firefox then you will see the lines marked R0, R1, R2, R3 and N1, N2, N3 and N4 and see if they contain something you don’t think is correct (like free pills!) or don’t remember installing. After confirming that, you can place a check mark on that particular entre and click “fix selected”.

You can also highlight the entry and click on “Info on selected item” to get some more information about the entry, and then you can decide if it’s indeed causing trouble. If you find yourself stuck click “analyse this” and you will be taken to a help page or alternatively you can post your log on forums and get help.

Get Geeky and Fix your PC with HijackThis info

Some quick tips

All of this information may please a geek but not all of us is one! So I present some personal quick tips from my experience with Windows and the problems it has thrown at my face:

  1. First and foremost check out the automatically starting applications (the entries marked O4) , If anything looks suspicious just Google for the file name and you will know if it’s legitimate or not. Remove it if it’s not legitimate. You can also check at Process Library or visit here and download the list for use in offline enviornments if you can’t get to the Internet.
  2. Use the Process manager from HijackThis or the Windows Task manager to view the processes currently running. Again Google the suspicious filename and end it and remove it from automatically starting by combining this and the previous point.
  3. Make sure you remove the actual file from the computer once you have verified that its harmful. (You might have to show contents of system folders and hidden files to achieve this, or better use the command line).
  4. Check out the entries with the code O23, you will have to Google most of them if you don’t know what they mean but the entries here could be potentially harmful to your system. Remove the non legitimate ones.
  5. Check out R0 – R3 and N0 – N3 if you find your browser misbehaving and redirecting somewhere else where you didn’t want to go.
  6. Boot into safe mode, turn off system restore and do a scan with your antivirus and clean the system. You can also try the latest version of Stinger to find and remove infections from an infected system.
  7. Be careful the next time. I don’t find many users doing this but please if you are using Windows XP then please create a separate limited account and do your routine work from within it. Occasionally log into the administrator account to do maintainance and software installs etc. This is very important because even if you get infected while logged in a non administrator account, the malicious files don’t have enough rights to do as much damage as they can when you are logged in as administrator.
  8. If you can’t make sense of something then visit forums and take help. After doing so once or twice you will gain confidence and will be able to make use of this wonderful tool.

HijackThis is very powerful if you just master how to read and use it. It has a built in uninstall manager to remove misbehaving application. A process manager, backup utility to backup the changes you are going to make, ability blacklist or whitelist items. I planned on giving more information on each and every type but think it will get advanced and long (it already is!) so I am having to limit this.

Do let us know if you will like some more information, or would like to know more about Hijackthis in detail? Or perhaps you know of another tool that does a better job?

(By) Varun Kashyap – A tech enthusiast, programmer and a blogger, who personally loves tools like Hijackthis. Know about such tools and more at his TechCrazy blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Gary
    June 28, 2008 at 9:19 pm

    You mention forums where you can get help with your log; can you recommend some? I've lost my desktop icons and taskbar in windows xp (taskmanager, explorer, and dr. watson won't work either). Hoping HiJackThis might help. Do you know how I could get it to run from a usb drive? Its an older computer-can't boot from a usb drive. Thanks!

    • Varun Kashyap
      June 29, 2008 at 9:48 am

      This looks like a problem to work with HijackThis! You don't need to boot from the usb drive, just download HijackThis and extract and Run the executable. Thats it. If you need more help you can connect with me at varun at makeuseof dot com

  2. Aibek
    June 27, 2008 at 1:22 am

    Varun, thanks for the excellent review. I had a quick look at HijackThis a while ago but didn't realise it was so thorough. That's definitely going to my USB drive. This also reminds me of another cool app to keep on your USB stick, check out Net Tools

    • Varun Kashyap
      June 27, 2008 at 3:22 am

      Yes, Net Tools is another such amazing tool, the only issue is that its not portable. Gives amazing info about the system though

      • Aibek
        June 27, 2008 at 5:50 am

        Yeah, it's a regualr app and needs to be installed before someone can use it.

  3. darkkosmos
    June 26, 2008 at 10:34 am

    I hope by geeky you don't mean wasting your time, just get an anti virus and you won't have to go over this and miss out the virus

    • Varun Kashyap
      June 26, 2008 at 12:27 pm

      It's cannot be taken as "wasting of time", specially if you do any serious work on your computer, there can be n reasons that an Antivirus can fail to detect an infection. If you like doing advanced stuff with your computer this is the thing you would definitely want to keep, even if you are not of the type you still require it if you want to get help on forums etc because it is the first thing that everyone expects you to be having.
      I know the information can seem overwhelming at first but that's the point. In fact did you know Trend Micro (of PCcillin fame) is now supporting HijackThis?

      • Brainiac
        June 27, 2008 at 1:15 am

        @ darkkosmos

        That's the whole point of HijackThis, it comes to the rescue when the antivirus program fails or can't be started.

    • Ajay Shankar
      March 11, 2015 at 3:59 am

      Yes. I agree with you Varun. Even though Anti-Virus tools are works perfectly, some sort of time, they will not help us to remove the virus from infected PC. However, tools like HijackThis, Process Explorer are doing great job to identify those infected files and help us to remove those infections. Hence, I like these tools pretty much :)

      @Varun, Great job.

  4. Monica
    June 26, 2008 at 10:20 am

    Will download and keep it in my USB.. I often to have face such problems in my college.. Thanks!