Get Geeky and Fix your PC with HijackThis

James Frew 29-11-2017

Browsing the modern internet is an exercise in avoiding the scams, viruses, and malware that lurk around every corner. It’s sadly no longer the case that only visiting reputable websites can keep you safe either. That doesn’t mean that your favorite music streaming site Use Spotify? You May Have Been Infected With Malware Spotify is one of the best streaming music services available right now. Unfortunately, it's also been serving up malware to some of its users. Read More is necessarily malicious though. Instead, many websites, downloads, and emails are compromised and loaded with malicious intent Which Websites Are Most Likely to Infect You with Malware? You might think that porn sites, the Dark web or other unsavory websites are the most likely places for your computer to be infected with malware. But you would be wrong. Read More .


While malware sometimes leaves less-than-subtle hints about its existence, that isn’t always the case. Often you just get a sense that something isn’t right. Maybe it’s a missing file, or unexplained network activity. However, you’ve checked all the obvious hiding places, so where do you turn next? Fortunately, a popular malware scanning tool known as HijackThis might come to the rescue.

Hijack What?

HijackThis has been around since the turn of the millennium, originally created by Merijn Bellekom as proprietary software. HijackThis (HJT) is a scanning tool that is often used to locate malware and adware installed on your computer. Its intended purpose is not to remove the malware, but to help you diagnose any infections. In 2007 it was sold to the security software company Trend Micro after amassing over 10 million downloads. When a large company buys a small, independently developed application, that often signals its demise Microsoft To-Do vs. Wunderlist: Everything You Need to Know Microsoft To-Do will replace Wunderlist in the coming months. Learn about To-Do's best features, what's still missing, and how you can migrate from Wunderlist to To-Do. Read More .

Get Geeky and Fix your PC with HijackThis Hijack This Screenshot 1

However, Trend Micro bucked this trend by releasing HijackThis on SourceForge as an open source project. Trend Micro said at the time that they were committed to developing HJT. However, not long after the decision was taken to open source HTJ, development was stalled at version 2.0.5. One of the benefits of open source software Open Source vs. Free Software: What's the Difference and Why Does It Matter? Many assume "open source" and "free software" mean the same thing but that's not true. It's in your best interest to know what the differences are. Read More is that anyone is able to view or edit the source code. Fortunately, in the case of HJT another developer picked up the mantle left by Trend Micro and has been busy maintaining a fork Open Source Software and Forking: The Good, The Great and The Ugly Sometimes, the end-user benefits greatly from forks. Sometimes, the fork is done under a shroud of anger, hatred and animosity. Let's look at some examples. Read More of the original project — HijackThis Fork V3.


While two versions of HJT now exist — the Trend Micro edition at version 2.0.5 and the fork currently at 2.6.4 — both have kept the original scan feature largely unchanged since its mid-2000s heyday.


The Scan

Most malware makes changes to your operating system, whether by editing the registry, installing additional software, or changing settings in your browser. These symptoms may not always be obvious, and that may be intentional so that the malware isn’t easily discovered. HJT scans through your computer, the registry, and other common software settings and lists what it finds. Windows has built-in utilities, but HJT brings all the common malware hiding places together in one list.

Get Geeky and Fix your PC with HijackThis Hijack This Screenshot 3

However, the tool makes no judgement on what it finds, unlike other mainstream antivirus software The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More . This means that it isn’t subject to regular security definition updates, but also means that it can be potentially dangerous. Many of the areas HJT scans are critical to the proper function of your PC, and removing them may be catastrophic. It’s for this reason that the common guidance when using HJT is to run the scan, generate a logfile, and post it online for others to glance over and help you understand the results.


HJT scans across a number of areas that malware typically attacks. So that you can easily identify the results by scan area, the results are grouped into several categories. There are broadly four categories; R, F, N, O.

  • R – Internet Explorer Search and Start pages
  • F – Autoloading programs
  • N – Netscape Navigator & Mozilla Firefox Search and Start pages
  • O – Windows operating system components

F relates to autoloading malware which can be difficult to diagnose as these programs often try to disable your access to Windows utilities like Task Manager. Malware, and in particular adware, has a tendency to hide within the browser How to Easily Remove A Browser Redirect Virus You ran a search in Google, but somehow, for some reason, you didn't get the result you wanted after clicking a link. You're got a redirect virus; here's how to get rid of it. Read More in the form of search engine redirects or home page changes. The HJT results can help you identify if anything malicious is concealed inside your browser. Chrome is notably absent from the list, which may limit its usefulness to any users of Google’s immensely popular browser. The N category denotes items related to Netscape Navigator, the popular 90s browser which was discontinued in 2008. Although it includes items related to Firefox, it’s an indication of how little development has been committed to HijackThis in recent years.

The Log File

One of the most important outputs of the scan is the log file. This includes a list of everything that HJT found. You can then post the contents of the log file to a security forum for others to help diagnose your issue. The original developer used to maintain a website dedicated to the analysis of these log files. However, when Trend Micro made the switch to open source, the website was closed.

Get Geeky and Fix your PC with HijackThis Hijack This Screenshot 6

But that doesn’t mean that you are out of options. Security forums are still a hive of activity Listen to the Experts: The 7 Best Security Forums Online If you need security advice, and you can't find the answers you need here at MakeUseOf, we recommend checking these leading online forums. Read More with many members willing to lend their expertise to those in need. Be cautious on these sites though — while the majority of users will be entirely trustworthy, there is always a minority who may act with malicious intent. If you are in any doubt, wait for the consensus of other members. Also remember to never disclose any personal or sensitive information, including passwords or other login credentials.


Manual Analysis & Performing Fixes

If you feel confident in your knowledge of the registry How Not to Accidentally Mess Up the Windows Registry Working with the Windows registry? Take note of these tips, and you'll be much less likely to do lasting damage to your PC. Read More and other Windows components, then you may want to skip the group analysis and attempt a fix on your own. While limited, HJT does give you some guidance when performing your own analysis. Selecting an entry in the results list and clicking Info on selected item from the Scan & fix stuff menu opens a dialogue with background information on the result.

Get Geeky and Fix your PC with HijackThis Hijack This Screenshot 9

It’s important to remember that this guidance is only for the result category, not the item itself. For example, the guidance for a result with the category R0 is “a Registry value that has been changed from the default, resulting in a changed IE Search Page, Start Page, Search Bar Page or Search Assistant.” Once you have identified any suspicious entries you wish to change, select the check boxes and click Fix selected to remove all checked entries.

HijackThis — The Fork

Open source software has a lot of benefits, not least of which is the ability for development to continue long after the original project has disbanded. Thanks to Trend Micro’s decision to open source HijackThis, developer Stanislav Polshyn has continued where Trend Micro left off. This forked version of HJT moves from Trend Micro’s version 2.0.5 to 2.6.4. Somewhat confusingly the developer refers to the latest edition as version 3.


Get Geeky and Fix your PC with HijackThis Hijack This Fork Screenshot 1

Version 3 adds support for modern operating systems like Windows 8 and 10, and an improved interface. The scan has been improved too with the updated hijacking detection. Although the primary function of HJT is the scan and its resulting log file, it also includes a Process Manager, Uninstaller, and Hosts file manager. The forked edition expands on these features with the addition of StartupList, a Digital Signature Checker, and a Registry Key Unlocker.

Get Geeky and Fix your PC with HijackThis Hijack This Fork Screenshot 3

Given the nature of the software, it’s always best to be cautious when downloading from a third party. The HJT fork hasn’t received much coverage which may make you question its reptuation. However, that might be a reflection on how the market for functionally simplistic but advanced tools like these has changed. It’s worth keeping in mind that for the most part, the fork brings only incremental improvements to the Trend Micro scan. If you would rather stick to the older mainstream release, then version 2.0.5 should be more than adequate.

Approach With Caution

Unless you are confident in registry management, then you should not apply any fixes before taking advice. HJT doesn’t make any judgement on the safety of any entry — it only scans to see what is there, legitimate or otherwise. The registry contains all the important elements of your operating system, and without them your computer may refuse to operate correctly.

Even if you feel that you can confidently navigate your way around the registry, you should approach any fixes with caution. Before applying fixes, make sure that you have backed up the registry within HJT. The next step is to also complete a full computer backup The Windows Backup and Restore Guide Disasters happen. Unless you're willing to lose your data, you need a good Windows backup routine. We'll show you how to prepare backups and restore them. Read More to restore from should something go awry.

Ready To Reclaim Your Computer?

HijackThis rose to fame in the early years of the internet, before Google had even been born. It’s simplicity meant that it became the tool of choice for anyone aiming to diagnose malware infections. However, its acquisition by Trend Micro, the switch to open source, and the newly maintained fork have slowed development to a crawl. You may be left wondering why you’d use HJT over other notable names Easily Remove Aggressive Malware With These 7 Tools Typical free anti-virus suites will only be able to get you so far when it comes to exposing and deleting malware. These seven utilities will weed out and remove malicious software for you. Read More .

HJT may not be the kind of sleek, modern app that we are used in the age of the smartphone. However, its longevity is evidence of its usefulness. With Trend Micro opting to make HJT open source, you always have a freely available tool for situations where nothing else will do.

What do you make of HijackThis? What’s your worst malware scare story? How did you get rid of it? Let us know in the comments!

Image Credit:

Related topics: Anti-Malware, Portable App, USB Drive.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Gary
    June 28, 2008 at 9:19 pm

    You mention forums where you can get help with your log; can you recommend some? I've lost my desktop icons and taskbar in windows xp (taskmanager, explorer, and dr. watson won't work either). Hoping HiJackThis might help. Do you know how I could get it to run from a usb drive? Its an older computer-can't boot from a usb drive. Thanks!

    • Varun Kashyap
      June 29, 2008 at 9:48 am

      This looks like a problem to work with HijackThis! You don't need to boot from the usb drive, just download HijackThis and extract and Run the executable. Thats it. If you need more help you can connect with me at varun at makeuseof dot com

  2. Aibek
    June 27, 2008 at 1:22 am

    Varun, thanks for the excellent review. I had a quick look at HijackThis a while ago but didn't realise it was so thorough. That's definitely going to my USB drive. This also reminds me of another cool app to keep on your USB stick, check out Net Tools.

    • Varun Kashyap
      June 27, 2008 at 3:22 am

      Yes, Net Tools is another such amazing tool, the only issue is that its not portable. Gives amazing info about the system though

      • Aibek
        June 27, 2008 at 5:50 am

        Yeah, it's a regualr app and needs to be installed before someone can use it.

  3. darkkosmos
    June 26, 2008 at 10:34 am

    I hope by geeky you don't mean wasting your time, just get an anti virus and you won't have to go over this and miss out the virus

    • Varun Kashyap
      June 26, 2008 at 12:27 pm

      It's cannot be taken as "wasting of time", specially if you do any serious work on your computer, there can be n reasons that an Antivirus can fail to detect an infection. If you like doing advanced stuff with your computer this is the thing you would definitely want to keep, even if you are not of the type you still require it if you want to get help on forums etc because it is the first thing that everyone expects you to be having.
      I know the information can seem overwhelming at first but that's the point. In fact did you know Trend Micro (of PCcillin fame) is now supporting HijackThis?

      • Brainiac
        June 27, 2008 at 1:15 am

        @ darkkosmos

        That's the whole point of HijackThis, it comes to the rescue when the antivirus program fails or can't be started.

    • Ajay Shankar
      March 11, 2015 at 3:59 am

      Yes. I agree with you Varun. Even though Anti-Virus tools are works perfectly, some sort of time, they will not help us to remove the virus from infected PC. However, tools like HijackThis, Process Explorer are doing great job to identify those infected files and help us to remove those infections. Hence, I like these tools pretty much :)

      @Varun, Great job.

  4. Monica
    June 26, 2008 at 10:20 am

    Will download and keep it in my USB.. I often to have face such problems in my college.. Thanks!