Print
No matter what your level of expertise, it never hurts to get a second opinion. One way to do this by posting your log contents on your favorite PC tech support forum. Mash the AnalyzeThis button to see a list of forums to choose from, or just hop over to Maximum PC’s board.
If you strike out on a bulletin board or need instantaneous feedback, German Website www.hijackthis.de will oblige. Just copy your entire log contents to the clipboard (right-click>select all>copy), paste it into the site’s textbox, and press the Analyze button. Within a few moments, the site will spit out the results and alert you to any potential problem areas. Anything with a green checkmark is most likely safe, while the opposite holds true for any red Xs that are displayed. You may also see orange question marks, which are unknown files or entries that require further investigation.
Rather than toss all your eggs in one basket, double-check these results by heading over to http://hjt.networktechs.com. Just like before, you’ll paste your log file’s contents and press the Parse button. All the results are color coded so you can see any potential pitfalls at a glance. Hover your mouse cursor over these to learn why they’re being flagged and what the recommended course of action is.
The problem with relying on a Website to sift through your HijackThis log is that an infected PC doesn’t always let you have access to the Internet. In some cases, you may be able to hop online, but your Web browsing attempts either gets constantly rerouted, or pages load too slow to be of any help.
In this case, arm yourself with HijackReader , another free third-party app which works in conjunction with HijackThis. There’s no installation necessary – just unzip the archive to your hard drive or portable flash drive and run HijackReader.exe. Copy the HijackThis log file to your clipboard and mash ‘Paste log,’ followed by the ‘Check!’ button.
When HijackReader finishes, it will save the results as an HTML file and prompt you to give it a name. Open this file to see the results. HijackReader tends to know less about individual entries than the online sites do, but for the ones it does recognize, it tends to be a bit more informative. No matter which method you use (or combination thereof), it’s a good idea to double-check any iffy entries with Google before you go blasting away registry and system settings.
Comments are closed on this article
alienplayer
March 20, 2010 at 9:51am
I used HijackThis a year back to root out a spyware that was pretending to be an antivirus. The main part of the spyware was a BHO service which pretended to be a legit browser helper. I then used another program to restore the setting the spyware had changed.
This is a great tool for any user. It gives the information you need to manually fix the problem.
Nyarlathotep
March 08, 2010 at 5:00pm
I'll have to add Hijack This to my emergency thumb drive. I think it's odd that just about everyone I know with a computer has come to me with virus problems in just the last two weeks. I have helped most of them now and I must say they have been some of the nastiest virus's to remove. One in particular rerouted all internet traffic to an "internet security" site, disabled the task manager, disabled system restore, created and automatically logged into a user account labeled administrator to hadicap removal attempts, and spammed the desktop with Windows look-a-like security alert popups. I did manage to clean it out and get them running again but I was scratching my head for a while. The users have been running the computer for about six years with no upkeep so I made a few recomendations... One was to format and reinstall Windows, to which they replied "You can do that?"
"Sheesh, It's just one man's opinion..." -Me
pastorbob
March 12, 2010 at 9:32am
I've had two very similar experiences over the last couple of weeks. One system had 8 diiferent malware programs and another had 14. Threat level for all 22 was High or Severe. In one case the user had Trend-Micro Antivirus installed but it had been disabled by one of the trojans. In the other the user had been psyched by fake scan software which he downloaded and it hijacked his system.
But I was able to clean up both systems though it didd take a couple of days each. Just getting them to the point where I could download and use ANY tool was the hardest part of the task. Hijackthis has been around for many years and is invaluable for cleaning infected systems.
What is more frustrating are the people who download every bell and whistle they see on the Internet and they only have 512 meg of RAM. My advice to them after I have restored their systems to usable status is - a. add RAM and b. Anything you can do with the bells and whistles can be done with stock Windows and IE 8 or Firefox. Learn how to use your system and the readily available tools!
Nyarlathotep
March 12, 2010 at 11:37am
Whenever I work on someones computer I always look at how much ram they have and what programs are loading at startup. I then try to explain to the user the difference between RAM and hard drive storage. In so many cases the user has a comp with barely enough RAM to support the OS let alone all of the crapware that vendors set to load at startup. I always make an effort to look at every process running and disable the ones that really aren't necessary. Most inexperienced users don't comprehend what I am explaining to them but in most cases they do feel the difference in startup time and overall resposiveness after the changes. So many times it's the bloated security suites made by the biggest two commercial companies out there that bring a system with too little RAM and a low end processor to it's knee's. The fact thet they are often paying a yearly subscription fee to make their system almost unusable makes me sad, especially since I'm there because they are infected...
"Sheesh, It's just one man's opinion..." -Me
tri8gman
March 03, 2010 at 8:41pm
I've become very dependant on my flash drive installation of Ubuntu for malware fighting (or almost any troubleshooting)
I have a 16GB Kingston drive that I've partitioned into 11GB NTFS, 4GB Ext4, and 1GB Swap.
The NTFS partition is the largest so I can still use it regularly (with large file support) and it's the FIRST partition because Windows systems refuse to mount anything but the first partition on a flash drive. This allows me to exchange things like a raw hardware list from Ubuntu with Windows as well as store Windows applications and other Windows-centric things.
I then have Ubuntu (with the splash screen turned off) installed on the 4GB Ext4 partition, and I keep nothing but the basics on there (1.6GB is free for browsing and extra packages I may become interested in)
YES, there is a debate about swap on flash, but I need every bit of performance I can get, and the drive is still kicking after a year, so I'm fine with this. I keep nothing I don't have a backup of on the drive for the day it does finally stop.
No, I don't scan with ClamAV, I go to the most likely places viruses hang out (AppData, Temp, Windows, etc.). After eliminating the EXE(s) I can then boot and go about a normal cleanup.
chenyx75
March 02, 2010 at 7:02pm
sometimes I encountered the students' laptops were infected by some viruses, and I used safe mode and when I tried to install Malwarebytes and execution file access being denied. How to install HijackThis in such case.
Nyarlathotep
March 08, 2010 at 5:03pm
I recently tried to install Malwarebytes on a computer in safe mode too and it wouldn't. I just assumed the virus was blocking it but maybe it's safe mode that won't allow it to run.
"Sheesh, It's just one man's opinion..." -Me
MRR045
March 02, 2010 at 4:12pm
One thing that still baffles me is why NO ONE every mentions one of the easiest ways to avoid infections in the first place. Can you guess? No... I am not talking about using a MAC or Linux ... their day is coming... what I am talking about is surfing the Internet under a user profile instead of an administrator profile. You will cut the chances of infections down immensely if you will just do that one thing! Try it... you will spend less time scanning your PC...
MRR
pastorbob
March 12, 2010 at 9:39am
I have used Administrator mode since it first came into existence. And I have never had a malware infection. Period. Perhaps people just need ot be more aware of what the heck they are doing while surfing the Internet. That and keep their systems updated with the latest patches and virus definitions.
Nyarlathotep
March 08, 2010 at 5:08pm
I have always wondered why MS or OEM's don't automate setting up a non administrator account for less experienced users. I assume it's because of the large amount of service calls it would generate.
I forgot my password...
I get "access denied" when I try to install my software...
and so on....
Then again, I guess there was UAC in Vista...
"Sheesh, It's just one man's opinion..." -Me
Keith E. Whisman
March 02, 2010 at 9:13am
I still remember playing with Dos 3 and Windows 1 then I went to Windows 3 and then Win95 and then Win98 and then I played with WinME and WinXpee and then I played with Win Vista and now Seven. And all the dos from IBM Dos to PC Dos through Dos 622 and Dos 7 in WinXP.
Keith E. Whisman
March 02, 2010 at 8:01am
I have had excellent success with Windows System Restore. After restoring to a time before the infection I've just deleted the newer dates. I've been cursed in the forums for this but it freaking works. No body thinks it works but it does. I've been unable to locate viruses and malware after doing restores and the restores and returned complete functionality. Now I know I'm going to get ridicule so I'll start off with fuck you to you because It's worked for me. So don't call me a liar pretty much to my face when I know it has worked for me alot. It's only failed to work for me once or twice and those times were because I changed a critical system file too much but then again that was in win95 and win98.
tri8gman
March 03, 2010 at 8:20pm
Well System Restore only works if the malware didn't disable System Restore, along with other extenuating circumstances.
The thing about System Restore the way most people use it is they don't actually get rid of the infections afterward. This is probably the source of the ridicule - System Restore is a bandaid if you don't take the finishing touches after, as you apparently do.
I tend to get machines that have the virus actually set several restoration dates back, and depending on the retention settings may cause it to be useless.
compnovo
March 02, 2010 at 8:52am
It's only failed to work for me once or twice and those times were because I changed a critical system file too much but then again that was in win95 and win98.
I too am a fan of Windows System Restore. However, Win95 and 98 didn't have it, the tool was introduced with WinMe.
Keith E. Whisman
March 02, 2010 at 9:08am
I couldn't remember which windows I had those problems with. I do get mad bringing it up because in the forums I was pretty much called a liar and laughed out of there by moderators. The MPC moderators went out of their way to belittle me for suggesting it and called me a liar when I mentioned my successes. And come to think about it I think it was winme and WinXPee.
I think I installed incompatible software in Windows and changed some files that System restore couldn't change or it was software that was broken full of bugs. This was about ten years ago. LOL... 2000 and 2001.
I had WinME promotional upgrade that cost $50bucks at Fry's Electronics back when WinME was first released back in 2000 and WinXPee Home edition I purchased a year later in 2001. What a bad year.
compnovo
March 02, 2010 at 10:37am
My experience using system restore to fix a malware problem has been mixed; its success is dependent on what type of infection you're experiencing. I've had the best results using system restore in Safe Mode, but I've also worked on friend's PCs that were so hosed nothing but a reformat would make the problem go away. For instance, there was an infection a couple of years ago that disguised itself as an egreeting card from a legitimate site that completely fubarred any computer from which the link was clicked.
NicciAdonai
March 02, 2010 at 1:14pm
I like System Restore when it works, but sometimes it just fails to restore at all, let alone fix the problem. My experience has probably been about 50/50, maybe due to the fact that the situation is fairly bad by the time someone calls me to fix their PC.
Keith E. Whisman
March 02, 2010 at 7:50am
It's always a good idea to do the three finger salute (control, Alt and Delete) and start up task manager and get to know all the files that are running and also take a look at the services and get used to what's in there as well. I have a look in my task manager every other day and investigate when I find something different. Just a glance every other day and you'll notice when something is different. Now after being acquainted with things differences will seem to stand out. Highjack this will produce a list that looks really familiar you'll be able to pick out offenders and do google searches on them and you'll usually be right. You just have to be inquisitive. Get your hands dirty and I recommend everyone that cares about their computers to just take 5minutes out a couple times a week to get acquainted with their services and programs and files running in the taskmanager. It'll make you smarter and much more nerdy.
tri8gman
March 03, 2010 at 8:25pm
Most people (unfortunately and without knowing the difference) run their Windows machines as administrators, and plenty of malware modifies the registry to block task manager.
Personally, I prefer ProcessExplorer or ProcessHacker because they include loads more information.
Task Manager can also be induced via right-clicking the taskbar or ran from the Run command or Searchbox in the Start Menu, but again only if you're "allowed."
Then you have those nasty apps that "wrist slap" (close immediately at launch) your infection fighting apps when you try to run them.
ErikTheGreat
March 02, 2010 at 5:36am
This kind of stuff is great, keeps me payin' for the dead tree version.
PhoneyVirus
March 02, 2010 at 12:52am
Nice thanks for the fast Tips but wouldn't be without any AV or some kind of Malware remover, don't kill to scan Thanks for the How-to. Good Work
QuakindudeMod
March 01, 2010 at 7:33pm
Wow. Even an old dog can learn new tricks!
The value of this program is that you should get an exact name of the infection. Why go installing all these different antivirus programs, which may cause even further damage, if it's a root kit? Or a specific and ugly piece of malware that requires a very specific program written only for it?
Many of the viruses and malware self running pieces of code that's popping up out there will simply disable any antivirus program you install. Hell, you may have to rename HijackThis to Mommy.exe or urscrewed.exe just to get it run because some of these pieces of specifically coded software are so insistent and nasty. Try doing that with pandascan.exe!!
The point being, in today's computing environment, you really need to identify the infection before you start randomly installing software. You end up spending less time by knowing exactly what you're dealing with in the first place and any professional virus/malware remover will tell you to begin by identifiying the problem FIRST. Then installing specific programs to deal with it. You just don't see the Pro's going about willy nilly installing things without knowing what they're dealing with before the first rectifying program is ever installed.
*****MaximumPC Moderator. Report inappropriate/SPAM comments to
QuakindudeMod at Gmail--dot--com with a link. My personal comments do not necessarily
reflect the opinions of MaxPC or Future US*****
grandsire2001
March 01, 2010 at 7:24pm
I agree, if the PC is completely infected just nuke the drive and reload a clean image.
Havok
March 02, 2010 at 11:41am
"...no matter how good a personal system administrator you are, there’s a
time to take your OS install out behind the shed and put two in its
head."
CLICK.
JimmyJimJames
March 01, 2010 at 6:59pm
I would never trust my system after an infection. I guess this tool might get things running just long enough to make sure data is backed up before I nuke the drive.
