How To: Root Out Stubborn Malware with HijackThis

Alex Castle

Trying to fix a badly infected PC without HijackThis is sort of like going into surgery without a scalpel; it’s the only tool for the job when all other measures fail. New spyware strains and increasingly complex viruses emerge every day, and your PC’s immune system (i.e, antivirus software) isn’t always able to keep up. And if you’re performing emergency surgery on someone else’s PC, you may find that they didn’t have any AV software installed to begin with.

No matter how bad the infection, HijackThis gives you the means to dig deep into Windows to root out whatever it is that’s wreaking havoc. It’s not a cure-all, however, or even a cure-little. In fact, HijackThis doesn’t cure anything on its own. What HijackThis does do is give you a snapshot of the system’s registry and file settings, putting particular emphasis on the browser. It doesn’t discern between safe and malicious settings, so it’s possible to unintentionally inflict real harm if you don’t know what you’re doing. Follow along as we show you how to properly wield HijackThis.

1. Download and Run HijackThis

Originally developed by Dutch programmer Merijn Bellekom, HijackThis has since been sold to Trend Micro, a security firm better equipped to maintain and update the program. But don’t worry, HijackThis is still free and you can download it at http://free.antivirus.com/hijackthis/ where you’ll find both a stable and beta version. We haven’t run into much trouble using the beta, but it’s currently only available as an installer. With the stable version, you have the option of downloading just the executable and plopping it on your USB thumb drive.

Once installed, fire up the program and choose ‘Do a system scan and save a logfile.’

After you do this, you should see a bunch of seemingly obscure settings in the program’s main window, (Image 2) which will also be listed out in a separate text file generated on the fly. If the text file that appears is empty, try using the stable release instead of the beta.

2. Understand the Results

Keep in mind what we said earlier, in that HijackThis doesn’t discern between safe and malicious entries. Even on a badly infected system, many, if not most, of the settings will be legit and altering them could affect the functionality of your PC.
If you consider yourself a savvy user, you can scroll through the settings on your own and look for any suspicious or harmful settings. In some cases, this will be obvious, but not always, so you want to be sure to Google (or Bing) any entries you’re unsure about before nuking them.

3. Hop Online for a Second Opinion

No matter what your level of expertise, it never hurts to get a second opinion. One way to do this by posting your log contents on your favorite PC tech support forum. Mash the AnalyzeThis button to see a list of forums to choose from, or just hop over to Maximum PC’s board.

If you strike out on a bulletin board or need instantaneous feedback, German Website www.hijackthis.de will oblige. Just copy your entire log contents to the clipboard (right-click>select all>copy), paste it into the site’s textbox, and press the Analyze button. Within a few moments, the site will spit out the results and alert you to any potential problem areas. Anything with a green checkmark is most likely safe, while the opposite holds true for any red Xs that are displayed. You may also see orange question marks, which are unknown files or entries that require further investigation.

Rather than toss all your eggs in one basket, double-check these results by heading over to http://hjt.networktechs.com . Just like before, you’ll paste your log file’s contents and press the Parse button. All the results are color coded so you can see any potential pitfalls at a glance. Hover your mouse cursor over these to learn why they’re being flagged and what the recommended course of action is.

4.Get Offline Help with HijackReader

The problem with relying on a Website to sift through your HijackThis log is that an infected PC doesn’t always let you have access to the Internet. In some cases, you may be able to hop online, but your Web browsing attempts either gets constantly rerouted, or pages load too slow to be of any help.

In this case, arm yourself with HijackReader , another free third-party app which works in conjunction with HijackThis. There’s no installation necessary – just unzip the archive to your hard drive or portable flash drive and run HijackReader.exe. Copy the HijackThis log file to your clipboard and mash ‘Paste log,’ followed by the ‘Check!’ button.

When HijackReader finishes, it will save the results as an HTML file and prompt you to give it a name. Open this file to see the results. HijackReader tends to know less about individual entries than the online sites do, but for the ones it does recognize, it tends to be a bit more informative. No matter which method you use (or combination thereof), it’s a good idea to double-check any iffy entries with Google before you go blasting away registry and system settings.

Around the web

by CPMStar (Sponsored) Free to play

Comments