[Guide] How to USE HijackThis.

[swatkat]

What is HijackThis?

HijackThis is a tool which is normally to be used only when other tools like SpyBot SnD, AdAware etc can not find a solution to your Spyware/Adware/Malware problem.
Aumha says "Definitely not for beginners, but an awesome tool in the hands of an expert that knows his or her way around this subject".

HijackThis searches in some key areas of the System and Windows Registry and pulls out the information from it. These key areas are used by both Legitimate and Illegal software. So, if you remove all the entries that HijackThis shows, then you almost are guaranteed to perform a Format or at least a Windows Repair!

HijackThis searches and lists, Running processes, Default URLs, Search URLs of IE, IE Toolbars, WinSock Hijackers, BHOs, ActiveX components, Non-Microsoft Services and more!!!

How to install HijackThis?

Now, lets see how to install HijackThis. Remember that you should always have latest version of HijackThis.
When you download HijackThis, it normally comes in a ZIP file. Then, you have to unzip it to a correct folder.
Below listed things should be avoided:-
1] Unzipping HijackThis to Temp Folder.

2] Running HijackThis from within the compression utility like WinZip.

3] Unzipping it to Desktop.

Proper way to unzip, is to make a dedicated folder for it any of the Drives (called as Root Level) and unzipping HijackThis in that Folder.(Like C:\HijackThisFolder\hijackthis.exe)


How to USE HijackThis?

Now, when you run HijackThis, it presents an Option Screen which contains a lot of buttons for different tasks.
These are:-
1] Do a system scan and save a logfile.
2] Do a system scan only.
3] View the list of backups
4] Open Misc. Tools section
5] Open online HijackThis Quickstart
6] None of the above, just start the program.

Let's see them in detail:-
Do a system scan and save a logfile:- When you click this button, HijackThis scans the System and automatically saves the file in the name "hijackthis.log" in the same folder where HijackThis.exe is present and also opens the log file in NotePad.
Remember that NotePad is the best application to view the LogFile.
If the log file is to be pasted to some Forums, then open it in NotePad and copy-paste it.

Do a system scan only. When you click this button, HijackThis only scans the system and does not save the log file automatically. And you have to save the log file manually by clicking "Save Log" in the main window of HijackThis after the system scan.

View the list of backups:- When you do some changes/deletion to Registry using HijackThis, these Registry entries are backed up by HijackThis, so that if any thing goes wrong, these can be restored. By clicking this button, the list of backups can be viewed.

Open Misc. Tools section:- HijackThis contains some cool tools in it!
Some of the tools are:-
1] Generate Startup list:- This generates the list of programs that run at System startup. Many ways are there to run a program at System Startup, like Startup folder, Autorun entries in Registry, Attaching to Explorer Shell by using System.ini entry, Autoexec.bat etc. This tool lists all and opens up the log in NotePad.

2] Open Process Manager:- This opens up a small Process Manager in main window of HijackThis, and it lists all the running processes. It also has options to kill processes.

3] Open hosts file manager:- The Hosts file manager makes it easy to find, read, and fix the Windows hosts file, which is a custom DNS table local to your computer. The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. These Hosts file can be altered by Adwares/Spywares to redirect you to some other sites.

4] Delete NT Service:- This is a tool used to delete the Services in NT based systems like WinNT, 2000, XP, 2003. Not recommended for beginners. This is available only if you are using NT based systems like WinNT, 2000, XP, 2003.

5] Open ADS Spy..:- ADS stands for Alternate Data Streams. These are the info hidden in files as Metadata, and Explorer doesn't show these Metadata when you open the file. Hence some Spywares/Hijackers use ADS to hide their codes inside a file. This tool is used scan ADS in the System. But ADS is available only in NT based Systems.

6] Uninstall Manager:- This tool lists all the softwares listed in the Windows Add/Remove Programs. Here you can edit the uninstall command of a particular software or delete it's entry from Add/Remove program. Not recommended for beginners.


How to Fix an item in HijackThis?

For fixing bad items it’s recommended to run the System in Safe Mode.This is normally made by pressing F8 while booting and selecting “Safe Mode” from the list.

To delete Files:-
First check whether files/programs to be deleted are running in background by the Process Explorer of HijackThis. If they are running, kill them by selecting the file and clicking Kill button.
Then you have to manually delete them using the Search feature in Windows. Also delete the Folders which contain these files (Do not delete Windows default Folders).

To Fix Registry entries using HijackThis:-
Now, run HijackThis and from Option Screen, click the button Do only a system scan button. After this, Select the entries which are to be fixed and click Fix.
Then restart the System to Normal mode.

Then it’s always almost necessary to clean Temp Files, Junk Files left behind by most of the Spywares/Adwares/Malwares, so you can use two very good programs namely CleanUp! and CCleaner.


Download HijackThis here
Download CleanUp! here
Download CCleaner here

..note that this guide is aimed at helping people to USE HijackThis, and not to interpret it.....

[enoonmai]

Great work as usual, buddy. Thumbs up! Extremely informative, and very comprehensive. Now just one question, though, are you gonna fish for them or are you gonna teach them to fish?

[theraven]

nice work swat
i was gonna start work on HJT interpretation .
i was disappointed for a bit
but coming from you buddy its always quality so i aint worried
anyways nice work there man ! now we can direct members here when they ask what is hijack this !

[digen]

Nice job swat.Sticky please !!

[drgrudge]

Good work, swaT!

Remember i asked u the same in yahoo, now it's done.

[shwetanshu]

gr8 work swatkat

[godsownman]

Thanks for answering my question

Regards