Diagnostic Tools: HijackThis!
Last time I covered Fport. This time I will cover another useful tool for finding spyware, adware and other malware programs running on your system via one of the registry keys which ensures that the ’scumware’ is running whenever it wants to; such as at system startup or when a specific application is launched.
To try and assist in this situation I will cover one of the ‘tools-of-the-trade’ that can be used to list registry keys and related launch points that are being used by the ’scumware’ when it gets on to your system.
Introduction:
HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents and provides the ability to remove any unwanted stuff.. These areas are used by both legitimate applications and hijackers.
Installation:
Download the HijackThis zip file to your computer and unzip it. I would recommend first creating a folder named ‘HijackThis’ for it located someplace easy to find like ‘My Documents’ and place the file into the same folder.
Now to make opening the program simple create a shortcut to the desktop. This is done easiest by right clicking on the HijackThis exe file, scroll down to ‘Send To’, and scroll across to ‘Desktop (create shortcut’) and click it.
Usage:
Now open the program and click ‘Scan’. When the scan is done click ‘Save log’ and save the log file to the same folder HijackThis is in. Please do not check or fix anything.
Open the log file. Double-clicking on the file should open the log file with notepad or similar text editor. If asked to choose a program to open it with select Notepad. Using Notepad click ‘Edit’, scroll down to ‘Select All’ to highlight all the text in the file. Click ‘Edit’, scroll down to ‘Copy’ and click.
So, what does it look like? Like this [this list of programs, BHOs, etc. will not in most cases be the same as the ones shown in this screenshot]:
HijackThis can also be used to remove scumware.
The beauty of HijackThis is that it is useable by most non-technical users, it is small and currently is not being defeated/manipulated by malware, unlike a number of other system diagnostic tools. So, if you think you are infected and have tried all the usual things to track down the rogue application, then give HijackThis a go. What have you got to lose, apart from the scumware?
If you don’t understand the output then feel free to send it to me for analysis. I can’t promise to solve the problem or deal with it immediately, but I will see what I can do.
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
