Tip #3672 - Understanding HijackThis
Printer Friendly Version | E-Mail This Tip
Understanding
HijackThis
Have you ever been
hijacked? On the Internet, I mean!
Maybe you suddenly
find that your homepage (for example, the Web site that comes up when
you first open your Web browser) has been changed or you get another search
box instead of Google. I'm sure other unexplained browser actions occur
too, but those are just a couple examples.
So, you may not know
it, but if that happens to you, you’ve probably been hijacked!
Other tips from WorldStart
have explained this phenomenon in detail (see here)
and others have recommended an excellent program called HijackThis.
You can read more about that here.
So, I would suggest that you read these first before you continue on with
this tip.
Even once you become
familiar with HijackThis, the problem of "how do I interpret the
results from my HijackThis log"? may still remain. Unless you are
a "computer geek," it can be difficult making sense of all the
information you are given.
The recommended way
though is to take a copy of the log produced by HijackThis and post it
on a forum. Then wait for the suggestions to come in. You can then take
the recommended action, repost the log and even go back and forth a few
times until the problem is cleared up. There's absolutely nothing wrong
with that.
But, if you are anything
like me, when you see a problem, you want to solve it right away and you
can't wait the few days it takes for the above procedures.
So, to help us, there
is a recommended site that will give you an instant interpretation of
your logs, together with a recommended action. You can find that here.
This is the opening page you will see:
But, before we go
any further, let’s take an essential step (you don’t want
to miss this!) You must back up your registry. If you don’t know
how to do this, read this article
for clear instructions. You have to do this, because if you make any mistakes,
you will be able to back track and still be okay.
So, let’s see
how it works.
Fire up HijackThis
and view the opening screen, which looks like this:
Make sure you click
on "Do a system scan and save a logfile" first.
After awhile, HijackThis
will do its business and in addition, it will load up Notepad with the
system log.
Now, copy the log
to your clipboard (Ctrl + A is the quickest way) and
go to the Web site I gave you above. Look for the place to paste your
log in (Ctrl + V or right click, Paste
option).
Here is my log now
pasted in on the site:
Next, hit the Parse
button at the bottom and just wait. It won't be too long until you see
a screen with the result of the analysis.
The top half looks
like the image below and it will give you the color code for what follows.
Again, another word
of warning here: Never delete anything that you are not
100 percent certain about. Neither I, WorldStart or the recommended site
will be responsible for the results of any such actions you might take.
The best way to be 100 percent certain is to put the key marked as “Bad”
into Google and see what the various forums advise. It's almost certain
that someone else has had the same problem and will have an answer for
you.
Here is a part of
the analysis from my log:
You will also see
the red highlighted section, which certainly looks suspicious.
Assuming I have done
my due diligence to make sure it is safe to remove this, I will go back
to HijackThis (the program, not the log file) and find the entry there.
I will then mark it for fixing, which will look like the image below.
You can do the same.
I will then go through
the whole list and do the same thing over again.
When I have finished,
I’ll click the Fix checked button and presto, the
problem will be fixed (hopefully!)
I’m sure you’ll
agree that this is a very helpful service and best of all, it’s
free. Check it out!
~ David Woodford
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
