- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

Understanding HijackThis

Understanding HijackThis

Have you ever been hijacked? On the Internet, I mean!

Maybe you suddenly find that your homepage (for example, the Web site that comes up when you first open your Web browser) has been changed or you get another search box instead of Google. I’m sure other unexplained browser actions occur too, but those are just a couple examples.

So, you may not know it, but if that happens to you, you’ve probably been hijacked!

Other tips from WorldStart have explained this phenomenon in detail (see here [1]) and others have recommended an excellent program called HijackThis. You can read more about that here. So, I would suggest that you read these first before you continue on with this tip.

Even once you become familiar with HijackThis, the problem of “how do I interpret the results from my HijackThis log”? may still remain. Unless you are a “computer geek,” it can be difficult making sense of all the information you are given.

The recommended way though is to take a copy of the log produced by HijackThis and post it on a forum. Then wait for the suggestions to come in. You can then take the recommended action, repost the log and even go back and forth a few times until the problem is cleared up. There’s absolutely nothing wrong with that.

But, if you are anything like me, when you see a problem, you want to solve it right away and you can’t wait the few days it takes for the above procedures.

So, to help us, there is a recommended site that will give you an instant interpretation of your logs, together with a recommended action. You can find that here [2]. This is the opening page you will see:

But, before we go any further, let’s take an essential step (you don’t want to miss this!) You must back up your registry. If you don’t know how to do this, read this article for clear instructions. You have to do this, because if you make any mistakes, you will be able to back track and still be okay.

So, let’s see how it works.

Fire up HijackThis and view the opening screen, which looks like this:

Make sure you click on “Do a system scan and save a logfile” first.

After awhile, HijackThis will do its business and in addition, it will load up Notepad with the system log.

Now, copy the log to your clipboard (Ctrl + A is the quickest way) and go to the Web site I gave you above. Look for the place to paste your log in (Ctrl + V or right click, Paste option).

Here is my log now pasted in on the site:

Next, hit the Parse button at the bottom and just wait. It won’t be too long until you see a screen with the result of the analysis.

The top half looks like the image below and it will give you the color code for what follows.

Again, another word of warning here: Never delete anything that you are not 100 percent certain about. Neither I, WorldStart or the recommended site will be responsible for the results of any such actions you might take. The best way to be 100 percent certain is to put the key marked as “Bad” into Google and see what the various forums advise. It’s almost certain that someone else has had the same problem and will have an answer for you.

Here is a part of the analysis from my log:

You will also see the red highlighted section, which certainly looks suspicious.

Assuming I have done my due diligence to make sure it is safe to remove this, I will go back to HijackThis (the program, not the log file) and find the entry there. I will then mark it for fixing, which will look like the image below. You can do the same.

I will then go through the whole list and do the same thing over again.

When I have finished, I’ll click the Fix checked button and presto, the problem will be fixed (hopefully!)

I’m sure you’ll agree that this is a very helpful service and best of all, it’s free. Check it out!

~ David Woodford