- Worldstart's Tech Tips Newsletter - http://www.worldstart.com -
Posted By On April 20, 2007 @ 2:12 PM In Security Help | Comments Disabled
Have you ever been hijacked? On the Internet, I mean!
Maybe you suddenly find that your homepage (for example, the Web site that comes up when you first open your Web browser) has been changed or you get another search box instead of Google. I’m sure other unexplained browser actions occur too, but those are just a couple examples.
So, you may not know it, but if that happens to you, you’ve probably been hijacked!
Other tips from WorldStart have explained this phenomenon in detail (see here ) and others have recommended an excellent program called HijackThis. You can read more about that here . This is the opening page you will see:
But, before we go any further, let’s take an essential step (you don’t want to miss this!) You must back up your registry. If you don’t know how to do this, read this article for clear instructions. You have to do this, because if you make any mistakes, you will be able to back track and still be okay.
So, let’s see how it works.
Fire up HijackThis and view the opening screen, which looks like this:
Make sure you click on “Do a system scan and save a logfile” first.
After awhile, HijackThis will do its business and in addition, it will load up Notepad with the system log.
Now, copy the log to your clipboard (Ctrl + A is the quickest way) and go to the Web site I gave you above. Look for the place to paste your log in (Ctrl + V or right click, Paste option).
Here is my log now pasted in on the site:
Next, hit the Parse button at the bottom and just wait. It won’t be too long until you see a screen with the result of the analysis.
The top half looks like the image below and it will give you the color code for what follows.
Again, another word of warning here: Never delete anything that you are not 100 percent certain about. Neither I, WorldStart or the recommended site will be responsible for the results of any such actions you might take. The best way to be 100 percent certain is to put the key marked as “Bad” into Google and see what the various forums advise. It’s almost certain that someone else has had the same problem and will have an answer for you.
Here is a part of the analysis from my log:
You will also see the red highlighted section, which certainly looks suspicious.
Assuming I have done my due diligence to make sure it is safe to remove this, I will go back to HijackThis (the program, not the log file) and find the entry there. I will then mark it for fixing, which will look like the image below. You can do the same.
I will then go through the whole list and do the same thing over again.
When I have finished, I’ll click the Fix checked button and presto, the problem will be fixed (hopefully!)
I’m sure you’ll agree that this is a very helpful service and best of all, it’s free. Check it out!
~ David Woodford
Article printed from Worldstart's Tech Tips Newsletter: http://www.worldstart.com
URL to article: http://www.worldstart.com/understanding-hijackthis/
URLs in this post:
 here: http://www.worldstart.com/tips/tips.php/782
 here: http://hjt.networktechs.com/