Hijack This

1) HijackThis, a.k.a HJT, is a freeware spyware-removal tool for Microsoft Windows. It generates an in depth report of registry and file settings from the computer. Quickly, it creates a list of differences from a known spyware-free environment and allows the user to decide what from the list needs to be removed.

HijackThis then can generate a plain text logfile detailing all entries it finds, and most entries can be removed or disabled by HijackThis.

The software can be downloaded from this website :

http://sourceforge.net/projects/hjt/


Figure 1.0 - HijackThis download website

2) After the software has been downloaded, install or run the application.


Figure 2.0 - HijackThis scan options

3) Select the first option, as it will scan the system and generate logs automatically in text format. You will be able to use the log file to seek professional help / MyCERT to further diagnose the system of your computer. Further snapshots show HijackThis in action and the entire process just take less than 1 minute on most computers.


Figure 3.1 - HijackThis is checking the entries in the computer


Figure 3.2 - HijackThis is generating scan log in text format (if option 1 on the scan menu was selected)


Figure 3.3 - HijackThis gives the option to user to fix the problem.

As in Figure 3.3, there is an option for the user to fix selected entry in the system. For an instance, the entry #2 is checked , and to be fixed (please refer the red dotted box). However please be noted that this is just an example to remove www.smart.com.my from being the start page in Internet Explorer and not whatsoever means that the www.smart.com.my webpage is malicious.


Figure 3.4 - HijackThis requested user confirmation to fix the entry

HijackThis will request the user to confirm whether to proceed with the fix or deletion of the entry.


Figure 3.5 - The smart.com.my is still the default webpage of Internet Explorer

As only one entry that has the details of www.smart.com.my has been deleted, the default start webpage of Internet Explorer will still refers to www.smart.com.my. Be noted that although the webpage could not be displayed, but IE tried to open the page as the default.


Figure 3.6 - To delete other entries that have the value of www.smart.com.my

The first and second entries that have the value of www.smart.com.my will be deleted to stop it from being the default start webpage upon opening the Internet Explorer. To set a new value of the default webpage of IE, user needs to set it in the Config menu.


Figure 3.7 - HijackThis configuration menu

The default start page for IE as been set in the HijackThis Config menu is www.msn.com. In this case, you may leave it as it is to test the deletion of the www.smart.com.my entry that HijackThis had found.


Figure 3.8 - HijackThis configuration menu

Upon opening Internet Explorer, the start page will open www.msn.com as been set by the HijackThis application.

4) As there are many possibilities of entries that depend on one's computer, it is quite impossible to list all of good and bad entries. Should user is not sure whether to delete or fix entry(s), please do seek for professional advice in order to avoid deleting good entry(s) that may render the computer inoperable. To seek MyCERT's advice, please attach the log file that HijackThis produced upon scanning your computer and send it to us at the email address, mycert [at] mycert.org.my.

Last update : 11 April 2008

Back