Monday, November 14, 2005

HijackThis Information Page

The information in Virtual Grub Street's computer postings is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other freeware removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.



*


Intro. HijackThis is a freeware browser hijacker detector created by Merijn Bellekom. Bellekom is the creator of numerous freeware programs available on the Internet. He is best known for the tremendously popular CWShredder and HijackThis programs.

HijackThis does not detect hijackers from a definition list but rather by detecting key file and registry changes. The resulting scan log will provide information in the following categories:

R - Registry, StartPage/SearchPage changes
  • R0 - Changed registry value
  • R1 - Created registry value
  • R2 - Created registry key
  • R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

  • F0 - Changed inifile value
  • F1 - Created inifile value
  • F2 - Changed inifile value, mapped to Registry
  • F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

  • N1 - Change in prefs.js of Netscape 4.x
  • N2 - Change in prefs.js of Netscape 6
  • N3 - Change in prefs.js of Netscape 7
  • N4 - Change in prefs.js of Mozilla



O - Other, several sections which represent:

  • O1 - Hijack of auto.search.msn.com with Hosts file
  • O2 - Enumeration of existing MSIE BHO's
  • O3 - Enumeration of existing MSIE toolbars
  • O4 - Enumeration of suspicious autoloading Registry entries
  • O5 - Blocking of loading Internet Options in Control Panel
  • O6 - Disabling of 'Internet Options' Main tab with Policies
  • O7 - Disabling of Regedit with Policies
  • O8 - Extra MSIE context menu items
  • O9 - Extra 'Tools' menuitems and buttons
  • O10 - Breaking of Internet access by New.Net or WebHancer
  • O11 - Extra options in MSIE 'Advanced' settings tab
  • O12 - MSIE plugins for file extensions or MIME types
  • O13 - Hijack of default URL prefixes
  • O14 - Changing of IERESET.INF
  • O15 - Trusted Zone Autoadd
  • O16 - Download Program Files item
  • O17 - Domain hijack
  • O18 - Enumeration of existing protocols and filters
  • O19 - User stylesheet hijack
  • O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
  • O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
  • O22 - SharedTaskScheduler autorun Registry key
  • O23 - Enumeration of NT Services

Considerable knowledge of computer registries, files and start-up processes is necessary in order to use this product safely. Most users consult online "HijackThis Forum Experts" for instructions as to what files/entries to delete. Misuse or uninformed use of this product can adversely effect the functional capability of the subject computer.

Versions. -- HijackThis.exe

Latest Version Covered: February 16, 2005.

File Size. HijackThis.zip: 206KB; HijackThis.exe: 213KB.

File Type. --

Most recent update. HijackThis 1.99.1: February 16, 2005.

Compatible Operating Systems: -- Windows 95/98/ME/2000/XP.

Compatible Browsers: -- Internet Explorer, Mozilla, Netscape 4.x-7.



Downloads. HijackThis can be downloaded from the following locations:

Direct downloads are available as follows:

A HijackThis tutorial is available at Spyware Info.

Other VGS Freeware/Trialware Information Pages:

1 comment:

Anonymous said...

Hello,

I (student) am posting to inform you that your blog is very informative.. I will continue to visIT this blog regularly..

Regards,
cleaner spyware