Indexes and Specialty Pages: HijackThis Information Page

The information in Virtual Grub Street's computer postings is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other freeware removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.

Intro. HijackThis is a freeware browser hijacker detector created by Merijn Bellekom. Bellekom is the creator of numerous freeware programs available on the Internet. He is best known for the tremendously popular CWShredder and HijackThis programs.

HijackThis does not detect hijackers from a definition list but rather by detecting key file and registry changes. The resulting scan log will provide information in the following categories:

R - Registry, StartPage/SearchPage changes

R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services

Considerable knowledge of computer registries, files and start-up processes is necessary in order to use this product safely. Most users consult online "HijackThis Forum Experts" for instructions as to what files/entries to delete. Misuse or uninformed use of this product can adversely effect the functional capability of the subject computer.

Versions. -- HijackThis.exe

Latest Version Covered: February 16, 2005.

File Size. HijackThis.zip: 206KB; HijackThis.exe: 213KB.

File Type. --

Most recent update. HijackThis 1.99.1: February 16, 2005.

Compatible Operating Systems: -- Windows 95/98/ME/2000/XP.

Compatible Browsers: -- Internet Explorer, Mozilla, Netscape 4.x-7.

Downloads. HijackThis can be downloaded from the following locations: