This || That SHiT

Mr.Normal Guy writing things that seems abnormal. In street words 'Oh Shit' things

July 24, 2006

How to use Hijackthis Tutorial

Download the tool here:

http://www.downloads.subratam.org/hijackthis.zip

Then set it up

Step 1

HijackThis downloads as a ZIP file that contains only the program itself, not an installer. When you unzip it, be sure to create a folder for the program to live in, such as C:\Program Files\HijackThis\, or it will simply unzip to your default downloads folder. To make running it even easier, you can right-click its program icon to create a shortcut on your desktop. Most versions of Windows let you drag the folder--or just the icon--to the Start menu and drop it where you want. Windows XP lets you right-click the icon and "pin" it to the Start menu. If you use the Quick Start toolbar, you can drag and drop the icon there.

Scan your system


Step 2

Regardless of how you launch the program, running HijackThis can be confusing. All you do is click the Scan button to bring up a list of all the questionable entries in your registry and on your computer. However, even a completely healthy computer that's been customized by, say, setting a new Internet Explorer home page can have dozens of entries. A scan on our test machine resulted in 44 entries, all of which we recognized as benign. (If you'd like more information on why the program flagged a benign entry, you can either select an individual check box and hit the Info on Selected Item button or consult the publisher's excellent log tutorial.) The best thing to do is save the log, preferably in the HijackThis folder, and look to the Internet for answers.

Identify problems


Step 3

Conveniently, after the program scans, the Scan button turns into the Save Log button. Once you press that, the log opens up in Notepad. At that point, the brave or foolhardy can look up entries on the Web to see whether they're benign. For example, we discovered that lsass.exe is a Mcft Windows process that helps authenticate user logins. Clearly this isn't something we want to delete, whereas the innocent-sounding rundll16.exe comes with the adware program BrowserAid.

However, you don't have to face the cleanup alone. Many anti-adware and tech-support online forums feature dedicated and smart people who will examine your HijackThis log file and tell you which entries to delete. SpywareInfo runs a good one, as do Computer Cops and TweakXP. For all three, registration is required, but it's free and quick. Read the forum rules before posting, and be patient.

Clean house

Step 4


Once you've done your research, check the box next to items you know are bad, then hit Fix Checked. After that, restart your computer and run an adware-removal program to see whether that took care of the problem. If you're still having problems, either repeat the process or return to the forums. The person who's helping you will tell you which files to remove, then probably ask you to restart, rescan, and post the new log. This process continues until your computer is once again deemed righteous. At that point, you can check items you know are good, such as those that reset the browser page to your chosen home page, and remove them from future flagging by hitting the Add Selected to Ignorelist button.

The thing with Hijackthis in the old days was that it was way to hard to analyze with.. but the good thing now is that you can scan it online with the logfile Hijackthis creates...


http://hijackthis.de/index.php?langselect=english


HijackThis lists the contents of key areas of the registry and hard drive--areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you should always consult with knowledgable folks before deleting anything.

Hijackthis reviews...

http://www.download.com/HijackThis/3640-8022-10307556.html


[Like it? Digg it]

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home