January 22nd, 2005 04:28 AM
HijackThis - a multifaceted tool
Current version 1.99.0 available here and here.
We all know what a HijackThis log looks like. This utility helps many of us to eradicate malware. If you’re one of the few who doesn’t, simply look through some forums like this one or this one. If you’re not familiar with the various sections of a HijackThis log look right here for a description of the various sections of the logs. What I’m about to discuss here are some of the alternative uses and enhanced options for the HijackThis tool.
To access the extras included with it, simply run HijackThis and select Config. On the screen it shows you next you have several options to enhance your use of HijackThis:
* You have the option to mark everything found for fixing after the scan. While this is not an option I would recommend, it could come in handy if this is your pc and you’ve whitelisted all the items that are good, hence only the bad ones would be present in your new log.
* You have the option to make backups before fixing items. This is enabled by default. I wouldn’t recommend turning this off for obvious reasons.
* You can confirm the fixing & ignoring of items. This causes a box to pop up asking you if you mean to fix items or ignore items, depending on what you wanted to do. This is a good idea to leave enabled, as it is by default, just in case you have a “mouse twitch” and accidentally select something you didn’t mean to.
* You have the option to ignore non-standard but safe items in the scan . Enabling this will lengthen your log file as it shows you all the things in Merijn’s white list.
* You have the option of including the list of running processes in the log file. This is enabled by default and it’s wise to leave it enabled so that you can get a complete record of what’s happening on the computer in collection.
* You also have the option to show the intro frame at startup.
* You can select the default options that you would like HijackThis to restore your setting to after the fix: Home page, Search page, Search assistant and Search customize.
Next, once you hit the Ignorelist button you have the option of adding things to the ignore list on the computer in question. This can come in handy if you scan the same computer repeatedly.
Then you can select the Backups button to view, delete and restore your backups (that you should have automatically enabled on the main page).
Lastly you can select the Misc Tools button to see the extra tools that HijackThis comes with.
* You can generate a startup list log. This looks to “all startup entries in the Registry and various Windows files” according to the program. This can be useful in determining the root of an infection.
* You can open the process manager. This works a lot like the Task Manager in Windows, but has some added features. For example, you can kill multiple tasks at the same time. This can come in handy on infections with two processes that check each other and re-install if one is missing.
* You can open the hosts file manager. This is a small editor in which you can view and edit your hosts file.
* HijackThis also has the option to delete files on reboot. This works a lot like Killbox.
* You can open ADS Spy which helps when fighting infections (think CWS) that utilize the alternate data streams.
HijackThis also has some advanced settings.
One enables HijackThis to calculate the MD5 of files when possible. While this has a bug in it in version 1.99 (all files will bring the same, incorrect, result) I know it will be fixed in future versions.
It also has the option to include environmental variables in the log file. If selected, HijackThis will log the locations of the Windows folder, System folder and the Hosts file.
Upcoming versions of HijackThis promise to include other useful tools as well.
March 20th, 2005 09:15 PM
Version 1.99.1 update
Improvements in this version:
* Fixed crash bug on O23 method
* Itty Bitty Process Manager now displays PIDs
* Winlogon Notify items show in the O20s
* O4 tasks now ended (if running) before being fixed
New tools included:
* Run HijackThis at startup and show it when items are found.
Under Misc Tools:
* Delete an NT service.
* Includes an Uninstall Manager. This will show entries in Add/Remove programs and give you options to manipulate them.
* Calculate the MD5 of files when possible. Works in this version.
* Check for updates online. Use this option to make sure you have the most recent version of HijackThis.
* Uninstall HijackThis option. Removes all registry settings and exits.