About using Hijackthis..
Results 1 to 9 of 9

Thread: About using Hijackthis..

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    20

    About using Hijackthis..

    Hi My apologies for asking a probably much-asked and much-answere question probably in the wrong forum. but it's short so here goes:

    --Is is best to use hijackthis in Safe Mode or not?--

    anyway, thanks muchly to anyone who can give me a hand.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: About using Hijackthis..

    Originally posted here by Gallo_Pinto
    Hi My apologies for asking a probably much-asked and much-answere question probably in the wrong forum. but it's short so here goes:

    --Is is best to use hijackthis in Safe Mode or not?--

    anyway, thanks muchly to anyone who can give me a hand.
    The answer is just as short: yes
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Soda_Popinsky's HJT thread is here

    but it does not state, safe or normal mode

    but as it makes a list of RUNNING apps, may I suggest running it in normal mode
    not forgetting to run it from its OWN folder in the C: root [ie - C:\HJT]
    as it tends to have issues if you run it from the temp folder that you D/Led it to

    IF this was a rhetorical question, and you have the time

    run HJT in normal mode and then in safe mode
    saving both outputs and do a comparison
    just to see what, if anything IS different

    not forgetting to post results back here ...........
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Run it both ways (it won't take long). I've used HJT extensively, and usually ran it in normal mode, figuring it gave me a truer picture of the startups in Windows. But generally it is easier to remove spyware from safe mode, so there may be some advantage there.

    Be aware, HJT is almost obsolete in the face of newer forms of spyware, at least when it comes to removing them. I remove a lot of this cr@p from PC's and much prefer manual removal and online scans. Online scans will turn up more rogue files than HJT, so you might try that in conjunction with HJT.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    My advice would be:

    1. Update all your anti malware scanners
    2. Reboot into safe mode and run them
    3. Reboot into normal mode and run HJT

    If you find anything malicious, reboot into safe mode and run it again. You will have a better chance of a successful removal in safe mode.


    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    Here is a good Tut on HJT as it will show you step by step how the HJT program runs...

    HJT Tutorial

    Warning


    HijackThis should only be used if your browser or computer is still having problems after running Spybot or another Spyware/Hijacker remover. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself. You should also attempt to clean the Spyware/Hijacker/Trojan with all other methods before using HijackThis. If you allow HijackThis to remove entries before another removal tool scans your computer, the files from the Hijacker/Spyware will still be left on your computer and future removal tools will not be able to find them.
    luck
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #7
    1. Update all your anti malware scanners
    Would you trust those updates on a malware infected pc? If you can shuttle them in via USB or otherwise in safe mode... you'd be better off.

  8. #8
    Junior Member
    Join Date
    Jun 2006
    Posts
    20
    awesome, thanks everyone.
    I've just gotten over recovering my PC from a virus that almost forced me to reformat/reinstall. I'm just doing a very thorough scan of my PC using all mnner of software to make sure it's not gonna come back and bite me again. I remember runnign HJT before I was fully recoverd, and found a file it said I should remove. That file has sicne been removed by ewido anti-malware, so this is really just a precautionary measure, nothing super-serious.

    thanks again

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Soda~ ,

    Would you trust those updates on a malware infected pc? If you can shuttle them in via USB or otherwise in safe mode... you'd be better off.
    Actually I am not aware of anything that interferes with the actual update other than to block access to AV sites. Some stuff will also kill or frustrate the scanning process, so safe mode is advisable to run the scans.

    There are so many AV and anti malware tools that it would represent a rather daunting task to the malware author? AFAIK they use techniques like the alternate data streams or already running processes as a means of avoiding removal.

    The best cleaning methods are:

    1. A bootable RW CD/DVD with the scanners on it.
    2. Slave the HDD onto another machine.

    That way you don't even boot from the potentially infected drive, so nothing gets started.

    This is the professional approach, but it does rely on the fact that you have a clean machine to work with.



    EDIT: You are even more secure if your "cleaner" boots linux, given that there are so few cross-platform malwares
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides