How to Cure Malware infection Part – 3 Using HijackThis – Download and Install
A word of caution: This program should be used with utmost caution as most of the entries shown after the scan will be necessary for smooth running of the operating system. All users are not expected to understand all of the entries it produces as it requires certain level of expertize. Unless you can spot a spyware program by the names of its Registry keys and DLL files it is best left to those specifically trained in interpreting the HijackThis logs. Though this HijackThis tutorial attempts to make it easier to understand the log produced by HijackThis, it is recommended that you reproduce the log file generated by HijackThis on one of the recommended online forums dedicated for this cause.
HijackThis is a wonderful advanced tool created by Merijn bellekom and made available to anti-spyware community for free.
It lists among others auto loading programs from various locations, browser helper objects, IE toolbars and plugins, activeX objects, running processes etc, by examining the System Memory and certain key locations in the Registry and Hard Drive. The Program can be set to ignore selected items, create a backup of your original settings and can also be configured to produce a simple list of all startup items. It also contains various tools like a process manager, hosts file editor, ADS scanner, Uninstall manager and utilities to delete a file or a NT service on reboot. HijackThis targets only browser hijacking methods, not trojans or viruses. If multiple browser hijackers are known to use a startup method, it is included in HijackThis.
In the words of Merijn, HijackThis is
A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.
HijackThis is available in two modes, as an executable file or as an zip file. If you don't want to be bothered with installing and running a zip utility, download the executable version.
Why is it recommended to extract HijackThis to its own, permanent folder?
Though it's possible to run HijackThis from the Zip manager itself, it's not recommended because of the way HijackThis saves the backups. When you configure HijackThis to create backups, it creates a backup file for every entry fixed with it and it creates those files in the folder it runs from. If you choose to run HijackThis from the zip manager like Winzip, Winrar or Zipgenius, the zip manager runs HijackThis from a temporary location, typically from "\Documents and Settings\user name\Local settings\Temp" folder and the backups are saved in that folder. Any file older than 7 days gets deleted from the temp folder, whenever disc-cleanup is run. Conseqently there are no backups to restore if something goes wrong. So, it's recommended to create an exclusive folder for HijackThis to reside and run.
The recent versions of HijackThis have started exhibiting a warning on the above lines, if it detects that it is starting from a temporary location.
Download & Install – Executable Version
Click the link above to start the direct download of HijackThis.exe. In the File Download dialogue box, click "Save"
- In the "Save in" dialogue box, click "My computer" on the left pane
- Browse to your "Program Files" folder
- Click the "Create a new folder" button
- Name the new folder "HijackThis" and double click to open it.
Once the newly created "HijackThis" folder is open, click "Save" to save the HijackThis.exe file in that folder.
Download & Install – Zipped version
Click any of the links above to start downloading the zipped version of HijackThis. Click "Save" in the file download dialogue box.
Any location convenient to you is fine for saving the zip file locally. To save the file to your desktop, Click "Desktop" in the leftpane and then click "Save".
If your operating system is Windows 98 or Windows Me, you will need a zip file utility to extract the HijackThis.exe file from inside the archive to it's own, permanent folder. Windows XP can handle Zip and Cabs natively, and there are also shareware with nice and easy UI like WinZip, WinRar etc. I personally prefer Winrar.
If you need help on how to extract HijackThis.exe to it's own, permanent folder. Click the appropriate links.
- How to use WinRar to extract HijackThis.exe
- How to use WinZip to extract HijackThis.exe
- How to use ZipGenius to extract HijackThis.exe
- How to use Windows XP to extract HijackThis.exe