Wednesday, June 30, 2010

Using HijackThis to remove malware

HijackThis, a hijacker detector and remover was originally created by Merijn Bellekom and then later sold off to Trend Micro. HijackThis is a very popular browser hijacker detector used by majority of security analysers to identify the possible malware infections on a computer.

The problem with today’s malware is that they are very difficult to detect due to the advanced protective mechanisms used by them. Because of this, even a thorough scan by the latest updated anti virus or an anti spyware/malware  may miss out on the latest variants of a particular malware. In such cases, to make sure even the last traces of the malware is weeded out, security analysts suggest using HijackThis logfile through which they can analyse the registry and other program settings on a computer and based on the log, they can pinpoint towards the malware entry (and thereby their removal too) with greater accuracy.

It is rather a simple process.
•    Just download the HijackThis software from and run the executable.
•    Then select the appropriate option to scan and generate the log file (the 1st option).
•    Once the log file is generated, get it analysed at or if you are still unwilling to take any risk, post the log to any security forum of your choice. Googling out for ‘hijackthis security forums’ will get you lots of relevant links.
•    Check out the bad settings and click on ‘Fix checked’. Additionally, if it is some program that had set the malicious entry, delete the file manually. If you are unable to delete it, Use the ‘Delete a file on reboot’ option at the ‘Misc tools section’. The file will get deleted after the computer is restarted.
•    The above technique is one of the most popular methods in malware removal and is supposed to almost guarantee a malware free computer.

Check out the short video tutorial below to see how it is done in few easy steps:

For those who are unable to check out the video tutorial for some reason, here’s a pictorial walkthrough below. Click on the images to see them at their full resolution.

Step 1:
Download the HijackThis executable from the link mentioned above and run it. Then click on
‘Do a system scan and save a logfile’ as shown in the picture.

Step 2:

Step 3:
It will auto generate a log file after the scanning is completed. Copy all the contents of the notepad.

Step 4:

Step 5:

Step 6:


Step 7:

Step 8:
In case of any instability issues after you have deleted some entries using the above method, you can easily restore them back with the restore function.

Step 9:
Other tools such as the ‘process manager’ (similar to the Task Manager in Windows ), file deletion on reboot and startup list log file generator are some of the extra features that HijackThis offers for tackling malware that are relatively difficult to remove.
Remember that the startuplist log file is similar to the HijackThis log file but it scans only for the startup entries. This kind of a log file may be asked by experts to be posted in forums in case of tough malware.

This post was originally guest authored by me for CrazyEngineers for the blog - Voice. You can visit the blog for the original article here

No comments:

Post a Comment

Please post your comments on whether you liked it and what else would you like me to write on. Suggestions of all types are welcome.