Hiackthis has been for many years one of the most important and best known programs for Windows PC, of which I had already spoken several years ago, still used today to manually free your computer from malicious software such as rootkits and other hidden threats.
Not being a program that does things automatically, it remains recommended for those who are more experienced and know which components Windows is made up of, ie processes, services, programs, drivers, registry keys etc.
It is worth, even today, to talk about HijackThis with a user guide because it is a shame to give up an instrument so precise and all in all simple that helps us know everything, absolutely everything, on the software that is loaded from the computer from the moment in which it is turned on .
Thanks to this program it is also possible to detect viruses and malware, including rootkits, that is, the components that are loaded at startup and then disappear from memory (for example, the drivers are rootkits).
HiJackThis, open source and still maintained by independent developers, can be downloaded for free in its latest version (2017) from the Sourceforge website.
Without installation, however, you must run the downloaded file as an administrator.
To do this, click on the HijackThis.exe file with the right mouse button and then choose to run it as administrator.
Once the first screen is open, you can press the key to do System Scan, with or without a log file (the file where the scan report is recorded).
The scan will show a large number of elements in an order that seems random and certainly not a very friendly interface.
Even without being an expert, the important thing is to know that what you are seeing with Hijackthis is practically every reference of Windows to the software run by the computer after startup.
Starting from the top we find listed:
- HKCU and HKLM, which are registry keys
- BHO, extensions added to the Windows browser (Internet Explorer)
- Toolbar
- Extra Context menu and Extra Button are the options added by some external programs to the contextual menu that appears by pressing the right mouse button on a file.
- Protocol
- Service, that is the services started.
These entries are preceded by a letter which can be R, F, N, O and mean:
A - Internet Explorer components and settings
F - Programs that load themselves
N - Mozilla Firefox search and start pages
OR - Components of the Windows operating system.
To understand this list and know how to use it productively, one can think of each element as the reference to an external program.
Since most malware makes changes to the operating system, by modifying the registry, installing additional software or changing settings in the browser, from this screen of Hijackthis it is possible to detect these changes, if we find strange, unknown names or anomalous elements.
HijackThis does not judge what it finds and unlike other traditional antivirus software it cannot tell us if there is malicious software or not.
Many of the elements found by the HJT scan are fundamental for the correct functioning of the PC so removing them could compromise the functioning of the computer.
So if you don't know what it means in HiJackthis, better close the program and leave it alone.
If, on the other hand, we are aware of what we are seeing, we can read the various lines to identify harmful and even missing elements ( File Missing ) that probably should be corrected.
To correct the wrong, missing or malware-related references, select them with the square on the left and then press the Fix Checked button.
Once again we must reiterate to be careful what you select, because the fix is in fact a removal so if you make a mistake there could be problems.
Fortunately, every Fix done is recorded in the tab that appears by pressing the backup button in the main menu.
In the list of changes made, you can restore what has been removed.
Since the analysis can be difficult to do, some forums like iamnotageek.com help us where you can paste the entire contents of the log file generated by the Hijackthis scan to get an automatic opinion on what has been found.
It will therefore be possible to examine the elements at risk and the unknown ones, excluding instead those that are certainly fine.
The latest version of HijackThis also has a Misc Tools section in the main menu, that is, additional tools.
You can then find a process manager, automatic start analysis, opening the Hosts file and other useful tools.
In case you are looking for a similar program, but simpler to use, we should look at a combination: on the security side to the tools to eliminate hidden Rootkit viruses from the PC, which are automatic, on the other side, for a software analysis loaded from your computer, to programs to manage the automatic startup of Windows .
Not being a program that does things automatically, it remains recommended for those who are more experienced and know which components Windows is made up of, ie processes, services, programs, drivers, registry keys etc.
It is worth, even today, to talk about HijackThis with a user guide because it is a shame to give up an instrument so precise and all in all simple that helps us know everything, absolutely everything, on the software that is loaded from the computer from the moment in which it is turned on .
Thanks to this program it is also possible to detect viruses and malware, including rootkits, that is, the components that are loaded at startup and then disappear from memory (for example, the drivers are rootkits).
HiJackThis, open source and still maintained by independent developers, can be downloaded for free in its latest version (2017) from the Sourceforge website.
Without installation, however, you must run the downloaded file as an administrator.
To do this, click on the HijackThis.exe file with the right mouse button and then choose to run it as administrator.
Once the first screen is open, you can press the key to do System Scan, with or without a log file (the file where the scan report is recorded).
The scan will show a large number of elements in an order that seems random and certainly not a very friendly interface.
Even without being an expert, the important thing is to know that what you are seeing with Hijackthis is practically every reference of Windows to the software run by the computer after startup.
Starting from the top we find listed:
- HKCU and HKLM, which are registry keys
- BHO, extensions added to the Windows browser (Internet Explorer)
- Toolbar
- Extra Context menu and Extra Button are the options added by some external programs to the contextual menu that appears by pressing the right mouse button on a file.
- Protocol
- Service, that is the services started.
These entries are preceded by a letter which can be R, F, N, O and mean:
A - Internet Explorer components and settings
F - Programs that load themselves
N - Mozilla Firefox search and start pages
OR - Components of the Windows operating system.
To understand this list and know how to use it productively, one can think of each element as the reference to an external program.
Since most malware makes changes to the operating system, by modifying the registry, installing additional software or changing settings in the browser, from this screen of Hijackthis it is possible to detect these changes, if we find strange, unknown names or anomalous elements.
HijackThis does not judge what it finds and unlike other traditional antivirus software it cannot tell us if there is malicious software or not.
Many of the elements found by the HJT scan are fundamental for the correct functioning of the PC so removing them could compromise the functioning of the computer.
So if you don't know what it means in HiJackthis, better close the program and leave it alone.
If, on the other hand, we are aware of what we are seeing, we can read the various lines to identify harmful and even missing elements ( File Missing ) that probably should be corrected.
To correct the wrong, missing or malware-related references, select them with the square on the left and then press the Fix Checked button.
Once again we must reiterate to be careful what you select, because the fix is in fact a removal so if you make a mistake there could be problems.
Fortunately, every Fix done is recorded in the tab that appears by pressing the backup button in the main menu.
In the list of changes made, you can restore what has been removed.
Since the analysis can be difficult to do, some forums like iamnotageek.com help us where you can paste the entire contents of the log file generated by the Hijackthis scan to get an automatic opinion on what has been found.
It will therefore be possible to examine the elements at risk and the unknown ones, excluding instead those that are certainly fine.
The latest version of HijackThis also has a Misc Tools section in the main menu, that is, additional tools.
You can then find a process manager, automatic start analysis, opening the Hosts file and other useful tools.
In case you are looking for a similar program, but simpler to use, we should look at a combination: on the security side to the tools to eliminate hidden Rootkit viruses from the PC, which are automatic, on the other side, for a software analysis loaded from your computer, to programs to manage the automatic startup of Windows .
