What is HijackThis?
HijackThis is a program originally developed by Merijn Bellekom, a Dutch student studying chemistry and computer science. One of Merijn's programs, Hijackthis, is an essential utility to help find and remove spyware, viruses, worms, Trojans and other pests.

This is a basic guide to understanding the HijackThis logs, what specific sections mean and some tips on reading it yourself. Although its best to have a knowledgeable person help you examine the Hijackthis log and decide what to remove, it’s helpful to have a basic understanding of what the different sections mean and how they work.

In March 2007, Merijn sold Hijack this to TrendMicro because he didn’t have the time and energy to update it and support it. TrendMicro has incorporated many of Merijn's changes, updates, and fixes and released a version 2 of Hijack this.

Using Hijackthis:
Lets us start by downloading it first
1) Download & Install HijackThis from TrendSecure:
http://www.trendsecure.com/portal/en...kthis/download
Once installed, open HijackThis by clicking Start > Program Files > HijackThis and click the button labeled "Do a system scan only".


2) Check configuration
Before proceeding for the scan you should first click on the Config button, which is designated by the blue arrow in Figure 2, and confirm that your settings match those found in image below. The options that should be



^ checked are designated by the red arrow

__________________
i am physically challenged in hearing department.
MY RIG Intel duo2 E7300 2.66 oc 3.00 GHZSTABLE 24/7 thermalright ultra-120 ZEBROINCS nf 7050/630 but my p35 is dead due to cpu damage 320x1 GB 640GB western digital and WD500 ALIT PATI 4850 512 MB GDDR3 logitech mx518 and G15 LOGITECH PROVIEW 22 LCD ,SENNHEISER HD 201 cm600PSU & unknown server cabient

3) Scanning computer
HijackThis will quickly scan your system, and then open two new windows. The results of the HijackThis scan, and hijackthis.log in Notepad. Save hijackthis.log. By default it will be saved to C:\HijackThis, or you can chose “Save As…”, and save to another location.

hijackthis.log contains the info that’s required to receive analysis and assistance incase your system is infected. You can post the log on forum, along with a description of your problem(s). Highlight the entire contents. Copy and paste the contents into your post. DO NOT fix anything. Wait for help and someone can help you with it unless you are an expert and knowledgeable you can fix the issues yourself

If you feel that you are knowledgeable enough to continue, look through the listings and select the items you would like to remove by placing checkmarks in the checkboxes next to each listing as shown in image below. I have included some basic ways to interpret the information in these log files. By no means is this information extensive enough to cover all decisions, but should help you determine what is legitimate or not.

__________________
i am physically challenged in hearing department.
MY RIG Intel duo2 E7300 2.66 oc 3.00 GHZSTABLE 24/7 thermalright ultra-120 ZEBROINCS nf 7050/630 but my p35 is dead due to cpu damage 320x1 GB 640GB western digital and WD500 ALIT PATI 4850 512 MB GDDR3 logitech mx518 and G15 LOGITECH PROVIEW 22 LCD ,SENNHEISER HD 201 cm600PSU & unknown server cabient

Once you have selected the items you would like to remove, press the Fix Checked button, designated by the blue arrow, in Image posted above. HijackThis will then prompt you to confirm if you would like to remove those items. Press Yes or No depending on your choice.

4) Analysethis
It’s completely optional. Clicking the AnalyzeThis button will submit the contents of your HJT log to TrendMicro. It’s not required, and will only show the popularity of items in your log, not analyze the contents. If an entry isn’t common, it does NOT mean it’s bad. TrendMicro uses the data you submit to improve their product


5) Restore items mistakenly deleted
HijackThis comes with a backup and restore procedure in the event that you erroneously remove an entry that is actually legitimate. If you have configured HijackThis as was shown in this tutorial, then you should be able to restore entries that you have previously deleted. If you have had your HijackThis program running from a temporary directory, then the restore procedure will not work.

If the configuration setting Make backups before fixing items is checked, HijackThis will make a backup of any entries that you fix in a directory called backups that resides in the same location as Hijackthis.exe.

If you start HijackThis and click on Config, and then the Backup button you will be presented with a screen like below. You will have a listing of all the items that you had fixed previously and have the option of restoring them. Once you restore an item that is listed in this screen, upon scanning again with HijackThis, the entries will show up again.


Once you are finished restoring those items that were mistakenly fixed, you can close the program.

How to Generate a StartupList log file:
StartupList is a utility which creates a list of everything which starts up when you boot your computer plus a few other items. When run, it creates a file named StartupList.txt and immediately opens this text file in Notepad

1)Open HijackThis & Click the "Open the Misc Tools section" button.

__________________
i am physically challenged in hearing department.
MY RIG Intel duo2 E7300 2.66 oc 3.00 GHZSTABLE 24/7 thermalright ultra-120 ZEBROINCS nf 7050/630 but my p35 is dead due to cpu damage 320x1 GB 640GB western digital and WD500 ALIT PATI 4850 512 MB GDDR3 logitech mx518 and G15 LOGITECH PROVIEW 22 LCD ,SENNHEISER HD 201 cm600PSU & unknown server cabient

2)Click the Generate StartupList log button. A confirmation box will pop up. Click Yes. The Startup list text file will now be generated and opened on the screen
[img]http://www.whatthetech.com/hjt202/hijackthis_V2_startuplist_log.png[/img

How to use Process Manager
HijackThis has a built in process manager that can be used to end processes as well as see what DLLs are loaded in that process. To access the process manager, you should click on the Config button and then click on the Misc Tools button. You should now see a new screen with one of the buttons being Open Process Manager. If you click on that button you will see a new screen similar to Figure below.



This window will list all open processes running on your machine. You can then click once on a process to select it, and then click on the Kill Process button designated by the red arrow in Figure above. This will attempt to end the process running on the computer.

If you would like to terminate multiple processes at the same time, press and hold down the control key on your keyboard. While that key is pressed, click once on each process that you want to be terminated. As long as you hold down the control button while selecting the additional processes, you will be able to select multiple processes at one time. When you have selected all the processes you would like to terminate you would then press the Kill Process button.

If you would like to see what DLLs are loaded in a selected process, you can put a checkmark in the checkbox labeled Show DLLs, designated by the blue arrow in the figure above. This will split the process screen into two sections. The first section will list the processes like before, but now when you click on a particular process, the bottom section will list the DLLs loaded in that process.

To exit the process manager you need to click on the back button twice which will place you at the main screen.

How to use the Hosts File Manager
HijackThis also has a rudimentary Hosts file manager. With this manager you can view your hosts file and delete lines in the file or toggle lines on or off. To access the Hosts file manager, you should click on the Config button and then click on the Misc Tools button. You should now see a new screen with one of the buttons being Hosts File Manager. If you click on that button you will see a new screen similar to Figure below



his window will list the contents of your HOSTS file. To delete a line in your hosts file you would click on a line like the one designated by the blue arrow in Figure above. This well select that line of text. Then you can either delete the line, by clicking the on the Delete line(s) button, or toggle the line on or off, by clicking on the Toggle line(s) button. It is possible to select multiple lines at once using the shift and control keys or dragging your mouse over the lines you would like to interact with.

If you delete the lines, those lines will be deleted from your HOSTS file. If you toggle the lines, HijackThis will add a # sign in front of the line. This will comment out the line so that it will not be used by Windows. If you are unsure as to what to do, it is always safe to Toggle the line so that a # appears before it.

To exit the Hosts file manager you need to click on the back button twice which will place you at the main screen.

source References
http://www.trendsecure.com/portal/en...hijackthis/qsg
http://www.bleepingcomputer.com/
http://www.whatthetech.com

__________________
i am physically challenged in hearing department.
MY RIG Intel duo2 E7300 2.66 oc 3.00 GHZSTABLE 24/7 thermalright ultra-120 ZEBROINCS nf 7050/630 but my p35 is dead due to cpu damage 320x1 GB 640GB western digital and WD500 ALIT PATI 4850 512 MB GDDR3 logitech mx518 and G15 LOGITECH PROVIEW 22 LCD ,SENNHEISER HD 201 cm600PSU & unknown server cabient

Which is better between the Hijack This Spyware Search and Destroy?

Well, as arun.p explained, HijackThis is a software that lists all registry changes and some browser stuffs (BHOs, spyware/adware, etc) that can damage your computer. Spyware S&D is a program that scans your computer, lists spyware, and helps you remove it from your computer.

I've been to a couple of forums where people have a problem on their computer, and they post their HJ log on there, and some other people help them with their problems.

You should use Spyware S&D with AdAware. It's a great combination.

NICELY PRESENTED !!
recently i found Autorun.inf Virus on my pen drive.
any body can help on this ??

Autorun is just a simple text-based file that has the configs for your flash drive. It tells Windows to open up a certain thing on your flash drive, such as "Setup.exe" or something. It also controls the icon for your flash drive, the description, and what program to run.

You can find more details here: Unless you want to disable this, then you can delete it.

Great tutorial and very well organized. Thanks.

thanx for your reply

i know what u wrote above but my problem is that when i insert my flash drive into USB slot my Antivirus Software detects virus named Autorun.inf

wht to do ??

once again thanx

nice one very helpfull post keep it up man

i was using spyware doctor but it was not much effective,,now i am trying hijackthis...thanks for information