Andrey “Rarst” Savchenko —  — Software — autorun, hijack, log, malware

HijackThis – unofficial standard for startup entries log

hijackthis_icon Huge part of malware hunt is to find it and prevent it from running. Modern malware isn’t shy to destroy antivirus monitors on sight or run circles around them.

HijackThis is utility that generates log of startup and other related entries, that is commonly required for posting such information online.

What it does

App goes through system and looks for non-standard entries that start automatically. It presents result in interface with option of plain text log.

hijackthis_interface

It goes through locations most commonly used by malware:

  • startup entries in registry;
  • browser search pages, helper objects and additional buttons;
  • system services.

Strong features

HijackThis is around for many years and it is widely accepted as de-facto standard for startup logs. Many online forums, that provide help with malware, require to post HijackThis log first.

Entries can be removed from interface and there are few extra tools, including pending delete of locked files. It can be used for cleanup but main function remains log generation.

Downsides

Frankly HijackThis is hardly awesome tool:

  • Autoruns does better job with generic startup-related things;
  • AVZ is better at detecting and dealing with malicious startup entries;
  • any portable antivirus will actually kill malware on top of finding it.

It is handy to look for problem, but near-useless to deal with it. By the way it makes no distinction between legit and malware at all so do NOT kill entries just because they show up in log.

There is option to upload log for analyze online. Only time I tried that results were broken.
[update] Klemen pointed out in comments very nice third party service to analyze HijackThis log - http://hijackthis.de/

Overall

Unlike with other anti-malware tools I have no story about this one saving the day. Still if you are going to look for help online – providing HijackThis log is a must. Works without installation.

Home&download http://free.antivirus.com/hijackthis/

Related Posts

5 Comments

  • Klemen #

    I believe the log analyzer website http://hijackthis.de/ is also worth mentioning. Not only worthy, but a must in this case. Update your article! =)

  • Rush #

    Nah, this one won't save the day. The guy that sits down and goes over the log for an hour, process by process, saves the day. While this one isn't my favorite (because it means work), I'd be lying if I didn't admit that I wind up pouring over those logs much more than I'd like. While not a lot of fun, it is a crucial tool to know and possess.

  • Tech-Freak Stuff #

    Cool Find! This will help in noting if any Virus or Suspicious entry is starting during the Start-Up. Logs are always helpful in looking at the past!

  • Rarst #

    As usual everyone jumps to comment at boring post, written when I was in mood when I'd prefer to go pass out instead of blogging. :) @Klemen Updated. Thanks, looks like very solid analyzer! @Rush Tell me about it. I got so tired of such menial stuff that I prefer to burn time first, running PC through 4-5 scanners and only then escalate to manual work. Luckily computers don't get bored and don't complain. :) @Tech-Freak Stuff Well, this app was around forever so hardly my find. :) But as above - like it or not, important part of toolkit.

  • Geek Squeaks’ of the Week (#32) « What's On My PC #

    [...] Rarst.net HijackThis – unofficial standard for startup entries log [...]