Huge part of malware hunt is to find it and prevent it from running. Modern malware isn’t shy to destroy antivirus monitors on sight or run circles around them.
HijackThis is utility that generates log of startup and other related entries, that is commonly required for posting such information online.
What it does
App goes through system and looks for non-standard entries that start automatically. It presents result in interface with option of plain text log.
It goes through locations most commonly used by malware:
- startup entries in registry;
- browser search pages, helper objects and additional buttons;
- system services.
Strong features
HijackThis is around for many years and it is widely accepted as de-facto standard for startup logs. Many online forums, that provide help with malware, require to post HijackThis log first.
Entries can be removed from interface and there are few extra tools, including pending delete of locked files. It can be used for cleanup but main function remains log generation.
Downsides
Frankly HijackThis is hardly awesome tool:
- Autoruns does better job with generic startup-related things;
- AVZ is better at detecting and dealing with malicious startup entries;
- any portable antivirus will actually kill malware on top of finding it.
It is handy to look for problem, but near-useless to deal with it. By the way it makes no distinction between legit and malware at all so do NOT kill entries just because they show up in log.
There is option to upload log for analyze online. Only time I tried that results were broken.
[update] Klemen pointed out in comments very nice third party service to analyze HijackThis log – http://hijackthis.de/
Overall
Unlike with other anti-malware tools I have no story about this one saving the day. Still if you are going to look for help online – providing HijackThis log is a must. Works without installation.
Home&download http://free.antivirus.com/hijackthis/
Klemen #
I believe the log analyzer website http://hijackthis.de/ is also worth mentioning. Not only worthy, but a must in this case. Update your article! =)
Rush #
Nah, this one won’t save the day. The guy that sits down and goes over the log for an hour, process by process, saves the day. While this one isn’t my favorite (because it means work), I’d be lying if I didn’t admit that I wind up pouring over those logs much more than I’d like.
While not a lot of fun, it is a crucial tool to know and possess.
Tech-Freak Stuff #
Cool Find! This will help in noting if any Virus or Suspicious entry is starting during the Start-Up. Logs are always helpful in looking at the past!
Rarst #
As usual everyone jumps to comment at boring post, written when I was in mood when I’d prefer to go pass out instead of blogging. :)
@Klemen
Updated. Thanks, looks like very solid analyzer!
@Rush
Tell me about it. I got so tired of such menial stuff that I prefer to burn time first, running PC through 4-5 scanners and only then escalate to manual work. Luckily computers don’t get bored and don’t complain. :)
@Tech-Freak Stuff
Well, this app was around forever so hardly my find. :) But as above – like it or not, important part of toolkit.
Geek Squeaks’ of the Week (#32) « What's On My PC #
[…] Rarst.net HijackThis – unofficial standard for startup entries log […]