Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Program


  • Please log in to reply
17 replies to this topic

#1 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 05 March 2009 - 09:46 PM

Hi,

I did not know where to ask this question but thought this was the best place. If it is the wrong place, I apologize.

I have been trying to find out what exactly the Hijack This program does and if it makes any changes to the system when you run it. From the little I know about it, it seems it can give a lot of good information about ones system but I have not been able to find out if running it can cause any damage, like making changes you might not want made.

Can anyone give me details on this program and if it is safe to run just to see what is happening on ones system?

BC AdBot (Login to Remove)

 


#2 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:10:50 AM

Posted 05 March 2009 - 11:36 PM

For the most part, HijackThis doesn't really make any changes unless you select something and hit the Fix button. Of course, overall, using HijackThis without the supervision of someone trained in its use is pretty dangerous (as is any tool like DDS, RSIT, and especially Combofix).

After that, any information about HijackThis (or other tools) would be information I don't know about or not authorized to talk about (like I'd know anything anyways....)

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#3 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 06 March 2009 - 03:30 AM

Thank you for your reply. I guess one of the reasons I thought it might be dangerous is all the talk here about it needing to be used with supervision, but I thought if it did not make any changes without my approval, it should not be dangerous. I just wanted to use it for the information about my system that I thought it could provide and not have it make any changes. If it did not make any changes to my system without me authorizing it, which I have no intentions of doing, I did not feel supervision would be necessary, but I wasn't sure it wouldn't change things without my authorization.

I am sorry if I have broken some rule by asking about it

#4 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:11:50 AM

Posted 06 March 2009 - 06:31 AM

Take a look at the HijackThis Tutorial and you will see why you want to have an expert guide you in its use.

#5 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 06 March 2009 - 07:08 AM

Thank you, I will check out that link

#6 E-Mu

E-Mu

    Bleepin' Psychopomp


  • Members
  • 1,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:50 PM

Posted 06 March 2009 - 07:37 AM

Hijackthis is sort of a reporting tool used to collate data about your system. It is true that you have to tell it what to do but it is all to easy to accidentally click a button and have it delete half your registry keys etc. If this happens and the program hasn't been installed and set-up correctly that you are basically buggered because the backups won't work.

There is information available on the internet regarding Hijackthis but i would advise you to have a read of this BC Tutorial - HijackThis.

NB: It's strongly advised that you don't run the program without supervision.
~ E-Mu ~

"Emu, You Moo, We All Moo for Emu!" <-- Thanks to Animal

"If at first you don't succeed; call it version 1.0"


#7 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:11:50 AM

Posted 06 March 2009 - 07:46 AM

Thank you, I will check out that link


You're welcome and follow E-Mu's advice about not using it without supervision.

#8 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 06 March 2009 - 07:49 AM

Thank you E-Mu. I just finished reading the BC tutorial on the program and found it to be very informative, it gave exactly the info I needed.

#9 E-Mu

E-Mu

    Bleepin' Psychopomp


  • Members
  • 1,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:50 PM

Posted 06 March 2009 - 07:52 AM

As tork has said your more than welcome :thumbsup:
~ E-Mu ~

"Emu, You Moo, We All Moo for Emu!" <-- Thanks to Animal

"If at first you don't succeed; call it version 1.0"


#10 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 06 March 2009 - 08:03 AM

Thank you, I will check out that link


You're welcome and follow E-Mu's advice about not using it without supervision.

After reading the info on that tutorial I think I would do fine running the program on my own should I decide I really want the info it would provide. I pretty much know what I am doing when it comes to the computer but should the program find something that might need to be fixed, I would certainly get supervision before fixing it if I was even a little bit unsure what the item needing to be fixed was. Of course, that supervision would have to come from here or an actual paid tech as I am the computer go to person for everyone I know, so there is nobody other than you guys and a paid tech for me to go to.

The only thing on computers that I do not feel comfortable messing with is hardware. If it is inside the case, it is beyond me, other than that, I can handle most things.

I appreciate the help everyone here has given me

#11 E-Mu

E-Mu

    Bleepin' Psychopomp


  • Members
  • 1,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:50 PM

Posted 06 March 2009 - 08:44 AM

If you 'do' run it and 'have' a look and run into anything that needs fixing then as you know there's plenty of people here who will help out.

NB: I am not condoning the use of Hijackthis without trained advice.
(This is not aimed at you Stang777 but to anyone else who may have an opinion on my comments in this thread.)
~ E-Mu ~

"Emu, You Moo, We All Moo for Emu!" <-- Thanks to Animal

"If at first you don't succeed; call it version 1.0"


#12 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:50 AM

Posted 06 March 2009 - 09:12 AM

You should never attempt to fix anything using HijackThis, until someone who is experienced at reading the log outputs, has a chance to review it.
Fixing the wrong items can make your computer unbootable.

Spaces, extra characters, spelling, file location, plus numerous other subtle changes, all make the difference between a "good", or "bad", file entry.

HijackThis is not a removal tool.
It lists what is found in certain areas of the registry, or system files, in an easily accessible manner, so that those familiar with the use and reading of HijackThis logs, and windows programs, can determine what is infecting the machine, and how to remove it.
It will indeed remove the entries listed, but that does not cure the underlying problem.
The problem must be properly identified first, and cured, prior to removing the entries with HJT.
Otherwise, you leave the infection, and remove the keys which are needed to identify and remove it.

Removing entries in HJT before the problem is properly identified, and correct removal instructions posted, can make the problem undetectable to other detection, and removal, tools.
HijackThis should only be used to clean up the entries left behind, after you have properly removed the offending program, file, trojan, worm, hijacker, etc.
And this usually requires help.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#13 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 07 March 2009 - 06:05 PM

If you 'do' run it and 'have' a look and run into anything that needs fixing then as you know there's plenty of people here who will help out.

NB: I am not condoning the use of Hijackthis without trained advice.
(This is not aimed at you Stang777 but to anyone else who may have an opinion on my comments in this thread.)

Thank you E-Mu :thumbsup:

#14 Stang777

Stang777

    Just Hoping To Help

  • Topic Starter

  • Members
  • 1,780 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Utah
  • Local time:09:50 AM

Posted 07 March 2009 - 06:08 PM

Thank you tg1911 and I understand what you are saying and will heed your advice

#15 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,021 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 AM

Posted 09 March 2009 - 03:04 PM

Hi Stang777,
As tg1911 has so aptly stated, there are several pitfalls when using HijackThis for malware removal that the inexperienced and uneducated can fall into. For the more casual use that you are alluding to, it is good to have a healthy respect for it, but, IMO, you are OK to not be afraid of it. The restrictions against posting in just any forum is because you can often get bad advice that can even be harmful, and the warnings against casual use are because HJT modifies the registry. And we all know what happens when the registry is modified without the proper knowledge. :thumbsup:

Even tho you have now enjoyed Grinler's nice tutorial, let me try to summarize in the simplest terms what HJT is all about. It has two basic functions.

1. An enumerator. When you scan with HJT, you don't make any changes to your system. It just lists areas, mostly in the registry, where any program can be started so that it runs in memory. Whether that is a file that is loaded when windows starts, or that takes some user action to initiate, such as opening your browser so that an extension runs.

2. Modifies the registry (with some few exceptions) when you select an entry and click Fix Checked. For malware, this is key to ending bad behavior because no malware (or any other file for that matter) is going to affect you if it is not started/loaded into memory. What most people know as Startups, i.e., what some manage in msconfig, are values of Run keys in the registry.

In the earlier days, before malware got to be so vicious and HJT was little heard of, HJT specialists would use it to both rid victims of hijackings and various other unwanted software, and as a startup manager. The latter is still done to some extent--and by some specialists more than others. For the most part there are way too many logs in the malware removal forum to worry about helping to speed up startup.

For several reasons, it is not a good idea to use HJT as a startup manager. Most important is that most reg entries are deleted rather than being just disabled. HJT makes backups in case of mistakes, but they are not always viable and can be lost. I have to admit I do use it to enumerate when I am trying out new software to see what startups it adds when installed, but I will rarely fix anything with it. In my opinion the best way to manage startups is to configure the program to not start if you don't want it to. Short of that there are many nice startup managers available that are designed for just this purpose. Plus many security tools include a startup manager component.

I'm fond of Mike Linn's Startup Control Panel--simple and sweet.

We would be remiss if we failed to give warnings about some startup managers as well. Autoruns by SysInternals is very much like HijackThis--it shows little known areas where Windows allows startups to load (and Windows has a lot of them). It also allows you to delete the startups--and I don't remember seeing anywhere that it makes backups. There is a pinned topic in their forum where some people have deleted userinit and so then weren't able to boot their computer.

Startup Control Panel is less dangerous as it doesn't enumerate the Userinit/Wininit, but you still can delete startups. It does make backups tho.

It is amazing, really, how much Autoruns is like HJT. Besides the browser start page and search settings, the main difference is that HJT does have a whitelist of system files to make the list to analyze shorter--that is why I use it to enumerate when trying out new software.

Hope I've added a bit to the great help you've already received. :flowers:

Edited by Papakid, 09 March 2009 - 03:13 PM.

And I may be obliged to defend
Every love every ending
Or maybe there's no obligations now,
Maybe I've a reason to believe
We all will be received
In Graceland--Paul Simon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users