Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Understanding Hijackthis

  • Please log in to reply
4 replies to this topic

#1 Studio Era

Studio Era

  • Members
  • 13 posts
  • Local time:09:29 PM

Posted 29 March 2009 - 02:23 PM

Greetings, respect and salutations.

I must apologise if this is in the wrong section. My path of logic led me here.

I'm wanting to know a little about Hijackthis.
If you have the time and patience, it is most appreciated.

I downloaded Trend Micro Hijackthis v.2.0.2, ran the scan and now I'm sitting here looking at it wondering what on earth it's for.

I've downloaded the DDS scan from bleepingcomputer and I am more familiar with the results of DDS as I've seen it on countless forums.

Q1. Does DDS run off of Hijackthis?
Would it be just as good to only download/run DDS, or will it work without HJT installed?

Q2. Is Hijackthis used only for locating spyware/malware/virus?
Would it also be used to 'clean' out unneccessary programs or have other uses?

Q3. What can you do with the actual HJT scan?
I'm failing to see what benefit of it without being able to post the info, as with DDS.
(thus the reasoning behind DDS, I am supposing . . .)

Q4. I've noticed on sites like: http://www.hijackthis.de they just say copy/paste the log.
The only log I can find is the DDS.txt file.
I feel I'm missing something here. Is there a log I can obtain from the HJT program (scan)?

That's about it actually.
The main headscratcher is Q3.
After scanning, I'm left with a page full of choices knowing if I delete (fix) the wrong one, my PC throws a fit and dies on me . . . :thumbsup:

thank you for your time and apologise if I've landed in the wrong topic.

Edited by Studio Era, 29 March 2009 - 02:27 PM.

BC AdBot (Login to Remove)


#2 scff249


    Indecisive Lurker

  • Members
  • 1,319 posts
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:11:29 PM

Posted 29 March 2009 - 03:08 PM

Hijackthis and DDS.scr are two different things to my understanding. I only have Hijackthis installed as a backup just in case I can't get something off of my computer and need the help of experts from here. Other than that, HJT is, in a sense, just there collecting dust on my computer (in Layman's terms, it's there just in case of a worse case scenario)

Both are tools used for advanced Malware Removal teams such as BC's HJT Team to use. After that, I'm not sure in the workarounds to it or I'm probably not authorized to talk about it (not that I'd know anything anyways)

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo

#3 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:29 PM

Posted 29 March 2009 - 04:37 PM

HJT is a diagnostic tool to detect malware. A good place to begin to understand how to use it can be found in this BC Tutorial:


However, malware has become extremely subtle and complex, and it is usually advisable for the average user to submit a log to one of several Internet sites such as BC for expert review and help with problems.

Edited by jgweed, 29 March 2009 - 04:37 PM.

Whereof one cannot speak, thereof one should be silent.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 PM

Posted 30 March 2009 - 10:13 AM

DDS is a specialized tool that produces a Psuedo HJT Report (a scaled down and simplified version of 'HJT lines' that provides the same information in a more condensed format). In addition, it collects much more information that is useful for malware detection, then later removal with other tools. You cannot fix any of the entries with DDS. It's primary purpose is detection of malware in various areas and providing that information to a trained malware removal Helper who can use the report to plan a strategy of attack.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,649 posts
  • Gender:Male
  • Local time:10:29 PM

Posted 30 March 2009 - 11:19 AM

Also see my comments here:

To give a little more insight on your third question, after reading the BC tutorial on HijackThis, you should be able to see that it does produce a log that can be posted--and that is one of the primary reasons for its design. So that people who aren't technically inclined can post their log and allow someone with more knowledge to help them with whatever problems it reveals. Even the more technically inclined may not have enough knowledge of malware trends and how to remove, so asking for advice is nearly always recommended. As quietman7 has indicated, DDS gives more comprehensive information--is more cutting edge as it shows newer areas that malware hides in than HJT--but it doesn't fix anything. HJT does still do repairs to the areas that it enumerate--for the most part.

Also it takes a human to interpret the results. They may make some mistakes but they won't be as serious or as common as what happens when you use an auto-analyzer like the site you mentioned. The best automation of malware removal is still a good antivirus or malware scanner. HJT and DDS and similar tools are used when those automated tools fail to detect and remove so that humans can try to find out what is really going on--so using an automated tool defeats their purpose.

Lastly, I've just answered another of your threads that is somewhat related here:

I get the feeling that one source of your confusion is that those malware startups you were looking for didn't show up in HijackThis. That is because you disabled them in msconfig. HijackThis only reads the run keys--not the key those startups get moved to when disabled. I am not sure about DDS, as I am semi-reitred from working malware removal forums and it came out afterward, but some tools like it will show those disabled entries under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig

Edited by Papakid, 30 March 2009 - 11:20 AM.

The thing about people

is they change

when they walk away.--Mipso

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users