Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis "Fix" doesn't do anything?


  • Please log in to reply
4 replies to this topic

#1 qwerty12345

qwerty12345

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 24 January 2011 - 08:30 PM

I recently identified a few things in HJT that I wanted to get rid of (nothing malicious, just a few leftover registry entries and a couple of IE add-ons), so I selected them and chose to "fix" them.

Although it got rid of a few of them, several won't go. I think they're just leftover registry entries (I can list them if you like), but I can't see why HJT can't delete them. I tried doing it in safe mode and logged in as an administrator, but it made no difference.

Any ideas how to get rid of them?

Thank you.

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:09:40 AM

Posted 25 January 2011 - 04:07 PM

I am by no means an expert, but I do know that not all of the items that you choose "fix" for will be deleted by hijackthis. It is a very complicated tool, and "fixing" items does not always delete them. There are certain areas in the log that a "fix" will do nothing more than delete a shortcut to the file, or remove the DLL from starting at Windows boot.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,059 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 25 January 2011 - 06:45 PM

HijackThis is an advanced enumerator (similar in some respects to a registry editor) that is used to display certain areas of the Windows registry where the majority of malware reside. HijackThis will scan these areas of your system and then create a log to help diagnose the presence of undetected malware in known hiding places. However, since HijackThis only scans certain areas of a computer's system/registry, a log may not always show all the malware on your system and other investigative tools need to be used. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as loss of Internet connectivity or problems with your operating system which could preventing it from starting. Using HijackThis requires advanced knowledge about the Windows Operating System and relies on trained experts to interpret the log entries and investigate them in order to determine what needs to be fixed.

With that said, if you cannot permanently fix some entries with HijackThis that generally means something is interfering. This could due to one of your other security programs which was not disabled properly or by trying to fix while not logged in as Administrator or an account with administrator privileges.

There are tutorials available for advanced users which will help you understand more clearly about the use of HijackThis and what it does.Again I ask you to heed the warning about fixing anything by yourself. If you choose to ignore that warning you do so at your own risk.

Important Note for 64-bit system users: Be aware that many of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate (file missing) when that is NOT always the case. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.

Why? Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to Making the Move to x64: File System Redirection and WOW64 Implementation Details.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 qwerty12345

qwerty12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 26 January 2011 - 07:29 AM

I am by no means an expert, but I do know that not all of the items that you choose "fix" for will be deleted by hijackthis. It is a very complicated tool, and "fixing" items does not always delete them. There are certain areas in the log that a "fix" will do nothing more than delete a shortcut to the file, or remove the DLL from starting at Windows boot.

Yes, but when I select "Info on selected item..." it says that for O2 (BHO) it will delete the registry key and the CLSID and for O20 (Winlogon Notify) it will delete the registry key. Admittedly, for O16 (DPF) it doesn't say anything.


With that said, if you cannot permanently fix some entries with HijackThis that generally means something is interfering. This could due to one of your other security programs which was not disabled properly or by trying to fix while not logged in as Administrator or an account with administrator privileges.

This was my first thought and as I said in my first post, I have tried logging in as an administrator and fixing in safe mode (as admin).


There are tutorials available for advanced users which will help you understand more clearly about the use of HijackThis and what it does.

Again I ask you to heed the warning about fixing anything by yourself. If you choose to ignore that warning you do so at your own risk.

Important Note for 64-bit system users: Be aware that many of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate (file missing) when that is NOT always the case. Anti-malware scanners and many specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly.

Why? Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to Making the Move to x64: File System Redirection and WOW64 Implementation Details.

Thank you, I think I understand what HJT is and what it does. Or is there something specific that I'm missing? Also, perhaps I should have mentioned in my first post that this is on a WinXP Home SP3 machine.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:40 PM

Posted 26 January 2011 - 10:20 AM

Hi,

it is also possible that you have security tools which will restore the items. Things like Spybot TeaTimer or Windows Defender that need to be disabled.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users