Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HijackThis: understanding 017 section log (Domain Hacks)

  • Please log in to reply
1 reply to this topic

#1 eusebio


  • Members
  • 3 posts
  • Local time:08:15 PM

Posted 03 December 2013 - 11:42 AM

Good evening,

I'm a new entry, just of today, and first of all I apologize for my poor English. I'm writing from Italy.

I'm just a simple  pc user but I'm trying to understand more deeply how to use it better and how to protect it from malware's attacks.

I've red your HijackThis guide, and I've scanned my pc with the software itself.

The log of the results tells about only one server in the 017 section, and its IP address corresponds to a private address (

I would like understanding the meaning of this result. In Others words, what does a private IP address means in the 017 section?  Why are there not any else server? And, should I fix it?

Furthermore, my pc seems working good, without any strange behaviours.

Thank you for your attention.



BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,062 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:15 PM

Posted 03 December 2013 - 01:07 PM

Welcome to BC

O17 entries correspond to keys in registry hive HKEY LOCAL MACHINE for specific values which help windows to resolve domain names into IP addresses. Removing a needed 017 entry may break Internet connectivity since they may be used by an ISP or company network.

IMPORTANT NOTE: HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

Unless you know how to read and analyze logs from DDS, OTL or RSIT there's no point on downloading and using them. If those tools are needed for a malware infection you should seek assistance from an expert who will advise you accordingly.

Like HijackThis, these are powerful tools which rely on trained experts to interpret the log entries, determine what needs to be fixed and plan a strategy for disinfection. Using such tools requires advanced knowledge about the Windows Operating System and can cause system damage if used incorrectly. If you do not have advanced knowledge about computers or training in the use of these tools, you should NOT attempt to use them or fix anything without consulting a expert as to what to fix.

With that said, these are links to various tutorials and guides:

HijackThis Online Tutorials:
BC's HijackThis Tutorial & Guide
Understanding and Interpreting HijackThis Entries - Part 1: R0 to N4
Understanding and Interpreting HijackThis Entries - Part 2: O1-O9
Understanding and Interpreting HijackThis Entries - Part 3: O10-O23
Aumha.org: HijackThis Log Tutorial
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users