One thing, about the use of HijackThis, you must NEVER
attempt to fix stuff using HijackThis, until someone who is experienced at reading the log outputs has a chance to review it.
Fixing the wrong items can make a computer unbootable. Not recognizing CoolWebSearch
varients, can just make things reinstall, and there are very many subtle items that can only
be recognized with experience
Spaces, extra characters, spelling, file location, plus numerous other subtle changes,
all make the difference between a good or bad file entry.
Some say HijackThis is an excellent utility for removal of Browser Hijackers.
This is a definite misconception. How do you think that a 150KB program can contain the
database, removal instructions, and tools that takes Norton Antivirus or Spybot Search
and destroy 15MB plus to accomplish?
Hijack this is an ennumerator. It lists what is found in certain areas of the registry, or
system files, in an easily accessible manner, so that those familiar with the use and reading
of HijackThis logs, and windows programs, can determine what is infecting the machine, and
how to remove it.
The Hijack this page, although a great description of what hijack this detects, perpetuates
the authors misconception that it is a removal tool . It will indeed remove the entries
listed, but that does not cure the underlying problem. The problem must be properly
identified first, and cured, prior to removing the entries with HJT. Otherwise you leave the
infection, and remove the keys which are needed to identify, and remove it .
I cringe at the frequent advice to allow hijack this to fix things (especially based on the "you
do not recognize" reasoning). This removes any hope of having a professional, or another
removal tool, identify and remove the problem.
Hijack this should only be used to clean up the entries left behind, after you have properly
removed the offending program, file, trojan, worm, hijacker etc. And this usually requires
Disable System Restore:
right click MY COMPUTER / PROPERTIES / SYSTEM RESTORE / put a check in "Turn off System Restore' / APPLY / OK
Then run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/
Are you using these basic programs?aČ free
-a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.Ad-Aware
-A good program similar to SpyBot S & D.Spybot S&D
-Detects and removes spyware, of different types, from your computer.SpywareBlaster
-A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.SpywareGuard
-A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.
If not, you need to. These programs, updated
and used regularly
, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...
Download them, update
them, and then run them.Important:Please
read this tutorial
on Spybot S&D before using it. Spybot can do SERIOUS
damage, if not used properly.
Re-enable System Restore
If that doesn't help, then:
Download the latest version of HijackThis (HJT), from here
Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
, in this folder.
This is a mandatory
step, for the backup and restore functions, of HijackThis, to be able to work.
Read the pinned post in the HJT forum, here
Follow the directions, EXACTLY
! This is important!
Then, run a log, and post it in the HJT forum here
. Do not
, fix anything, yet.
A member, of the HJT Team, will help you out.Please
, be patient, these people are volunteers. They will help you out, as soon as possible.
Edited by tg1911, 22 November 2004 - 10:40 PM.