Removing browser hijacks, Virus's and Spyware

'Hijack this' how to.

11. HijackThis
#WARNING: While the other tools are pretty much foolproof, 'HijackThis' is not. Be careful when using it.

Close any open web browser or 'My Computer' windows. Start Hijack this (if this is the first time you've opened the program, read the warning and then click Ok to clear the box). Then click the top button in the 'New users quickstart' box: ' 'Do a system scan and save a logfile'.

Hijack this opening page

2. When the logfile opens in notepad, click Edit ---> Select All to select all of the entries found. This should highlight the text in blue. Be sure to copy the text from notepad, not from the Highjackthis page that displays the results of the system scan (shown from behind Notepad).

Copying the text from notepad

3. You can copy and paste this into a document or web form for posting to a spyware support forum. I use the forum Spware Forums
Make sure you explain the symptoms and paste the entire Hijackthis logfile into the main window.

If you receive instructions that involve using the Hijackthis Fix option, start the program and, in the 'New users quickstart' box, click the 'None of the above, just start the program' button. Click the config button on the page that displays the results of the system scan, and on the main page ensure the default selections are ticked, particularly 'Make backups before fixing items'. Then click the Back button (which is always the only active button in the bottom two boxes on the config page).

Highjackthis Fix page
«Prev 1 2 3 4 5 Next»

Most Recent Comments

16-03-2005, 02:32:33

Part 2

9. Spyware

Grab your self a copy of Spybot Search and Destroy from http://www.safer-networking.org/index.php?page=download The latest version of Spybot runs a wizard the first time you open Spybot This wizard will ask you to create a backup of your registry and ask if you want to update as well as a few other options. These are good things. Get the wizard to do them. The wizard will also ask if you want to immunise your computer I'll talk about this later. At the end of the wizard you can read the help file and a tutorial if you want to. Now that you are in Spybot click on Check for problems. Once it's finished a list of all the items it found will be displayed. To get info on an item click on it and drag the arrows in from the right hand side of the window. An information window will open behind the arrows. Just like Adaware select what you want to remove and click Fix selected problems.

Spybot and Adaware both pick up some of the same things but neither picks up everything because they are targeted at different types of programs.

10. System Restore

Now it's time to turn System restore back on. Open the System control panel. Go back into the System Restore tab and untick the box "Turn off System Restore on all devices". A new restore point will be created.

11. HijackThis


While the other tools are pretty much foolproof HijackThis is not. Be careful when using it.

It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks before deleting anything.

HijackThis is available at http://www.spywareinfo.com/~merijn/downloads.html Run it and click Scan. It will display a list of items that have the potential to redirect your browser. Not everything there is bad. Read through each item one by one to find anything suspect or out of place. If you are unsure of anything click on Save log. Then point your browser at http://hijackthis.de and give the HijackThis Log Analyser a spin. You can copy the text from the log into the textbox or browse for a log saved on your computer. Click Analyze and the analyser will give you a line by line run down on everything in the log. If you are still worried by something in the HijackThis log open the log with Notepad or similar, copy everything in the log and paste it in a new thread (within the security section) asking for help. Please do not post a HijackThis log until you have tried the previous steps. Also include a description of the problem and any errors or windows that popup. This will make things easier for people reading through your log.

There is also a fairly detailed explanation of HijackThis here


As they say prevention is better than cure. Here are a few tips to help prevent spyware, adware, viruses etc... from getting into your computer in the first place.

Change your browser

Ditch Internet Explorer and use something like Mozilla http://www.mozilla.org/products/mozilla1.x/ or Firefox http://www.mozilla.org/products/firefox/ They are more secure and come with built in popup blocking and ad blocking via a plugin called Adblock http://adblock.mozdev.org Older versions of FireFox were not recognised by some plugin installers, eg the Flash installer. If you experience problems installing plugins you may need to use Mozilla or another browser.

Change your E-mail client

Along with Internet Explorer give Outlook it's marching orders. There's a lot of viruses and the like that are written to use Outlook and/or the Windows Address Book. Try something like Thunderbird http://www.mozilla.org/products/thunderbird/ or Eudora http://www.eudora.com/

Be alert

Know what you are installing. Some programs come bundled with spyware, adware etc. eg. I'm not sure if this is still the case but the DivX codec used to come with GAIN/Gator adware. Also read any warnings that your browser displays. A program may be attempting to install it's self without your approval.

Stay up to date

http://www.windowsupdate.com Need I say more? Ok, maybe I do. If you want to save a whole chunk of downloads you can order the Security Update CD from Microsoft's website. It includes Service Pack 1 for XP as well as a number of updates released after SP1. There is also updates for Windows ME, 2000 Professional, 98SE and 98. Also on the CD is Direct X 9.0b and Windows Media Player 9. The Securtiy Update CD is free. To have a copy sent to you fill out this form on Microsoft's website http://www.microsoft.com/athome/security/protect/cd/order.mspx The Security Update CD comes with a second CD as well. On the second disc is a trial version of eTrust EZ Armor, a firewall and anti virus program. Or if you are running XP you can order Service Pack 2 on CD. Fill out this form http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx and Microsoft will send it out to you. Some people have had problems with SP2 but I recommend you install it. If possible install it on a fresh install or better yet create a new XP install CD with SP2 slipstreamed and install from that. A forum search will turn up a number of threads to help with slipstreaming. If you want to stay with Internet Explorer SP2 will also provide popup blocking and help prevent sites installing software without your consent

Block bad programs

Spybot has an option to immunize your computer. This will block spyware before it gets onto your computer. This is aimed at Internet Explorer but can still help. Open Spybot and click on Immunize. A window will come up telling you how many bad products are already blocked. Click on Ok. Use the Immunize button at the top of the window to block these products. You can also enable blocking of bad addresses in Internet Explorer. If enable this option you can choose to block pages silently, display a dialog box when the page is blocked or ask for confirmation before blocking.

Adaware has an "Ad-watch" program which can intercept bad programs before they make it onto your computer but you need a licensed version of Adaware.

SpywareBlaster is another product aimed at preventing spyware from installing it's self. I haven't used this program myself so I can't offer any more info. The website is here http://www.javacoolsoftware.com/spywareblaster.html

Another product that works similar to Adaware and Spybot is Pestpatrol. It can scan for and remove spyware, adware and other similar programs. You can download an evaluation copy from the website http://www.pestpatrol.com/Products/PestPatrolHE/ To obtain the full copy, including a years worth of updates, you must purchase it. I haven't used this program so I can't say if it's worth the $US39.95. Pestpatrol also offer an online scan for spyware, adware, etc called PestScan. Find it here http://www.pestscan.com/

Increase security with a firewall

A firewall of some description can be very useful. Especially if you have a permanent connection to the net. A properly configured firewall will prevent unauthorised access to your machine/network while allowing you to browse to your heart's content. There are a few different options available.

A hardware firewall.

You can find these inside routers, broadband modems and similar devices. They tend to be plug and play but can be configured if needed.

A firewall on a separate computer.

This is more for protecting a network. The computers on network would get their net access through a single server with a connection to the outside world. A connection sharer of some sort. There are a couple of different paths you could go down here. Some examples are a dedicated firewall/connection sharing computer. One popular setup for this is Smoothwall, http://www.smoothwall.org/ Smoothwall is based on Linux and can be configured across the network. A similar approach would be Windows 2000/XP with Internet Connection Sharing. Not everyone's kettle of fish but still a possibility. A firewall for the DIYers would be more along the lines of a Linux box with connections to both your network and the internet. The DIYer would write up a set of rules using something like iptables, http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html , that would specify what data is allowed in and out. A different option for DIY firewalls is Network Address Translation or NAT. NAT covers connection sharing and firewalls in one. NAT can be easy to set up and just works. A good page for info on setting up NAT can be found at http://netfilter.org/

A firewall on your own computer.

Probably the easiest to keep an eye on this would consist of a program you have installed and have running in the background. A popular firewall for this sort of use is Zone Alarm. A free download is available at http://www.zonelabs.com/ There is also a Zone Alarm Pro which is more configurable and includes "Powerful Identity & Privacy Protections". A 15 day trial download is available, if you want to use it after that you'll need $US39.95. Windows XP has a built in firewall but it isn't very good to say the least. Currently it is best to use a seperate program. Part of Service Pack 2 is a greatly improved firewall.

Regular virus scans

If you do nothing else regular virus scans are a must. Your antivirus software should be able to schedule scans so you don't have to remember to run them.

Speaking of software Microsoft is working on an anti-spyware program called Windows Antispyware. It's based on Giant Software's Antispyware and at the moment is still in beta. Early reviews are coming out very favourably for Windows Antispyware and not just for the amount of spyware detected but also for it's look and ease of use. One drawback though is that it will require a subscription fee while other products like Spybot and Adaware are still completely free. If you want to download the beta and check it out it can be found at http://www.microsoft.com/athome/security/spyware/software/default.mspx


Do not use Spyware Eliminator from Aluria Software. Aluria has partnered with spyware company WhenU and removed WhenU's spyware from their spyware definitions. As a result Aluria's products, including Spyware Eliminator, regard WhenU's spyware as safe and will NOT remove it. More info can be found on Slashdot http://yro.slashdot.org/yro/04/11/02/2032247.shtml?tid=158&tid=98&tid=172&tid=185

Cheers PVQuote

16-03-2005, 04:26:37

Yet another great guide. Reps coming your way Quote

16-03-2005, 04:30:16

Thanks XMS, I had to cull it a little. But still plenty of info for peeps


16-03-2005, 05:43:41

XMS, PV said you don't have to rep him.. So you could just give the reps to me? Quote

16-03-2005, 06:30:31

LOL...Do one of those guides and i'll give you some juicy reps

I enjoy embarrasing PV tho Quote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.