Arcade File Downloads Support Forum
Email
Confirm email
Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis Users Guide
NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

7.) Once we've told you which ones to remove you will want to make sure that a backup is being created for everything that is cleaned up. Click on the Config box. This next image is what you'll see:

Double check to make sure that the "Make backups before fixing items" box is checked. If it is then you can delete anything that we suggest you delete. We always want you to be able to restore something in case there are any slip ups.

8.) Where that config box was before it now says back. Click on this to get back to the scan page. You will see check boxes next to each and every item that it found. Go through the list and check anything that you'd like to remove. When you're done click on the Fix checked box. A box will pop up that will force you to confirm that you'd really like to delete some items. It looks something like this:

You're system is now cleaned up! You will now want to reboot and see if the problem still exists. If it does then please post another log because we missed something or there's something much harder to remove. If your system is acting right now all is good!

Here is a list of what the various items mean. I will be expanding on these and giving examples as I find the time.

The different sections of hijacking possibilities have been separated into these groups:
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key

You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.

Printer Friendly

Article Index:
Talk About it! -->
Copyright 2003-2009 I Am Not A Geek Inc.