HijackThis: A Tutorial For New Users

Popular virus/spyware removal programs such as Norton AntiVirus or Ad-Aware, while useful, are not enough to keep a computer free of malicious software. The reason is that they usually only detect viruses and spyware that have already been discovered by the technicians employed by the software vendors. Unfortunately, the good guys are outnumbered and they cannot possibly identify the many new virus and spyware programs that appear every day.

HijackThis is a free software tool that can help an end-user or technician manually clean the viruses and spyware that other tools miss. HijackThis doesn't use a database of known viruses, but simply presents a list of the software present on your computer that employs virus-like behavior. This list will contain both good and bad software. The user then determines which items are unwanted and removes them. Since many necessary programs appear in the “hijack list”, the help of a technician is normally required to use HijackThis effectively.

Here's a step-by-step guide that will show you how to use HijackThis:

1. Download HijackThis

HijackThis can be downloaded from www.merijn.org, the official web site. Save the downloaded file to the Desktop or some other place where you can find it. Once the download is complete, you'll need to extract the contents of the ZIP file. In windows XP, you can do this by RIGHT-clicking the downloaded file and clicking on "Extract all...".

2. Launch HijackThis

To launch HijackThis, open the folder to which you've extracted the zip file and double-click on the HijackThis icon. The first time you do this, you'll see a "quickstart" screen with several choices. For the purposes of this tutorial, it will be easier to bypass this screen entirely. Therefore, place a check beside "Don't show this frame again when I start HijackThis", and then click "None of the above, just start the program".

3. Scan for and remove illegitemate software

When the main program appears, click the Scan button to generate a list of items for removal. In order to see the items better, you may have to resize or maximize the window. Place check marks in the boxes beside unwanted items, and then click “Fix Checked” to remove them. Do NOT remove all of the items. Many of them may be important programs that are needed for your computer to operate properly. This is where you'll need the help of a technician or savvy computer user to determine which items to keep and which to remove. If you don't know such a person, you can do a Google search on individual items to learn which are legitimate and which are not.

After HijackThis completes a scan, you'll notice a "Save log" button appear. This lets you save the list of items to a file, and is useful if you wish to send it by email to a technician or post it in an online forum for evaluation.

At times you'll find that certain items listed in HijackThis reappear after you remove them. This is because some malicious software is designed to "self-heal" in order to make it more difficult to remove. When this happens, the first thing you'll want to try is to remove the items while Windows is running in safe mode. To start Windows in safe mode, tap the F8 key repeatedly just after you power up the computer, before the Windows logo appears. If your timing is good, you will see a startup menu of several options. Use the arrow keys on your keyboard to select “Safe Mode”, and then press ENTER. Once you remove the bad items using HijackThis, simply restart your computer to return to normal mode.

Eldon Martin