One of the questions that I answer the most on the forums that I visit is how to read your HijackThis log. It is actually fairly simple once you know what to look for. A good idea before going through it is to already have a virus and adware / spyware scan done that way it’s already slightly pre-cleaned for you.
Get into HijackThis, and click scan. A good log should look something like this. Now this is actually a fairly bloated log, but it is off of a clean machine. The best, easiest way to tell if something is good is to just look and see if you recognize it. You’ll notice that many of the entries in there mention Google. Well, this makes perfect sense since the Google Toolbar just so happens to be installed on the machine I used to generate that log. This is a much cleaner log to look at. It’ll give you a pretty good idea of what is going to be there almost always.
HijackThis sorts through the registry and displays common ways that spyware loads on your system. Anything labeled O4 is in your system startup. O3 is the toolbar category, and O2 is the BHO (Browser Help Object) category. This is the one you want to watch out for. A common mistake is to edit the Windows startup and call it good. While this will prevent the offending items from loading when Windows does, they will launch immediately when Internet Explorer is run. Make sure to scrutinize everything in the BHO section very carefully. If you suspect it, then remove it. You can always get the plug-in back if it turns out it’s something you like.
Watch out for the search pages as well. (R0, and R1) When you have a hijacker on your system your homepage will change to whatever that program wants it set to. Even if you clean the hijacker itself, if you leave the home, search, and about:blank pages pointing toward a spyware page you will likely become re-infected. Many use vulnerabilities to infect your system. There’s no prompt for you to install or anything.
The best way to become proficient in reading them is just to work with them often. Almost all look different, which is why I can’t give you a definitive list of what will be in there, but you will notice patterns in both the healthy and infected ones that you run across. After a bit you’ll get a “feel” for it.
Happy hunting.
You must be logged in to post a comment Login