Quickly for those who don’t know what HijackThis is, it is a utility that scans practically every area that relates to a critical area (one in which malware flourishes) within Windows. HijackThis displays all of the files located in these areas whether malicious or not for analysis. HijackTHis 2.0.2 is crucial because even with free antivirus protection, virus traces could still be left over, viruses could still be starting up automatically, and a internet explorer or Firefox BHO (browser helper object) could be active and potentially re downloading viruses etc. etc. The list honestly goes on and on and keeps getting worse because viruses are increasingly more sophisticated.
The problem with HijackThis 2.0.2 is a user almost needs to have an expert analyze the log file because it can be difficult to distinguish a virus from a legitimate file . Thankfully, there are a few tools to help users make these decisions. The first is the “Send Log to TrendMicro” option. This will give a user the ability to upload their HijackThis Log to one of the many computer help forums including Bleeping Computer, Major Geeks, and Dell Community etc. (almost 30 different forums in all). Once one’s hijackThis 2.0.2 log is uploaded, a user can gain exposure to hundreds or even thousands of experts. These experts can post a solution to most users problems.
However, my preferred method of identifying unknown files and processes, and the premise of this how to guide, is to simply Google it. My personal method is to first ignore anything that is has a Microsoft Owner or Microsoft Component. Next, I like to focus on files that are located in the Windows/System 32 folder. I then check to see if there is an owner for the file. If there is an owner I will simply Google the owner and if there is an unknown owner, I will Google the corresponding .exe file. For example, the FBAgent.exe has an Unknown Owner so I will simply Google “FBAgent.exe”. The first result from SystemLookup.com states that FBAgent.exe is Asus FastBootAgent and since I have an ASUS laptop I can safely assume that this file is trusted. I didn’t even have to click on the link as everything I needed was located in the results.
The next thing I look for are any ip addresses because it could be a malicious remote site . In my results there is the IP address 10.10.32.1 (10.10.xxx.xxx are local ips) which is a local ip address so it can be considered safe. Another common local IP address starts with 192.168.xxx.xxx (the x’s can be any combination of numbers). Local IP address can be safely ignored but anything that strays outside of these combinations should probably be deleted. In addition, analyze and Google anything with a Run, BHO, Winsock, and Service. Make sure to also pay extra attention to anything with an unknown owner.
HijackThis also includes a myriad of advanced system tools to augment any antivirus protection. The process manager will display all active processes including the .dll that are loaded for each process. If you have a persistent virus problem make sure to investigate all unknown .dll files in Google.
The next, tool is the host file manager. The host file is often the place where viruses can modify and prevent a user from accessing the sites they actually want. For example, a malicious entry could redirect a user from www.google.com to another a malicious or virus site.
Next is the delete a file on reboot and the delete an NT service. Often services and active process are locked and cannot be deleted in a normal windows environment. HijackThis 2.0.2 will allow safe deletion of locked files (sometimes viruses) upon reboot. Finally HijackThis includes an uninstall manager. The manager will allow users to delete old uninstall entries and uninstall programs that may not show up in the programs and features or add/remove programs areas.
- Download HijackThis Freeware here
