Use HiJackThis

Removing adware can be a tricky business, and oftentimes little remnants are left behind, even after running powerful anti-adware software. HiJackThis is designed to examine your computer for lingering hijackers, allowing you to easily remove them. You can also perform a variety of maintenance tasks, such as terminating processes, viewing your startup list, and cleaning your program manager.

Steps

Scanning For Hijackers

1. Download and install HiJackThis. HiJackThis is a free tool that is available from a variety of download sites. To avoid downloading adware along with HiJackThis, try to download from a trusted site such as BleepingComputer or SourceForge. Once you've downloaded it, run the setup file to install HiJackThis.
2. Start HiJackThis. When you first run HiJackThis, you will be greeted by a menu. You can ignore all of these options for now, and click the button at the bottom to proceed to the main program window. Check the "Do not show this window..." box to prevent the menu from showing up in the future.
3. Ensure the configuration is correct. HiJackThis should be correctly configured by default, but it's always good to check to be on the safe side. Click Config... and ensure that the following boxes are checked in the Main section:
   • Make backups before fixing items
   • Confirm fixing & ignoring of items (safe mode)
   • Ignore non-standard but safe domains in IE (e.g. msn.com, microsoft.com)
   • Include list of running process in log files.
   • Click Back after confirming these are checked.
4. Run a scan. On the main HiJackThis screen, click the Scan button to begin scanning your system, Scanning should only take a few moments. When the scan is complete, a list of all the programs and services that trigger HiJackThis will be displayed.
   • Just because something is listed does NOT mean that it is a bad item. In most cases, the majority of the items on the list will come from programs that you installed and want to keep.
5. Save your list. If you are working with a technical support professional or are posting on a technical support forum, it can helpful to have the log to give to the people helping you. Click Save log, and then select a location to save the log file. Pick somewhere you'll remember.
6. Get detailed information on an item. If you want more details on what an item does or how it functions, select it from the list and click Info on selected item.... This will open a new window with a description of the item.
   • The window will display some basic information about how to deal with the item if it is infected, but this does not apply to every item on the list.
7. Select items to fix. After examining the list, check any items that you are absolutely sure are infected or malicious. After checking all the items you want to remove, click Fix checked. A backup will be made and the item(s) will be removed.^[1]

Restoring Fixed Items

1. Open the Config menu. If you accidentally removed an item from the list that you actually want or need, you can restore it as long as backups were left enabled. You can open the Config menu by clicking Config....
2. Open the Backups section. Click Backups at the top of the window to open it. You will see a list of available backups.
3. Select the items to restore. Check the box next to each entry that you want to restore to your system.
4. Restore the selected items. Click Restore after selecting all of the items you want to restore. They will appear again in your next scan.
5. Delete backups you don't need. If you're sure you're not going to need a backup anymore, check it and click Delete. Be careful when doing this, as there is no way to restore the item once its backup has been deleted.

Seeing Your Startup List

1. Open the Config menu. If you want to see a list of all the programs that are starting with your computer, you can quickly generate one in HiJackThis. It will be displayed as a text file, making it easy to copy and paste on a tech help forum or email. Click Config... to open the menu.
2. Open the Misc Tools section. Click Misc Tools at the top of the window to open it. You will see a list of tools built-in to HiJackThis.
3. Create a Startup log. Generate a list of your Startup items by clicking Generate StartupList log. A window will appear outlining the process, and you will be asked if you want to continue. Click Yes.
   • When Notepad opens, you may be notified that the file does not exist. Confirm that you want to create a new file.
4. Save the log. After the log opens, save the file so that you can access it later. Make sure you save it somewhere that you can remember such as your Documents folder or on your desktop.

Using the Process Manager

1. Open the Config menu. HiJackThis includes a process manager tool that acts like an enhanced version of the Windows Task manager. This will let you terminate offending programs without having to open a new window. You can open the Config menu by clicking Config....
2. Open the Misc Tools section. Click Misc Tools at the top of the window to open it. You will see a list of tools built-in to HiJackThis.
3. Open the process manager. Click Open process manager in the "System tools" section. The window will change, and you will see a list of all the processes currently running on your system.
4. Find the processes you want to end. Determine if any of the processes listed are suspicious or infected by checking where they are installed and what they are running. Select the process you want to end by clicking it. If you want to select multiple processes, hold the Ctrl key while clicking each process.
   • This list does not update automatically. If you want to end a process that has started after the list was loaded, click Refresh to update the list.
5. End the process. Once you've selected the processes you would like to end, click Kill process. The process will be forced to close.

Cleaning Up Your Programs Manager

1. Open the Config menu. If you've removed a bunch of adware from your system, chances are there are programs in your "Add/Remove Programs" or "Programs and Features" list that don't exist anymore. This can lead to a cluttered list of programs. HiJackThis contains a tool that allows you to remove these nonexistent programs. You can open the Config menu by clicking Config....
2. Open the Misc Tools section. Click Misc Tools at the top of the window to open it. You will see a list of tools built-in to HiJackThis.
3. Open the Uninstall Manager. Click Open Uninstall Manager... in the "System tools" section. This will open a list of all the programs currently displayed when you go to uninstall a program in the Control Panel.
4. Select the item you want to remove. Select the program that you have removed through other methods. Unlike the process manager, you can only select one program at a time. The details of the program are displayed when you select it.
5. Remove the entry. Click Delete this entry if you're sure you want to remove it. Make sure to try Remove-Programs-(Windows-7) first.

Video

Template:Video:Use HiJackThis

Related Articles

• Avoid Getting a Computer Virus or Worm
• Remove a Boot Sector Virus
• Prevent Viruses, Spyware, and Adware with Avast and CounterSpy
• Secure Your PC
• Remove a Virus and Repair Windows XP for Free

Sources and Citations