HijackReader analyse HijackThis results

HiJackThis is a sophisticated security tool that checks a computer running Windows 2000 or higher for possible signs of hijacked applications. It does check lots of different elements like startup items, Browser Helper Objects, running processes and the like and presents a log of the results at the end. This log is hard to read for beginners because it contains “good” and possible “bad” elements in it and it requires knowledge of those elements to make a distinction between elements that you have to keep and those that are indeed malicious in nature.

Most users tend to post their logs in forums so that experienced users can take a look at them and recommend actions. There are actually several forums that can be used.

If you would like fast results you could also use the software HijackReader which analyzes an HijackThis logfile and tries to make the distinction between good and bad results automatically. The HijackReader uses mainly two lists to analyze the logfile.

Those two lists are the CLSID list by Tony Klein and the Startup info list by Paul Collins. A single html file is created after the analysis has finished displaying information and recommendations about the found elements. Attributes can either be OK (no fix needed), FIX IF UNKNOWN (check for more information if you do not know the element), FIX (CHECK NOTES!) (read the description and fix the issue because it is indeed malicious) and UNDETERMINED (find out for yourself).

The HijackReader application can be of help especially if items are found that are marked as Fix (Check Notes). The user can fix those without having to wait for someone else to analyze his logfile and tell him the exact same thing. It does not help that much for elements that are undetermined or marked as fix if unknown and users will still have to get professional help or do extensive research before they can be sure if the item is malicious or not.