Thursday, May 28, 2009

Editing Hijack This Log

HijackThis lists the contents of key areas of the Registry and hard drive areas that are used by both legitimate programmers, hijackers and various other spyware and malware developers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. so false positives are imminent, and unless you're sure about what you're doing or altering you always should consult with knowledgeable folks before deleting anything. The key to start editing the log is as following...

* R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
* F0, F1 - Autoloading programs
* N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
* O1 - Hosts file redirection
* O2 - Browser Helper Objects
* O3 - Internet Explorer toolbars
* O4 - Autoloading programs from Registry
* O5 - IE Options icon not visible in Control Panel
* O6 - IE Options access restricted by Administrator
* O7 - Regedit access restricted by Administrator
* O8 - Extra items in IE right-click menu
* O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
* O10 - Winsock hijacker
* O11 - Extra group in IE 'Advanced Options' window
* O12 - IE plugins
* O13 - IE DefaultPrefix hijack
* O14 - 'Reset Web Settings' hijack
* O15 - Unwanted site in Trusted Zone
* O16 - ActiveX Objects (aka Downloaded Program Files)
* O17 - Lop.com domain hijackers
* O18 - Extra protocols and protocol hijackers
* O19 - User style sheet hijack
* O20 - AppInit_DLLs Registry value autorun
* O21 - ShellServiceObjectDelayLoad
* O22 - SharedTaskScheduler
* O23 - Windows NT Services.

But this is just a intro on what is what in the hijack log since there is an entry in some of the above area it does not mean its a spyware or malware entry you have to judge by its location and file name else deleting necessary system entry will cripple your system. visit http://www.aumha.org/a/hjttutor.php to know more and its an wonderful tutorial which has covered almost all necessary entries to check for but dont expect to understand the whole in one go take your time.

1 comment:

thathu said...

thanks i will see that site da it gave a little idea on how hijakers use

 
Website Design Sydney
Website Design Sydney