HiJack This

Posted by: Kaki's Sister

HiJack This - 03/27/13 07:33 AM

I have a question. What exactly does HiJackThis do? Is it an antivrus protection? Where can you get it online and how much is it?
My daughter got a bad Trojan and after reformating her computer and getting rid of it with malwarebytes it keeps trying to reinstall (malwarebytes pops up and tells her it has blocked it.)
Posted by: mj2c

Re: HiJack This - 03/27/13 09:07 AM

HiJackThis scans your registry for what may or may not be a problem. What it doesn't do is tell you is that you have a problem - it gives you a readout that let's you decide and as such is for more experienced users. It does, or did have a website where you can post those readouts for experts to advise you. So no it's not an anti-virus in the sense that Avast or Avira are. As for the cost it's free.

It lives here -

Posted by: Draclvr

Re: HiJack This - 03/27/13 09:13 AM

HiJack This is a very powerful program which should not be used by just anyone. It's very effective, but you really, really have to know what you are doing.

It sounds like your trojan has infected the MBR or master boot record and is respawning upon reboot. I have used a utility from Kasperspy that has gotten rid of a couple of them. It's called TDSSKiller. See if that or anything else on their page might help. I see they now have some new tools for the Ransomware that is rampant right now.

Virus Removal Tools, Kaspersky Lab

If you would like guidance on getting rid of this trojan, you can also go to websites like Bleeping Computer and Smartest Computing. They have people there who will work with you on getting rid of your problem. Broni at Smartest Computing has helped me several times.
Posted by: Jenny100

Re: HiJack This - 03/27/13 09:23 AM

HijackThis! is a tool that scans your computer and provides information about what's installed, as well as the ability to remove things. People who know a lot about removing malware can use it to diagnose whether or not you have malware and the best way to get rid of it. For example, you might run HijackThis! and post the results at the Bleeping Computer forum so the experts there can analyze the results. Then they might tell you to use HijackThis! to remove something which is malware or they might suggest some other tool.

HijackThis! is not an antivirus or anti-malware.
Most computer users shouldn't attempt to remove files with it without instructions because it is easy to remove things you never heard of that are actually part of Windows.

My daughter got a bad Trojan and after reformating her computer and getting rid of it with malwarebytes it keeps trying to reinstall (malwarebytes pops up and tells her it has blocked it.)

I'm not sure how she could still have the Trojan unless she used an infected backup or is visiting a website that is infected. If she saved any files before formatting, those files might be infected. There is the possibility of a firmware virus, but those are rare. As Draclvr said, it could be a boot virus. There is also the possibility of a false alarm, but I wouldn't count on it.

Virus can hide in several files on a computer and then lay dormant until they think it's "safe" for them to reinstall. You can remove 90% of the virus files, but if you miss one, it has the capability to reinfect everything. This can be time-dependent (e.g. - try to reinfect every 2 hours) or it can be dependent on the user's actions (e.g. - every time the user uses a certain program, the virus attempts to re-infect -- or every time the user visits a certain website, the virus attempts to re-infect -- or every time the computer is rebooted the virus attempts to reinfect, etc.).


I suggest she go to http://www.bleepingcomputer.com/forums/
and ask what to do. There are experts there who can best tell her how to get rid of a stubborn infection. Check their instructions page at
***Am I Infected? What do I do? How do I get help? Who is helping me?***

They have so many people asking for help that they have a specific procedure they want you to follow to streamline things. Their instructions page should tell her how to submit her problem.
Posted by: Homer6

Re: HiJack This - 03/28/13 12:56 AM

Avast! has a scan selection that specifically scans the computer during boot up. It will also suggest a boot scan be preformed if it finds something during a normal scan it thinks affects the computer during boot up.

Boot Scan can be selected, then the computer can be rebooted and the scan will proceed. Or it can be scheduled and the next time the computer is started the scan will take place.
Posted by: Kaki's Sister

Re: HiJack This - 03/28/13 06:21 AM

Thank you mj2c, Draclvr, Jenny100, and Homer6. I will forward all this information to my daughter. This is what happened to her yesterday when she was online at work (she works from home on the computer). Twice she got a popup from malwarebytes that the Trojan tried to install and it stopped it.
Again thank you all so much. Your help is always appreciated.
Posted by: Draclvr

Re: HiJack This - 03/28/13 10:20 AM

And good for Malwarebytes!! If Malwarebytes asks what she want to do, just tell her to quarantine it. My mom who lives 600 miles away called me with a trojan that tried to install which Malwarebytes caught. Malwarebytes offered an option to quarantine it and it never tried to install again.
Posted by: Kaki's Sister

Re: HiJack This - 03/29/13 06:03 AM

Thanks Draclvr. I will forward the info to her.