Hijack This
Hijack this is an important security tool to help locate stubborn and hard to root out viruses it can be found here: http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html and will be explained in more detail below.
Once you have scanned you computer you will be confronted by a log file the top most portion of this log file contains information on programs running on the system, the version of hijack this running, and how the processes are behaving.
After this top most portion there is a body portion it is the most vital in diagnosing system problems and what the system is doing, it also reveals common places where malware hides and can modify the register to change some of this information, that is why Hijack This is so powerful and should only be learned to understand the basics of the log file but NOT TO ATTEMPT any personal attempts at clean up.
The following explains what is happening in the HiJack This log at any moment and what each line is telling you.
R0, R1, R2, R3 - Internet Explorer Start/Search pages URLls
F0, F1 - Autoloading programs
N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
O1 - Hosts file redirection
O2 - Browser Helper Objects
O3 - Internet explorer toolbars
O4 - Autoloading programs from Registry
O5 - IE Options icon not visible in Control Panel
O6 - IE Options access restricted by Administrator
O7 - Regedit access restricted by Administrator
O8 - Extra items in IE right-click menu
O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 - Winsock hijacker
O11 - Extra group in IE 'Advanced Options' window
O12 - IE plugins
O13 - IE DefaultPrefix hijack
O14 - 'Reset Web Settings' hijack
O15 - Unwanted site in Trusted Zone
O16 - ActiveX Objects (aka Downloaded Program Files)
O17 - Lop.com domain hijackers
O18 - Extra protocols and protocol hijackers
O19 - User style sheet hijack
O20 - AppInit_DLLs Registry value autorun
O21 - ShellServiceObjectDelayLoad registry key autorun
O22 - SharedTaskScheduler Registry key autorun
O23 - Windows NT Services
Once you have scanned you computer you will be confronted by a log file the top most portion of this log file contains information on programs running on the system, the version of hijack this running, and how the processes are behaving.
After this top most portion there is a body portion it is the most vital in diagnosing system problems and what the system is doing, it also reveals common places where malware hides and can modify the register to change some of this information, that is why Hijack This is so powerful and should only be learned to understand the basics of the log file but NOT TO ATTEMPT any personal attempts at clean up.
The following explains what is happening in the HiJack This log at any moment and what each line is telling you.
R0, R1, R2, R3 - Internet Explorer Start/Search pages URLls
F0, F1 - Autoloading programs
N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
O1 - Hosts file redirection
O2 - Browser Helper Objects
O3 - Internet explorer toolbars
O4 - Autoloading programs from Registry
O5 - IE Options icon not visible in Control Panel
O6 - IE Options access restricted by Administrator
O7 - Regedit access restricted by Administrator
O8 - Extra items in IE right-click menu
O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 - Winsock hijacker
O11 - Extra group in IE 'Advanced Options' window
O12 - IE plugins
O13 - IE DefaultPrefix hijack
O14 - 'Reset Web Settings' hijack
O15 - Unwanted site in Trusted Zone
O16 - ActiveX Objects (aka Downloaded Program Files)
O17 - Lop.com domain hijackers
O18 - Extra protocols and protocol hijackers
O19 - User style sheet hijack
O20 - AppInit_DLLs Registry value autorun
O21 - ShellServiceObjectDelayLoad registry key autorun
O22 - SharedTaskScheduler Registry key autorun
O23 - Windows NT Services