HijackThis tool to Manually Remove Malware
HijackThis scans the computer’s running processes, extensions and add-ons in the browser, installed Windows services, home and search pages and many other critical areas in Windows. The HijackThis download is located on the Trend Micro website. The scan will display a comprehensive report on critical areas where malware, spyware, viruses, Trojans, adware or worms usually add ithemselves. Advanced-users can take advantage of HijackThis for removing persistent malicious software and spyware as part of their manual removal process when cleaning-up a computer.
How to Use HijackThis tool to Remove Malware
You must only use the HijackThis tool to manually remove spyware or other types of malware if you know the location or you’ve identified the threat. Some malware will add a service and startup item in Windows and also prevent antivirus program from running a scan.
The example below is me manually removing Security Tool, a rogue program, using HijackThis. Any variants of the Security Tool program will add a startup item in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce registry key. The executable is located in C:\Documents and Settings\All Users\Application Data folder or C:\Documents and Settings\(YOURUSERNAME)\Local Settings\Application Data folder.
In the above image, HijackThis presented the startup registry key of the Security Tool program. Fixing the item will prevent Security Tool from automatically running in Windows and displaying fake warnings. From there, you can proceed to deleting the executable and the shortcut:
When you run a scan using an anti-virus or anti-malware program, it should not find any Security Tool infection unless the Trojan downloader or other infection is on the hard-drive. Note that Security Tool is often installed by a Trojan downloader.
Services of Malware in Windows and HijackThis
HijackThis lets you delete Windows services added by spyware or malware. You can also use HijackThis to delete services that were left behind by legitimate software.
An example is when I used the AVG Remover utility to remove AVG Internet Security. I forgot that I also installed the optional AVG Security Toolbar. Using the AVG Remover utility did not remove the AVG Security Toolbar. I simply used HijackThis to remove the toolbar service added by AVG Security toolbar and it was almost instantly gone! Note that you need to stop a particular Windows service using the Services console in Windows, if the service is actively running in the background. If it is not running anymore, HijackThis can remove it successfully.
Some malware may add itself as a service in Windows, so if you are manually removing malware and HijackThis displayed it in the scan report, fix that too.
Never use the HijackThis program or a similar program in other security suites if you are not familiar with running processes or services in Windows. Using the HijackThis tool without proper guidance or background in using the program can just result in more problems. Remember that the HijackThis tool is not an anti-virus or anti-malware program that will identify the good and bad files, but all types of malware that it can detect are presented. Deleting a legitimate and critical entry in the HijackThis scan window may cause trouble, so be very careful when using it. Finally, use an anti-virus program to scan the computer after manually removing persistent spyware or rogue programs.
Programs that include similar program like HijackThis are EmsiSoft Anti-Malware’s HijackFree, and in the not recommended Iobit Advanced SystemCare. WinPatrol provides Hijack Log it’s only a report that you can use as reference or records.