(this is alpha-version - major changes are in progress; although it is definitely safe to use)
HiJackThis+ (Plus) (previously called: HiJackThis Fork v3) is a fork and a continuation of the original Trend Micro HiJackThis by Merijn Bellekom development, once a well-known tool.
At the moment, it is a step-by-step 100% rewritten source code of the original engine, aimed to provide a full compatiblity with the most recent Windows OS and a balance beetween compiling very fast results in logfile and combatting with the most popular malware, inluding the one not known to other antiviruses.
It is made by Alex Dragokas - a lawyer, security observer and malware researcher.
HiJackThis+ is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. Shortly, consider it like Sysinternals Autoruns.
The difference from classical antiviruses is the ability to function without constant database updates, because HiJackThis+ primarily detects hijacking methods rather than comparing items against a pre-built database (signatures). This allows it to detect new or previously unknown malware - but it also makes no distinction between safe and unsafe items. Users are expected to research all scanned items manually, and only remove items from their PC when absolutely appropriate.
Therefore, FALSE POSITIVES ARE LIKELY. If you are ever unsure, you should consult with a knowledgeable expert BEFORE deleting anything.
HiJackThis+ is not a replacement of a classical antivirus. It doesn't provide a real-time protection, because it is a passive scanner only. Consider it as an addition. However, you can use it in form of boot-up automatical scanner in the following way:
- Run the scanning by clicking "Do a system scan only"
- Add all items in the ignore-list
- Set up boot-up scan in menu "File" - "Settings" - "Add HiJackThis to startup"
- Next time when user logged in, HiJackThis will silently scan your OS and display UI if only new records in your system were found.
- Please, refer to the List of tutorials
- Lists non-default settings in the registry, hard drive and memory related to autostart
- Generates organized, easily readable reports
- Does not use a database of specific malware, adware, etc
- Detects potential methods used by hijackers
- Can be configured to automatically scan at system boot up
- Short logs
- Fast scans
- Not necessarily to create fixing scripts manually
- No need for internet access or recurring database updates
- Already familiar to many people
- Portable
- Detects several new hijacking methods
- Fully supports new versions of OS Windows
- New and updated supplementary tools
- Improved interface, security and backups
HiJackThis+ also comes with several modules useful for specific analysis and removing malware from a computer:
- StartupList 2 (*new*)
- Process Manager
- Uninstall Manager
- Hosts File Manager
- Alternative Data Spy
- Services Removing Tool
- Batch Digital Signature Checker (*new*)
- Registry Key Type Analyzer (*new*)
- Registry Key Unlocker (*new*)
- Files DACL Unlocker (*new*)
- Check Browsers' LNK & ClearLNK (as downloadable components) (*new*)
IMPORTANT: HiJackThis+ does not make value-based calls on what is considered good or bad. You must exercise caution when using this tool. Avoid making changes to your computer settings without thoroughly studying the consequences of each change.
If you are not already an expert, we recommend submitting your case to an online help forum. Here are some suggestions:
- English: Our GitHub ; GeeksToGo ; BleepingComputer
- Russian: SafeZone ; CyberForum ; OSZone ; SoftBoard ; THG ; VirusInfo ; KasperskyClub
Note: currently, only VIRUSNET association can provide direct analysis of HiJackThis+ logs in our github 'Issues' section. Please feel free to ask help there (English/Russian only).
- Actual short User's manual (in English)
- Actual complete User's manual (in Russian)
- Recent updates by the author (in Russian)
- Additional instructions on Wiki-pages
- Discussion and news are in this topic (in Russian) or at BleepingComputer (in English; access restricted to experts only) or on our GitHub page (for everybody).
- You can also freely ask questions, report bugs, or propose improvements by creating an issue on GitHub
- Microsoft™ Windows™ 11 / 10 / 8.1 / 8 / 7 / Vista / XP (32/64-bit desktop and server)
- WinRE & LiveCD are NOT supported
- Alex Dragokas { @dragokas } - author of fork (major v3 and all post-v2.0.6 updates), refactoring, additions, tools integration
- Merijn Bellekom { @mrbellek } - original author, author of the new StartupList v2 and ADS Spy
- Trend Micro { @trendmicro } - owner of the original version (2.0.5)
- regist (VIRUSNET) { @regist } - for the valuable tips and ideas, user's manual, database updates, closed and beta-testing
- Sandor (VIRUSNET) { @Sandor-Helper } - for the beta-testing, lot of reports, PC treatment on GitHub and forums of association
- akok (VIRUSNET) { @akokSZ } - for product promotion, providing a platform for tests and discussion, help with resolving conflicts with antiviruses
- SafeZone.cc team (general VIRUSNET community) - for promotion and support, feedback and bug reports, PC treatment on forums of association
- Fernando Mercês { @merces } (Trend Micro) - coordinator of original HJT, for the tips, suggestions and promotion
- Loucif Kharouni { @loucifkharouni } (Trend Micro) - coordinator of original HJT, for the tips & suggestions
HiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on v.2.0.6 branch and 100% rewritten at the moment. HiJackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository. HiJackThis+ is distributed under the initial GPLv2 license. It also includes several tools and plugins available as freeware.
(clickable)
Note: These mirrors belong to other companies. They are non-official.
- Wikipedia (EN)
- Wikipedia (RU)
- LabRats - Intro to HijackThis (Video)
- Please, report more links if you know :)
You may also find my other programs useful:
- Check Browsers' LNK & ClearLNK to cure shortcuts
- Different tools at SafeZone repository.
- My articles, tutorials and research (in Russian)
