Difference between revisions of "Importing a HijackThis log"
Revision as of 17:45, 27 May 2008
HijackThis, sometimes abbreviated HJT, is a tool that lists important system startup location entries and allows to remove them. When the author, Merijn Bellekom, sold it to Trend Micro, it got into the hands of a corporation the we cannot recommend to trust, but our RunAlyzer allows to create compatible logs as well.
- Run OpenSBI Edit Lite.
- Start a new file (menu File: New).
- Open the import dialog (menu File: Import: Import HijackThis logs).
- Select one or more log files as created by HijackThis or RunAlyzer.
- Make your choice of changes to detect by selecting the checkboxes next to them.
- Finish by pressing the OK button.
- Add useful descriptions for files (see description templates).
- Update the advanced file parameters where required (see the tutorial Choosing advanced file parameters).
The import dialog will give you two tabs:
- The Items tab, which is the main one. It lists all HJT categories with their respective location. If you click the checkbox next to each item, code for detection for this item will be added to the preview tab.
- Another tab named Preview, which will give you a preview of the SBI code that will be added to the editor when you press OK.
HijackThis lists all entries in the locations it knows, not just bad ones.
It is sometimes difficult to find out the exact registry location a HijackThis entry results from; also, HijackThis logs do not contain additional file information in its default mode. OpenSBI Edit Lite adds multiple SBI code lines for these sometimes, and it is up to you too choose the proper one, and updated it with advanced parameters to make sure to avoid false positives.