Importing a HijackThis log

From SpybotWiki
Jump to: navigation, search
Import dialog

HijackThis, sometimes abbreviated HJT, is a tool that lists important system startup location entries and allows to remove them. When the author, Merijn Bellekom, sold it to Trend Micro, it got into the hands of a corporation the we cannot recommend to trust, but our RunAlyzer allows to create compatible logs as well.

OpenSBI Edit Lite is able to convert selected entries from HJT logs into OpenSBI code.

Quick Steps


The import dialog will give you two tabs:

  1. The Items tab, which is the main one. It lists all HJT categories with their respective location. If you click the checkbox next to each item, code for detection for this item will be added to the preview tab.
  2. Another tab named Preview, which will give you a preview of the SBI code that will be added to the editor when you press OK.


HijackThis lists all entries in the locations it knows, not just bad ones.

It is sometimes difficult to find out the exact registry location a HijackThis entry results from; also, HijackThis logs do not contain additional file information in its default mode. OpenSBI Edit Lite adds multiple SBI code lines for these sometimes, and it is up to you too choose the proper one, and updated it with advanced parameters to make sure to avoid false positives.