You are here

[Released] HiJackThis Portable 2.0.4 Development Test 3

20 posts / 0 new
Last post
scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
[Released] HiJackThis Portable 2.0.4 Development Test 3

Application: HiJackThis
Category: Security
Description:

HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.

Advanced users can use HijackThis to remove unwanted settings or files.

Download HiJackThis Portable 2.0.4 Development Test 3 [704KB download / 669KB installed]
(MD5: 0ee6e5341a41d6f1c7fd4907d4518ada)

Release Notes:
2.0.4 Development Test 3 (2012-03-07)

  • Fixed empty registry key not being removed properly

2.0.4 Development Test 2 (2012-03-03)

  • Fixed registry keys not being backed up properly

2.0.4 Development Test 1 (2012-02-20): Initial release

bill_gagliardi
bill_gagliardi's picture
Offline
Last seen: 8 months 1 week ago
Joined: 2008-11-05 22:44
looks good

Tested it out briefly on my WinXP SP3 system. Worked like a charm. Will be giving it a good workout tomorrow on a sick system...

Bill G.
Frozen St. Paul, MN
land of the frozen mosquito

depp.jones
Online
Last seen: 43 min 39 sec ago
DeveloperTranslator
Joined: 2010-06-05 17:19
Nice!

Another external app to be kicked out of the list. The startup time of my toolbox drive is decreased again. Wink
Works like a charm. I just found the added functionality in the options box and realized how long ago I last had to use it seriously (right before trendmicro took over I think).

dwebb5
Offline
Last seen: 1 month 2 weeks ago
Joined: 2009-01-06 01:04
Oh yeah!

This should be handy.
I have only had to use this twice, when NOTHING else worked!
Thanks for making it portable. I'll check it out.

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
Did a quick testing on a VM

Did a quick testing on a VM with w7x64 and it seems to be saving the settings in:
HKLM\SOFTWARE\TrendMicro\HijackThis

scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
Yes.

The launcher should be properly backing this key up. Is it not for you?

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
Nope Here's the relevant

Nope Sad
Here's the relevant stuff it is living behind (after changing a couple of options and doing a quick scan before closing the program):

----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\TrendMicro
HKLM\SOFTWARE\TrendMicro\HijackThis

----------------------------------
Values added:13
----------------------------------
HKLM\SOFTWARE\TrendMicro\HijackThis\IgnoreNum: "0"
HKLM\SOFTWARE\TrendMicro\HijackThis\AutoSelect: "0"
HKLM\SOFTWARE\TrendMicro\HijackThis\Confirm: "1"
HKLM\SOFTWARE\TrendMicro\HijackThis\MakeBackup: "1"
HKLM\SOFTWARE\TrendMicro\HijackThis\IgnoreSafe: "1"
HKLM\SOFTWARE\TrendMicro\HijackThis\LogProcesses: "1"
HKLM\SOFTWARE\TrendMicro\HijackThis\ShowIntroFrame: "1"
HKLM\SOFTWARE\TrendMicro\HijackThis\DefStartPage: "http://www.msn.com/"
HKLM\SOFTWARE\TrendMicro\HijackThis\DefSearchPage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKLM\SOFTWARE\TrendMicro\HijackThis\DefSearchAss: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKLM\SOFTWARE\TrendMicro\HijackThis\DefSearchCust: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
HKLM\SOFTWARE\TrendMicro\HijackThis\WinHeight: "8000"
HKLM\SOFTWARE\TrendMicro\HijackThis\WinWidth: "9000"
vf2nsr
vf2nsr's picture
Offline
Last seen: 8 years 2 months ago
Developer
Joined: 2010-02-13 17:10
FYI

While program is running this would be normal. You need to close the program and then run the regshot. As the launcher cleans up those after closing the program

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
I know how to test an app

I know how to test an app with regshot Blum
Does it clean everything for you?

vf2nsr
vf2nsr's picture
Offline
Last seen: 8 years 2 months ago
Developer
Joined: 2010-02-13 17:10
My Appologies

I saw you say you did the regshot without closing the program yet so assumed that the keys were still there because the program was still running and had not had a chance to "cleanup". No offense was meant

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
all good

all good
Yeah I guess that could have been misinterpreted. But yea, I took the regshot after closing the program Smile

Ken Herbert
Ken Herbert's picture
Offline
Last seen: 7 hours 47 sec ago
DeveloperModerator
Joined: 2010-05-25 18:19
Same for me (different keys,

Same for me (different keys, a few less keys, but I just started and closed the app).

Your launcher.ini is cleaning up HKLM\Software\Trend Micro, but these keys are in HKLM\Software\TrendMicro without the space. Typo, or are there other keys stored under HKLM\Software\Trend Micro as well?

scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
Fixed.

Fixed.

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
I don't know why but it's

I don't know why but it's still not saving any settings I change... Maybe someone else could test it too?

BTW, in my main x64 system it saves entries to the registry in
HKLM\SOFTWARE\Wow6432Node\TrendMicro\HijackThis
instead of
HKLM\Software\TrendMicro\HiJackThis

Also, you should make it clean the whole "...\TrendMicro" instead of just the "...\TrendMicro\HijackThis", or the previous will still stay in the registry

sorry if i'm sounding annoying, just trying to help Biggrin

scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
Hm.

I'll look into this further. As for the HKLM\Software\TrendMicro, I may have forgotten to remove that key if it is empty. In cases such as this, I save from HKLM\Software\PUBLISHER\PROGRAM then delete HKLM\Software\PUBLISHER if it's empty.

scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
.

I fixed it leaving behind an empty HKLM\Software\Trend Micro.

Though, I cannot seem to reproduce your other issue with keys being left behind in HKLM\SOFTWARE\Wow6432Node\TrendMicro\HijackThis. Can you provide the steps you used when using HJT?

John T. Haller
John T. Haller's picture
Online
Last seen: 13 min 15 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Same

Wow6432Node is used for 32-bit apps operating on a 64-bit OS in place of the key without that part of it.

Sometimes, the impossible can become possible, if you're awesome!

nightbeholder
Offline
Last seen: 11 years 7 months ago
Joined: 2007-10-28 00:39
About the Wow6432Node it's

About the Wow6432Node it's what John said, although I'm not sure why it is saving that entry in my main windows installation and not in the VM (they are both win7x64)

About the Software\TrendMicro issue, all clean now after using

thanks for making this one portable

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 week 1 day ago
DeveloperModerator
Joined: 2008-07-24 18:46
Clean

Looks clean to me, the appinfo.ini version just needs to be bumped to 3.0 prior to release.

Suggestion: Since it isn't possible to pass files to this app (can you?), you might consider setting RunAsAdmin to compile-force.

scriptdaemon
Offline
Last seen: 5 years 2 weeks ago
Developer
Joined: 2008-10-10 17:40
.

Are you saying the base app has the functionality to pass files to it, but the portable version does not?

If not, isn't compile-force only for use when force does not work? Or am I not understand your suggestion?

Log in or register to post comments