Application: HiJackThis
Category: Security
Description:
HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.
Advanced users can use HijackThis to remove unwanted settings or files.
Download HiJackThis Portable 2.0.4 Development Test 3 [704KB download / 669KB installed]
(MD5: 0ee6e5341a41d6f1c7fd4907d4518ada)
Release Notes:
2.0.4 Development Test 3 (2012-03-07)
- Fixed empty registry key not being removed properly
2.0.4 Development Test 2 (2012-03-03)
- Fixed registry keys not being backed up properly
2.0.4 Development Test 1 (2012-02-20): Initial release
Tested it out briefly on my WinXP SP3 system. Worked like a charm. Will be giving it a good workout tomorrow on a sick system...
Bill G.
Frozen St. Paul, MN
land of the frozen mosquito
Another external app to be kicked out of the list. The startup time of my toolbox drive is decreased again.
Works like a charm. I just found the added functionality in the options box and realized how long ago I last had to use it seriously (right before trendmicro took over I think).
This should be handy.
I have only had to use this twice, when NOTHING else worked!
Thanks for making it portable. I'll check it out.
Did a quick testing on a VM with w7x64 and it seems to be saving the settings in:
HKLM\SOFTWARE\TrendMicro\HijackThis
The launcher should be properly backing this key up. Is it not for you?
Nope
Here's the relevant stuff it is living behind (after changing a couple of options and doing a quick scan before closing the program):
While program is running this would be normal. You need to close the program and then run the regshot. As the launcher cleans up those after closing the program
“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss
I know how to test an app with regshot
Does it clean everything for you?
I saw you say you did the regshot without closing the program yet so assumed that the keys were still there because the program was still running and had not had a chance to "cleanup". No offense was meant
“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss
all good
Yeah I guess that could have been misinterpreted. But yea, I took the regshot after closing the program
Same for me (different keys, a few less keys, but I just started and closed the app).
Your launcher.ini is cleaning up HKLM\Software\Trend Micro, but these keys are in HKLM\Software\TrendMicro without the space. Typo, or are there other keys stored under HKLM\Software\Trend Micro as well?
Fixed.
I don't know why but it's still not saving any settings I change... Maybe someone else could test it too?
BTW, in my main x64 system it saves entries to the registry in
HKLM\SOFTWARE\Wow6432Node\TrendMicro\HijackThis
instead of
HKLM\Software\TrendMicro\HiJackThis
Also, you should make it clean the whole "...\TrendMicro" instead of just the "...\TrendMicro\HijackThis", or the previous will still stay in the registry
sorry if i'm sounding annoying, just trying to help
I'll look into this further. As for the HKLM\Software\TrendMicro, I may have forgotten to remove that key if it is empty. In cases such as this, I save from HKLM\Software\PUBLISHER\PROGRAM then delete HKLM\Software\PUBLISHER if it's empty.
I fixed it leaving behind an empty HKLM\Software\Trend Micro.
Though, I cannot seem to reproduce your other issue with keys being left behind in HKLM\SOFTWARE\Wow6432Node\TrendMicro\HijackThis. Can you provide the steps you used when using HJT?
Wow6432Node is used for 32-bit apps operating on a 64-bit OS in place of the key without that part of it.
Sometimes, the impossible can become possible, if you're awesome!
About the Wow6432Node it's what John said, although I'm not sure why it is saving that entry in my main windows installation and not in the VM (they are both win7x64)
About the Software\TrendMicro issue, all clean now after using
thanks for making this one portable
Looks clean to me, the appinfo.ini version just needs to be bumped to 3.0 prior to release.
Suggestion: Since it isn't possible to pass files to this app (can you?), you might consider setting RunAsAdmin to compile-force.
Are you saying the base app has the functionality to pass files to it, but the portable version does not?
If not, isn't compile-force only for use when force does not work? Or am I not understand your suggestion?