Announcement

Collapse
No announcement yet.

What exactly does the Hijack Scan do?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • What exactly does the Hijack Scan do?

    I did a scan but when i put a check by things to fix it says to be careful that it could permanently delete something?

  • #2
    Originally posted by jckinnick View Post
    I did a scan but when i put a check by things to fix it says to be careful that it could permanently delete something?
    Hi jckinnick,

    Please read the posts in the USAGE of IOBIT PRODUCTS thread, you should only check the checkbox of malware-virus-spyware containing item.
    To decide which to delete, get help in this forum posting your HijackThis report.

    Do not delete any item without beeing sure that the item is malicious.

    Cheers.
    enoskype

    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

    Comment


    • #3
      Originally posted by enoskype View Post
      Hi jckinnick,

      Please read the posts in the USAGE of IOBIT PRODUCTS thread, you should only check the checkbox of malware-virus-spyware containing item.
      To decide which to delete, get help in this forum posting your HijackThis report.

      Do not delete any item without beeing sure that the item is malicious.

      Cheers.

      I didnt see any thing about Hi Jack Scan in that thread plus it was closed. What exactly does it do besides delete programs? Whats the difference in between it and an uninstaller?

      Comment


      • #4
        Hi jckinnick,

        Hijack Scan will scan critical settings of your system, which are also common targets of malware. So the listed items there are not all problems or malware. Before you remove any item, make sure it is malware.

        You can submit your report to any qualified online HijackThis log analyzer and HijackThis forums as the log file of Hijack Scan is 100% compatible with HijackThis log. Here is the link:

        http://www.hijackthis.de/en

        Or you can post here.

        So Hijack Scan is quite different from uninstaller. You should be cautious while you removing items listed in hijack scan result.
        IObit Support Team --
        If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

        Comment


        • #5
          Hi

          What you see in the scan is a list of all the processes running in your system. Every application (program) runs its own processes. By looking at everything that is running through your system via Hijack, you may be able to see if you have an infection... and other things. Many programs run seemingly redundant processes, but they're not.

          If you don't know for sure what you are deleting... then stop. The previously mentioned auto analyzer mentioned by Cicely will help only if you know how to use it.

          If you could only copy and paste the whole report here, better guidance could be given

          Peace and good luck!

          -Mel


          Comment


          • #6
            Running processes are shown in the top part of the log. Below that, it's all registry keys or values, showing different things : browser settings, browser helper objects, toolbars, Run values (for running processes), buttons and menu items, downloaded program files (ActiveX), DNS settings, Services running, and a few more.

            Not sure about Hijack Scan, but with HijackThis, you can't fix anything from the top part (running processes), but you can for all the registry keys/values below. So you "Fix" registry entries, also known as loading points. Backups are made when fixing, so you can revert if necessary (with HijackThis, not sure about Hijack Scan).

            One last thing : sorry folks, but online automated log analyzers are a bad idea all around. The ones I've seen are outdated and they never were effective/reliable. Ever. Stay away from them, and have someone knowledgeable look at your log, when in doubt.

            ===
            Is it winter yet ?

            Comment


            • #7
              Originally posted by Melvin_Deal View Post
              What you see in the scan is a list of all the processes running in your system. Every application (program) runs its own processes. By looking at everything that is running through your system via Hijack, you may be able to see if you have an infection... and other things. Many programs run seemingly redundant processes, but they're not.

              If you don't know for sure what you are deleting... then stop. The previously mentioned auto analyzer mentioned by Cicely will help only if you know how to use it.

              If you could only copy and paste the whole report here, better guidance could be given

              Peace and good luck!

              -Mel


              Logfile of IObit HijackScan v1.0.0.0
              Scan saved at 3:55:11, on 2010-7-31

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\IObit\IObit Security 360\IS360srv.exe
              C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\Motive\McciCMService.exe
              C:\Program Files\Secunia\PSI\sua.exe
              C:\WINDOWS\System32\snmp.exe
              C:\Program Files\Viewpoint\Common\ViewpointService.exe
              C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Webroot\Washer\WasherSvc.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Webroot\Security\current\plugins\sync\WRSyncManager.exe
              C:\WINDOWS\System32\alg.exe
              C:\Program Files\Webroot\Security\Current\Plugins\cleanup\WRCLEA~1.EXE
              C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
              C:\Program Files\Pale Moon project\palemoon.exe
              C:\Program Files\Flock\flock.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\iTunes\iTunes.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Program Files\Pale Moon project\plugin-container.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
              C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Documents and Settings\Owner\Local Settings\Application Data\Flock\Application\flock.exe
              C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              C:\Program Files\Webroot\Washer\wwDisp.exe
              C:\Program Files\CCleaner\CCleaner.exe
              C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
              C:\Documents and Settings\Owner\Desktop\FlashCookiesView.exe
              C:\Program Files\Webroot\Security\Current\Framework\WRFrame.exe
              C:\Program Files\Flock\Desktop\JavaRa.exe
              C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
              C:\Program Files\IObit\IObit Security 360\is360.exe
              C:\WINDOWS\system32\mmc.exe
              C:\Program Files\IObit\IObit Security 360\IS360tray.exe
              C:\Documents and Settings\Owner\Desktop\PureRa.exe
              C:\Program Files\IObit\IObit Security 360\e_privacysweeper.exe
              C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
              C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe
              C:\Program Files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
              C:\Program Files\IObit\Advanced SystemCare 3\Sup_DiskDoctor.exe
              C:\Program Files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
              C:\Program Files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe

              O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
              O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
              O2 - BHO: WebrootBHO Class - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
              O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
              O2 - BHO: Webroot Browser Helper Object - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
              O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
              O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
              O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O3 - Toolbar: Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
              O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
              O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
              O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
              O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
              O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
              O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
              O9 - Extra button: - CmdMapping -
              O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
              O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - %windir%\Network Diagnostic\xpnetdiag.exe
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://go.microsoft.com/fwlink/?linkid=39204
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateWebControl.1 - http://update.microsoft.com/microsof...?1126988575109
              O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
              O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
              O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_21 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
              O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
              O23 - Service: Google Update Service (gupdate1c98e2f90d4ebd0) (gupdate1c98e2f90d4ebd0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
              O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
              O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
              O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
              O23 - Service: McciCMService (McciCMService) - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
              O23 - Service: Secunia Update Agent (Secunia Update Agent) - Secunia - C:\Program Files\Secunia\PSI\sua.exe
              O23 - Service: Viewpoint Service (Viewpoint Service) - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
              O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
              O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
              O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe



              What do i need to look for to see if i have anything hijacked?

              Comment


              • #8
                Nothing bad in that log.

                How can you tell ? You have two choices : Google every line, every file name, or... spend a few hundred hours learning how to decipher these logs.

                You also need to remember that Hijack logs don't reveal all infections ; as a matter of fact, most recent infections won't show up in Hijack scans.

                So there you have it :)


                ===
                Is it winter yet ?

                Comment

                Working...
                X