[chadfree] HiJackThis terms defined

This is from the the HijackThis turorial it explains what the letters in
it's report reffer to;
http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial  

On the forums of SpywareInfo, a lot of people new to browser hijacking post
topics asking for help analyzing logs from HijackThis, because they don't
understand what stuff is good and what is bad.

This is a basic guide as to what the log means, and some tips on reading it
yourself. This should in no way replace asking for help in the SWI forums,
but help you somewhat in understanding the log yourself.  
 

Overview  
Each line in a HijackThis log starts with a section name. (For technical
information on this, click 'Info' in the main window and scroll down.
Highlight a line and click 'More info on this item'.)

For practical information, click the section name you need help with:
R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs 
F0, F1 - Autoloading programs 
N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs 
O1 - Hosts file redirection 
O2 - Browser Helper Objects 
O3 - Internet Explorer toolbars 
O4 - Autoloading programs from Registry 
O5 - IE Options icon not visible in Control Panel 
O6 - IE Options access restricted by Administrator 
O7 - Regedit access restricted by Administrator 
O8 - Extra items in IE right-click menu 
O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools'
menu 
O10 - Winsock hijacker 
O11 - Extra group in IE 'Advanced Options' window 
O12 - IE plugins 
O13 - IE DefaultPrefix hijack 
O14 - 'Reset Web Settings' hijack 
O15 - Unwanted site in Trusted Zone 
O16 - ActiveX Objects (aka Downloaded Program Files) 
O17 - Lop.com domain hijackers 
O18 - Extra protocols and protocol hijackers 
O19 - User style sheet hijack 
 
 

R0, R1, R2, R3 - IE Start & Search pages  
What it looks like:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/
R2 - (this type is not used by HijackThis yet)
R3 - Default URLSearchHook is missing  

What to do:
If you recognize the URL at the end as your homepage or search engine, it's
OK. If you don't, check it and have HijackThis fix it.
For the R3 items, always fix them unless it mentions a program you
recognize, like Copernic.  
 

F0, F1, F2, F3 - Autoloading programs from INI files  
What it looks like: 
F0 - system.ini: Shell=Explorer.exe Openme.exe
F1 - win.ini: run=hpfsched
 

What to do:
The F0 items are always bad, so fix them.
The F1 items are usually very old programs that are safe, so you should find
some more info on the filename to see if it's good or bad. 
Pacman's Startup List can help with identifying an item.  
 ++ There is more on the web site.


Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see ~ http://www.mwn.ca 
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages
<http://www3.telus.net/mikebike/mikes_virus_page.htm>
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance & OWTA Charter Member



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Was this forwarded to you?  Want to subscribe?  Send an email 
to chadfree-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject line of "info chadfree" without the 
quotes.

If you wish to unsubscribe from our list send an email to;
 chadfree-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
chadfree-moderators@xxxxxxxxxxxxx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Other related posts: