Some malware infections are straightforward. They’re known threats, cause little damage, and your regular antivirus engine can detect and remove them in seconds: easy.
Other situations can be a little more complicated, though. Maybe you’ve run into a brand new threat that your security package doesn’t recognise. And some malware will hijack Windows settings, perhaps disabling Task Manager or the Registry editor. Solving an issue like this may require some specialist help from a tool like Hijack Hunter.
Just launch this handy free portable utility, click Scan, and it’ll crawl all over your system looking for anything that might be suspicious. There are no signatures involved here, the program is purely highlighting items that seem interesting or out of the ordinary (which is why it might be able to pick up even previously undiscovered threats).
The scan may take quite some time, but when it’s finished Hijack Hunter will save the results to a text file and open them in Notepad (or whatever happens to be the default handler for .txt files on your system).
Some of the report is relatively ordinary. So you’ll get lists of running processes, loaded modules, drivers, services and startup programs, for instance. Not too interesting, and presenting this via a plain text file makes it awkward to locate the information you need.
Keep looking, though, and you’ll find Hijack Hunter does highlight plenty of useful information.
The report mentions sites you’ve flagged as “Trusted” in IE, for instance, and points to programs that are allowed through the Windows firewall.
It lists executable files that appear in unexpected folders (drivers in \Windows\System, say).
You’ll be warned about “non accessible files”, a possible sign of stealthy malware.
A list of files created in the past 15 days may highlight some unusual behaviour.
And the report also lists open network and internet connections, suspicious folders and Registry keys, SSDT hooks, interesting Winsock LSP files and a whole lot more.
None of these signs are in themselves proof of an infection, of course, so you shouldn’t rush off to delete them immediately. But they’re a good start for further research. You might enter a few file names into Google to see what comes up, for instance, or upload some files to VirusTotal for a quick verdict on their safety.
And if you do uncover any malware, then the task of removing it is up to you. Although Hijack Hunter does help with a “Delete File” option that may be able to remove persistent files that you can’t delete in any other way. (Be careful, however, deleting the wrong file could leave your PC unbootable.)
Once the infection has gone, then Hijack Hunter may be able to restore any Windows settings it’s hijacked. Some malware will disable the Registry Editor, Task Manager, prevent you opening a command window, and so on. In which case all you need to do is open the Restorer section, click System Hijacks, check boxes like “Restore Registry Editor” or “Restore Task Manager” and click Apply: simple.
And the program can even restore Windows shell settings, default file associations for many executable file types, your IE URLs, useful Windows Registry settings and more, all at a click.
If you know what you’re doing then there’s plenty here to explore, then. But if you’re anything less than a Windows and security expert then it’s easy to become confused. Would you know what “Restore UIHost” does, for instance? What about “Restore Shell”? Should a setting like “Enable CheckEXESignatures” be on, or off? And what might happen if you enabled “RequireSignedAppInit_DLLs”? The brief help file doesn’t mention any of this, so you have to figure it all out for yourself.
This isn’t necessarily a major problem. Hijack Hunter provides plenty of information and options that are easily understandable; it’s entirely plain what “Enable Windows Firewall” will do, for instance. And so as long as you ignore settings that aren’t so clear (or Google them to find out more) then you’re unlikely to have any issues.
This lack of supporting information does let Hijack Hunter down, though. It’s a very useful little program, but won’t reach the audience it deserves until it gets some decent documentation. Let’s hope the authors rectify this soon.