Windows Security Tutorials - Herong's Tutorial Examples - Version 3.00, by Dr. Herong Yang
HijackThis Log File Entry Types
This section provides a quick introduction of different entry types in the log file generated by 'HijackThis'.
If you look at the HijackThis log file included in the previous section, you will see that the report is divided into two sections.
The first part of the log file tells you what non-system processes currently running on the system. You should review them to ensure that they are all legitimate.
The second part of the log file tells you what registry settings and file settings that are different than the default system. These differences could contain browser hijacking settings created by malware. You should review them to ensure that they are all legitimate.
Each entry in the log file is labeled with a log file entry type code. If you highlight an entry and click the "Info on selected item" button, additional information will be displayed about this entry and about the entry type.
Here is a list of log file entry types:
R - Registry, StartPage/SearchPage changes R0 - Changed registry value R1 - Created registry value R2 - Created registry key R3 - Created extra registry value where only one should be F - IniFiles, autoloading entries F0 - Changed inifile value F1 - Created inifile value F2 - Changed inifile value, mapped to Registry F3 - Created inifile value, mapped to Registry N - Netscape/Mozilla StartPage/SearchPage changes N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js of Netscape 7 N4 - Change in prefs.js of Mozilla O - Other, several sections which represent: O1 - Hijack of auto.search.msn.com with Hosts file O2 - Enumeration of existing MSIE BHO's O3 - Enumeration of existing MSIE toolbars O4 - Enumeration of suspicious autoloading Registry entries O5 - Blocking of loading Internet Options in Control Panel O6 - Disabling of 'Internet Options' Main tab with Policies O7 - Disabling of Regedit with Policies O8 - Extra MSIE context menu items O9 - Extra 'Tools' menuitems and buttons O10 - Breaking of Internet access by New.Net or WebHancer O11 - Extra options in MSIE 'Advanced' settings tab O12 - MSIE plugins for file extensions or MIME types O13 - Hijack of default URL prefixes O14 - Changing of IERESET.INF O15 - Trusted Zone Autoadd O16 - Download Program Files item O17 - Domain hijack O18 - Enumeration of existing protocols and filters O19 - User stylesheet hijack O20 - AppInit_DLLs autorun Registry and Winlogon Notify Registry O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key O22 - SharedTaskScheduler autorun Registry key O23 - Enumeration of NT Services O24 - Enumeration of ActiveX Desktop Components
Last update: 2013.
Table of Contents