This section provides a quick introduction of different entry types in the 'HijackThis' diagnose report.
If you look at the "HijackThis" report included in the previous section, you will see that the report
is divided into two sections.
The first part of the log files tells you what are the processes currently running on the system.
You should review them to see if there are any strange processes.
The second part of the log files tells you what HijackThis considers suspicious entries in the
system registry, system service list, and browser add-on list.
Entries are labeled with type names. If you highlight an entry and click
the "Info on selected item" button, additional information will be displayed about this entry and about
the entry type. Here is a list of entry types and suggested ways of handling them:
"R1" indicates that a new registry value has been added.
You should remove it.
"R0" indicates that an old registry value has been changed.
You should restore its old value.
"O2" indicates that a BHO (Browser Helper Object) has been added.
You should remove it.
"O3" indicates that an IE (Internet Explorer) toolbar has been added.
You should remove it.
"O4" indicates that an autoloading entry has been added in registry.
You should remove it.
"O8" indicates that a context menu entry has been added. The context
menu is the menu displayed when you click the right mouse button in Windows Explorer.
You should remove it.
"O9" indicates that a new entry has been added in the IE's Tools menu.
You should remove it.
"O16" indicates that a new program has been added in the DPF (Download Program
Folder) directory. All programs in the DPF will be loaded when IE is active.
You should remove it.
"O17" indicates that a new registry entry has been added for domain name look up.
You should remove it.
"O23" indicates that a new service has been added.
You should disable it.
With the help of HijackThis, I was able to identify and remove several spyware on my friend's system.
See the sections below for details.
