HiJackThis
What is HiJackThis?
HiJackThis is software application developed by Trend Micro Inc.. It is most commonly found on computers running Windows 7 with nearly 62.34% of installations running this operating system. HiJackThis's installer is typically 1.00 GB in size and installs around 28 files. The most common release is 2.0.2 with 48.88% of all installations currently using this version.
HiJackThis is most popular in the United States with 54.83% of installations residing in this country.
HiJackThis adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times. When using a computer that is connected to the internet, HiJackThis is known to create 1 firewall exception to allow inbound and outbound connectivity.
About HiJackThis?
HijackThis is an open source enumeration tool originally created by Merijn Bellekom, and later acquired by Trend Micro. This program is designed to target browser-hijacking methods without relying on a database of known spyware. It quickly scans a user's computer and identifies browser hijacking locations, providing a detailed list of the entries found. HijackThis is primarily used for diagnosing browser hijacking issues, as its removal capabilities, if used without proper knowledge, can potentially cause significant damage to the computer. It is important to note that HijackThis does not remove or detect spyware; instead, it focuses on listing common locations where browser hijacking activity can occur, which can lead to the installation of malware on a computer.
Software Behaviors
- Services:
-
- steamservice.exe runs as a service named 'Steam Client Service' (SYSTEM\CurrentControlSet\Services\Steam Client Service) "Steam Client Service monitors and updates Steam content".
- Firewall:
-
- hijackthis.exe is added as a firewall exception for 'C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe'.
- Scheduled tasks:
-
- steam.exe is scheduled as a task with the class '{F5AD5BE3-8A53-416A-85DF-3F13BD2920A5}' (runs on registration).
Startup Entries
- Registry entries:
-
- HijackThis.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'HijackThis startup scan' and executes as C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan.
- hijackthis.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'HijackThis startup scan' and executes as C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan.
- steam.exe is loaded in the current user (HKCU) registry as an auto-starting executable named 'Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win32@winslave04)' and executes as "C:\Program Files\Steam\steam.exe".
Software Details
- URL:
- https://www.trendmicro.com
- Support:
- –
- Installation path:
- C:\Program Files\trend micro\hijackthis
- Uninstaller:
- MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
- Size:
- 1.00 GB
- Language:
- English
HiJackThis Executable Details
- Primary executable:
- hijackthis.exe
- Name:
- HiJackThis
- Path:
- C:\Program Files\trend micro\hijackthis\hijackthis.exe
- MD5:
- ee86268e59e4b38961e7c40d16be5bb4
- SHA-1:
- –
- SHA-256:
- –
File Type | Filename | MD5 |
---|---|---|
DLL
|
7e2d850c4329a834415a414088cdce1e | |
EXE
|
a78cc79e4306ac531cb591e70993835b | |
EXE
|
7d6f3e59417caa671d73faa2d665ccc4 | |
DLL
|
10795821f58006b8d4b1393c4960b097 | |
DLL
|
fc5af0cdf08672646342b87704799bea | |
DLL
|
29b3cc1e8ebb3317f2f7235f8b921020 | |
DLL
|
ac75aca7478e3e5c7a037bc505778202 | |
DLL
|
d4eaae3b315e1947f0632ce3568916fb | |
DLL
|
1a0d795e24428146ab31ad3f9e7b5646 | |
DLL
|
401c1749806cca61b7bb47f9af3fd37c |