HijackThis

HijackThis (also HiJackThis or HJT) is a free and open-source tool to detect malware and adware on Microsoft Windows. It was originally created by Merijn Bellekom, and later sold to Trend Micro. The program is notable for quickly scanning a user's computer to display the most common locations of malware, rather than relying on a database of known spyware. HijackThis is used primarily for diagnosis of malware, not to remove or detect spyware—as uninformed use of its removal facilities can cause significant software damage to a computer. Browser hijacking can cause malware to be installed on a computer.

On February 16, 2012, Trend Micro released the HijackThis source code as open source and it is now available on the SourceForge site.

Use
HijackThis can generate a plain-text logfile detailing all entries it finds, and some entries can be fixed by HijackThis. Inexperienced users are advised to exercise caution or seek help when using the latter option. Except for a small whitelist of known safe entries, HijackThis does not discriminate between legitimate and unwanted items. HijackThis attempts to create backups of the files and registry entries that it fixes, which can be used to restore the system in the event of a mistake.

A common use is to post the logfile to a forum where more experienced users can help decipher which entries need to be removed. Automated tools also exist that analyze saved logs and attempt to provide recommendations to the user, or to clean entries automatically. Use of such tools, however, is generally discouraged by those who specialize in manually dealing with HijackThis logs: they consider the tools dangerous for inexperienced users, and neither accurate nor reliable enough to substitute for consulting with a trained human analyst.

Later versions of HijackThis include such additional tools as a task manager, a hosts-file editor, and an alternate-data-stream scanner.

HijackThis reached end-of-life in 2013 and is no longer developed. However, the team has recommended an unofficial replacement called HijackThis+ (originally called HijackThis Fork) that is being developed by Stanislav Polshyn.