As mentioned at the beginning of this series there is no single comprehensive solution that will remove all forms of Spyware so it is always necessary to use multiple programs to get at all of the Spyware. However, there are many different spyware and adware scanners out there that can do an adequate job but to my knowledge there is no substitute for HijackThis.
It doesn’t matter which programs are used to scan a computer any heavy infection will always leave entries on your computer that Spyware scanners have missed and, in many cases, don’t even know about. HijackThis is a serious program designed to allow someone with knowledge to remove items from a computer that scanners either can’t remove or don’t know exist yet. Using this program will require research and work on your part to learn what is good and what is bad, however, this tip will help get you on your way.
The first step of course is to download the file from the internet. You can download it from MajorGeeks.com. On the download page you should scroll down and read the information they've provided for you because it includes the official HijackThis tutorial.

How to download a program

1. Browse to the download link located on the proper website.
2. Click on the link and wait for a dialog box (box with instructions or questions about what to do next.)
3. In the dialog box click save and choose a location where you'll be able to find it later. I usually save it to the desktop.

Now that you’ve downloaded the file you should extract it using a compression utility like WinZip (evaluation) or WinRar (also evaluation); Windows XP comes with a compression utility built in. You can also try one of the free ones at Nonags.com. Not all compression utilities are the same but often it’s enough to just double click on the compressed file and select the button that says extract, or decompress. All compression programs allow you to choose a location to place the files once they’ve been decompressed.

Installing and using HijackThis

1. With HijackThis you’ll find that there is only one file. It’s an executable conveniently called HijackThis.exe. Be sure to place this file in it’s own folder because not only can the program malfunction but in the process of removing hijackers and other entries from your computer it creates backups that get placed in the same location as the executable. If you have been heavily infected there could be dozens and sometimes hundreds of items that need to be removed so you could end up with hundreds of files all of a sudden that clutter up your computer. For example, if HijackThis is on your desktop and you don’t create its own folder you might find that there are 10 or 20 extra files on your desktop all of a sudden that don't need to be there.
2. There is no installation program you just double click on the executable file (HijackThis.exe) and the program will run presenting you with some choices. I recommend you click on “Open online HijackThis QuickStart” (make sure you’re connected to the internet first) and read the resulting content. It will give you a better idea of what you are doing and what you are about to do. You might also want to read the official tutorial at the HijackThis website.
3. Once you’ve read the contents or if you’ve decided you want to get right to the good stuff then click on “None of the above just start the program”. You’re presented with a window that has six buttons along the lower half of the window; three on the left and three on the right. The buttons on the right are generally for advanced users so we’re going to stick with the buttons on the left for now. Click on the button labelled “Scan”. It should only take a few seconds but it depends on your computer. When it’s completed its scan the blank window will have filled with lines of information. Each one of those lines represents an entry somewhere on your computer that is generally inaccessible to users mostly due to lack of knowledge. The thing to do with this information is post it to an antispyware forum where experts can tell you which entries should be removed and which ones should not. You can find a nice tutorial on how to get your HijackThis information posted at www.bleepingcomputer.com or at MajorGeeks.com. Note that many forums find pasting a HijackThis log right into the body of the posting rather than in a text file ruins the content and experience of the forum so, try to post the log as an attachment rather than right into the body of the post itself. How to handle the posting largely depends on the rules of individual forums so in all cases try to use proper forum etiquette. A nice summary of forum etiquette can be found at Comcast.com. You can find a comprehensive online book on Netiquette at the Netiquette HomePage.
4. Now that you know how to post your log to a forum you can try posting it to one or more of the forums below. When you choose a forum make sure to choose the forum that addresses spyware and adware specifically rather than a forum called networking, or software.
   spywareinfo.com
   cexx.org
   MajorGeeks.com
   Techspot.com
   gladiator-antivirus.com
   net-integration.net
   subratam.org
   maddoktor2.com
   There is also a large list at the HijackThis website. Individuals at the forums will tell you what you should and shouldn’t get rid of. Getting rid of an entry is as simple as adding a checkmark to the corresponding box on the left and clicking the button labelled “Fix Checked”. However, removing the wrong entry can damage your installation so try not to experiment and do exactly what individuals on the forums ask you to do

Learn how to use this program and Spyware will be unable to hide from you, at least, not until Spyware starts using different technology.
Check out the next tech tip in this series on how to prevent Spyware from installing itself in the first place.
---
Joe Magueta is an IT Consultant with Phoenix Community Works Enterprises (PCWE), a nonprofit organization that provides support to charities and other nonprofits.
Please send questions or comments to techtips@pcwe.ca.