Hi, I am Stanislav Polshyn - a lawyer, security observer and malware researcher from Ukraine (Chernobyl, Na'Vi, Щедрик, Colony of USA). Yankee go home!

I am happy to present a continuation of Trend Micro HiJackThis development, once a well-known tool.

At the moment, it is a step-by-step 100% rewritten source code of the original engine, created in my free time as a hobby for more than 4 years.

HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs.

HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new or previously unknown malware - but it also makes no distinction between safe and unsafe items. Users are expected to research all scanned items, and only remove items from their PC when absolutely appropriate.

Therefore, FALSE POSITIVES ARE LIKELY. If you are ever unsure, you should consult with a knowledgeable expert BEFORE deleting anything.

Pre-built binary (release version) for Windows

Nightly build (private test version) for Windows

Files are digitally signed by "Stanislav Polshyn". Certificate's thumbprint (SHA256) should be: 1b78ef517e81a07d1c1c4c6adfa66a2b7c3269c3

• Lists non-default settings in the registry, hard drive and memory related to autostart
• Generates organized, easily readable reports
• Does not use a database of specific malware, adware, etc
• Detects potential methods used by hijackers
• Can be configured to automatically scan at system boot up

• Short logs
• Fast scans
• No need to manually create fixing scripts
• No need for Internet access or recurring database updates
• Already familiar to many people
• Portable

• Detects several new hijacking methods
• Fully supports new Windows versions
• New and updated supplementary tools
• Improved interface, security and backups

HiJackThis also comes with several useful tools for manually removing malware from a computer:

• StartupList 2 (*new*)
• Process Manager
• Uninstall manager
• Hosts file manager
• Alternative Data Spy
• Delete file / service staff
• Digital Signature Checker (*new*)
• Registry key unlocker (*new*)
• Files unlocker (*new*)
• Check Browsers' LNK & ClearLNK (as downloadable components) (*new*)

IMPORTANT: HiJackThis Fork does not make value-based calls on what is considered good or bad. You must exercise caution when using this tool. Avoid making changes to your computer settings without thoroughly studying the consequences of each change.

If you are not already an expert, we recommend submitting your case to an online help forum. Here are some suggestions:

• English: Our GitHub ; GeeksToGo ; BleepingComputer
• Russian: SafeZone ; CyberForum ; OSZone ; SoftBoard ; THG ; VirusInfo ; KasperskyClub ; Dr.Web

Note: currently, only Russian-speaking anti-malware supporting team (e.g., VIRUSNET association) can provide direct analysis of HiJackThis logs in our github 'Issues' section. Please feel free to ask help there (English only).

• Actual short User's manual (in English)
• Actual complete User's manual (in Russian)
• Recent updates by the author (in Russian)
• Additional instructions on Wiki-pages
• Discussion and news are in this topic (in Russian) or on GeeksToGo (in English; access restricted to experts only) or on our GitHub page (for everybody).
• You can also freely ask questions, report bugs, or propose improvements by creating an issue on GitHub

Operating System

• Microsoft™ Windows™ 11 / 10 / 8.1 / 8 / 7 / Vista / XP / 2000 (32/64-bit desktop and server)

• Polshyn Stanislav { @dragokas } - author of fork (major v3 and all post-v2.0.6 updates), refactoring, additions, tools integration
• Merijn Bellekom { @mrbellek } - original author, author of the new StartupList v2 and ADS Spy
• Trend Micro { @trendmicro } - owner of the original version (2.0.5)

• regist (VIRUSNET) { @regist } - for the valuable tips and ideas, user's manual, database updates, closed and beta-testing
• Sandor (VIRUSNET) { @Sandor-Helper } - for the beta-testing, lot of reports, PC treatment on GitHub and forums of association
• akok (VIRUSNET) { @akokSZ } - for product promotion, providing a platform for tests and discussion, help with resolving conflicts with antiviruses
• SafeZone.cc team (general VIRUSNET community) - for promotion and support, feedback and bug reports, PC treatment on forums of association
• Fernando Mercês { @merces } (Trend Micro) - coordinator of original HJT, for the tips, suggestions and promotion
• Loucif Kharouni { @loucifkharouni } (Trend Micro) - coordinator of original HJT, for the tips & suggestions

HiJackThis Fork by Alex Dragokas (my pseudonym) is a continuation of Trend Micro HiJackThis development, based on v.2.0.6 and 100% rewritten at the moment. It was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository. HiJackThis Fork is distributed under the GPLv2 license. It also includes several tools and plugins available as freeware.

(clickable)

Note: These mirrors belong to other companies. They are non-official.

For more than four years, I have maintained this project in my free time. If you find it useful, you can support me for further inspiration by donating any amount to:

• Patreon
• BTC: 17hkU3eKPngHrG3P9uqXwMLE3ztmtfGDZ4
• Ethereum: 0xc6B421AeeC879F6603f86117a792e0bb1c67C7A5
• Yandex.Money
• WebMoney: Z389963582741, R963062285529

You may also find my other programs useful:

• Check Browsers' LNK & ClearLNK to cure shortcuts
• Different tools at SafeZone repository.
• My articles, tutorials and research (in Russian)