What's new in HiJackThis+ 3.2.0.1 Alpha
Oct 6, 2023
- Added detection of O7 - Policy: Bitcoin wallet address hijacker is present (no fix).
- Added section O27 - Account & Remote desktop protocol. Description can be found in menu Help - About - Sections.
- O7 - Autologon is moved in O27.
- Added mark "(no fix)" - which means the fix is not provided.
- Registry Key Analyzer: added option "Create key if not exists" (it should create key and instantly remove after checking if it didn't exist).
- Pending delete file operations items are moved to whitelist (known as PendingFileRenameOperations -> DELETE).
- Autobackup registry (ABR) is updated to v1.10.
- Removed suggestion to use Uncle Carey's Windows 10 NetFix to fix O10 - LSP, because this utility became payed. For Windows 8.1 use other tools, like: https://support.kaspersky.ru/common/windows/12378
- Fixed compatibility with Windows XP.
- Windows 2000 is no longer supported.
New in HiJackThis+ 3.1.0.2 Alpha (Jul 10, 2023)
- EDS verification tool:
- Added expert options
- Added PE EXE filter (search for all files corresponding to the Portable Executable format)
- O23 - Driver: Fixed skipping 3rd party drivers signed with single signature (by Microsoft).
- O23 - Driver: If the third party driver is only signed by Microsoft, the "CompanyName" field from the file properties will be added to the mark.
- Forced launch in "Additional Scan" mode if HJT v3.1.0.1 or lower was in use before.
New in HiJackThis+ 2.10.0.19 Beta (Jul 25, 2022)
- Whitelist services is updated.
- Some adjustment in O4 to show "(Microsoft)" postfix for more cases.
- O22 - Tasks_Migrated: Added detection of migrated tasks in Windows 11.
- O22 - Tasks: Added detection of tasks in SysWow64.
- O22 - Tasks: fixed incorrect decoding of non-English characters by xml parser.
New in HiJackThis+ 2.10.0.16 Beta (Jan 12, 2022)
- Added Spanish translation (thanks to Andago).
- Added key /LangSP - force use Spanish language for user interface.
- Corrected size of the forms for better match the translation.
- Minor edits of RU/UA/FR translations.
- Updated Merijn Bellekom donation link in StartupList tool.
- StartupList (and HJT): fixed "Show file" context menu didn't work with System32 files.
New in HiJackThis+ 2.10.0.13 Beta (Dec 26, 2021)
- Fixed potential crash related to bad buffer size in codepage encoder (thanks to @thetrik for letting me know).
- Fixed missing translation.
- Fixed font size on some controls.
- [Updates checker] Corrected error code returned.
- System errors description are now displayed on selected language.
- [Uninstall manager] Fixed double-unicode in registry snapshot report on some locales.
New in HiJackThis+ 2.9.0.1 (Oct 22, 2018)
- Log:
- Improved format of the log lines.
- Added mark "No suspicious items found!", if the number of entries = 0.
- Added display of 'Scan mode': if enabled "Additional scan", "Environment variables", "Ignore ALL Whitelists" or disabled "Processes", "Hide Microsoft entries".
- Backups:
- Added backup/restore of O23, O25.
- Restoring of library registration.
- Restoring of the file attributes and time stamps.
- Restoring of initial security rights on file / registry key (thanks to Kazakevich Aleh for help).
- ABR from Dmitriy Kuznetsov is updated to v1.05 (improved compatibility with Win10 build 1803).
- Main scan:
- O5 - 'Blocked IE Options' - section is renamed and expanded to cover any hidden control panel items; added compatibility with Vista+.
- O7 - Added detection of policies: NoViewOnDrive, RestrictRun, DisallowRun, NoControlPanel, LockTaskbar, NoDispCpl, NoDrives, DisableTaskMgr.
- O7 - Added detection of restricted DACL permissions on some Policy and Certificate keys.
- O7 - TroubleShooting: (EV) - added checking presence of essential system folders in %PATH%.
- O10 - LSP: whitelist is removed. Checking is performed by EDS.
- O10 - LSP: is now display all chain gaps and unknown providers and doesn't stop on the first found.
- O18 - Protocols/Filters: criteria of checking is replaced with EDS; added check for registry subkeys.
- O22, O23 - Windows Defender items are temporarily added to whitelist.
- O26 - Added detection of UWP applications debugger
- "Additional scan":
- Added subsection O23 - Drivers: - list of loaded drivers.
- Added subsection O23 - Dependency: (experimental), consist of 3 groups:
- Microsoft Service 'X' depends on non-legit service: 'Y'
- Microsoft Service 'X' depends on non-legit group: 'Y'
- Microsoft Service Group 'X' contains non-legit service: 'Y' (Note: some 3d-party services can legally add their records to Microsoft Service Group)
- "Environment variables" scan:
- Added listing of special folders.
- The environment variables are supplemented and divided into categories "[User]", "[System]", "[Current process]".
- Fixes:
- O22 - Added removing of task's executable (if it is not belong to Microsoft).
- O23 - Added cleaning of legit services dependency from the service that is being deleted.
- Compatibility:
- Added compatibility with DBCS-systems (locale-independence).
- Added compatibility when launch via Local System context:
- also mark "<=== Attention! ('Local System' account)" will be displayed in the log.
- some tools will not be available in this mode due to security reasons.
- Reduced CPU loading in the "Scan on system boot" mode.
- File choosing dialog boxes are now support x64 bit folders (c:WindowsSystem32).
- vChecking the write access for new log is replaced by AccessCheck() API to not interfere with AV.
- Improved protection against BSOD.
- Errors:
- Bug: Fixed cases in Win8/10 when line O4 is marked as StartupApproved (disabled) instead of RunRun32.
- Bug: Fixed crash while HiJackThis finishing its work when launched from archive.
- Bug: Fixed issue with 0 bytes size of the log, if StartupList was start just right before.
- Bug: Fixed access denied while reading some tasks (thanks to Sandor for testing).
- Bug: Fixed the failure of some functions when setting a specific date format in the system.
- Bug: Fixed issue with displaying binary data in LSP log.
- Finished "Jump to Registry/File" menu for O23 and other sections.
- StartupList: added tracing the errors in /debug mode, fixed some errors that caused crash (thanks @Hostn4me for testing).
- Updates checking:
- Bug: Fixed updates checking. The program is untied from github due to problems with https on XP and is now downloaded from dragokas.com.
- Added proxy support (Note: Socks5 is not supported) (thanks Sandor for testing).
- Added option "Update to test versions" - if you want to receive the latest updates without waiting for a stable release.
- Added option "Update in silent mode" - the program will automatically update and restart with the initial command line keys.
- Interface:
- Added ability to choose the font (for whole interface or for scan results list and input fields only).
- Improved interface navigation during scanning.
- The autoscrolling of the scan results list has been removed.
- Horizontal scroll bar is added before scan is complete.
- Translation:
- The translation into Russian of the list of changes to individual Misc tools was completed.
- Added ProcMan list of updates.
- The Netherlands part is translated into English.
- The spelling of the Ukrainian translation has been improved.
- Updated English text with spell and grammar checking (thanks to Tanner Helland).
- Tools:
- START menu is appended with shortcuts of separate tools and plugins (upon installation of HiJackThis).
- Accordingly, added command line keys:
- /tool+StartupList
- /tool+UninstMan
- /tool+DigiSign
- /tool+RegUnlocker
- /tool+ADSSpy
- /tool+Hosts
- /tool+ProcMan
- /tool+CheckLNK
- /tool+ClearLNK
- Uninstall programs manager is updated to v2.0:
- Interface and format of the log lines is changed.
- Improved x64 compatibility.
- Added "Hidden" mark for the programs that could not be uninstalled via default Control Panel snap-in.
- Added (no Uninstall command) mark for the programs that have no string to call uninstaller.
- Added (User: username) mark for the programs that requires log in of another user to be properly uninstalled.
- Added jump to registry key.
- Added filter by HKCU / HKLM / HKU / Hidden / No uninstall command / Common Software.
- Digital Signature Checker:
- Fixed errors "Access denied" when verifying some files, protected with DACL.
- Increased speed of system folder verifying.
- Fixed issue with failure to work on Windows 7x64 SP0 and under some another conditions.
- Added ability to verify and show 3d-party publisher of drivers on Vista+.
- ProcMan: added ability to enum modules of 64-bit processes.
- ADS Spy: added button "Save log".
- ADS Spy: added support of ReFS file system.
- Tutorial:
- Completed work on the renewed Russian manual for the Fork and v2.0.5: https://regist.safezone.cc/hijackthis_help/hijackthis.html (thanks to regist)
- Updated short help on sections (on English, Russian and Ukrainian), available inside the program and web-site: http://dragokas.com/tools/help/hjt_tutorial.html
- Command line keys:
- v Added and modified /Area command line keys (the old version will remain working for backward compatibility):
- /Area:Processes is replaced by /Area+Processes.
- /Area:Modules is replaced by /Area+Modules.
- /Area:Environment is replaced by /Area+Environment.
- /Area:Additional is replaced by /Area+Additional.
- Added key: /Area+Modules - adds a list of modules loaded by processes. In this case, their PIDs are displayed in the list of processes.
- Added keys: /Area-Processes, /Area-Modules, /Area-Environment, /Area-Additional - forcibly exclude the corresponding section from the log, even if it is enabled by user settings.
- Keys /Area have the highest priority over the others.
- Added key /saveLog "Path" (or /saveLog "PathFile.log") - saves the report to the specified folder (and under the specified name, if the extension is specified as .log).
- The key /silentautolog is now display a window in a miniature form.
- The syntax of all keys is extended and now allows you to specify them with a hyphen, for example: -autolog
- Other:
- Installation of HiJackThis Fork is now available via command line (Chocolatey): 'choco install hijackthis'
- Maximum limit of the file size to calculate MD5 is increased up to 100 MB. Added MD5 calculation to sections where it was forgotten.
- Whitelists are updated for R4, O4, O7 - Untrusted certificates, O22, O23.