Softpedia >Windows >Security >Security Related >HiJackThis+ >  Changelog

HiJackThis+ Changelog

What's new in HiJackThis+ 3.2.0.1 Alpha

Oct 6, 2023
  • Added detection of O7 - Policy: Bitcoin wallet address hijacker is present (no fix).
  • Added section O27 - Account & Remote desktop protocol. Description can be found in menu Help - About - Sections.
  • O7 - Autologon is moved in O27.
  • Added mark "(no fix)" - which means the fix is not provided.
  • Registry Key Analyzer: added option "Create key if not exists" (it should create key and instantly remove after checking if it didn't exist).
  • Pending delete file operations items are moved to whitelist (known as PendingFileRenameOperations -> DELETE).
  • Autobackup registry (ABR) is updated to v1.10.
  • Removed suggestion to use Uncle Carey's Windows 10 NetFix to fix O10 - LSP, because this utility became payed. For Windows 8.1 use other tools, like: https://support.kaspersky.ru/common/windows/12378
  • Fixed compatibility with Windows XP.
  • Windows 2000 is no longer supported.

New in HiJackThis+ 3.1.0.2 Alpha (Jul 10, 2023)

  • EDS verification tool:
  • Added expert options
  • Added PE EXE filter (search for all files corresponding to the Portable Executable format)
  • O23 - Driver: Fixed skipping 3rd party drivers signed with single signature (by Microsoft).
  • O23 - Driver: If the third party driver is only signed by Microsoft, the "CompanyName" field from the file properties will be added to the mark.
  • Forced launch in "Additional Scan" mode if HJT v3.1.0.1 or lower was in use before.

New in HiJackThis+ 2.10.0.19 Beta (Jul 25, 2022)

  • Whitelist services is updated.
  • Some adjustment in O4 to show "(Microsoft)" postfix for more cases.
  • O22 - Tasks_Migrated: Added detection of migrated tasks in Windows 11.
  • O22 - Tasks: Added detection of tasks in SysWow64.
  • O22 - Tasks: fixed incorrect decoding of non-English characters by xml parser.

New in HiJackThis+ 2.10.0.16 Beta (Jan 12, 2022)

  • Added Spanish translation (thanks to Andago).
  • Added key /LangSP - force use Spanish language for user interface.
  • Corrected size of the forms for better match the translation.
  • Minor edits of RU/UA/FR translations.
  • Updated Merijn Bellekom donation link in StartupList tool.
  • StartupList (and HJT): fixed "Show file" context menu didn't work with System32 files.

New in HiJackThis+ 2.10.0.13 Beta (Dec 26, 2021)

  • Fixed potential crash related to bad buffer size in codepage encoder (thanks to @thetrik for letting me know).
  • Fixed missing translation.
  • Fixed font size on some controls.
  • [Updates checker] Corrected error code returned.
  • System errors description are now displayed on selected language.
  • [Uninstall manager] Fixed double-unicode in registry snapshot report on some locales.

New in HiJackThis+ 2.9.0.1 (Oct 22, 2018)

  • Log:
  • Improved format of the log lines.
  • Added mark "No suspicious items found!", if the number of entries = 0.
  • Added display of 'Scan mode': if enabled "Additional scan", "Environment variables", "Ignore ALL Whitelists" or disabled "Processes", "Hide Microsoft entries".
  • Backups:
  • Added backup/restore of O23, O25.
  • Restoring of library registration.
  • Restoring of the file attributes and time stamps.
  • Restoring of initial security rights on file / registry key (thanks to Kazakevich Aleh for help).
  • ABR from Dmitriy Kuznetsov is updated to v1.05 (improved compatibility with Win10 build 1803).
  • Main scan:
  • O5 - 'Blocked IE Options' - section is renamed and expanded to cover any hidden control panel items; added compatibility with Vista+.
  • O7 - Added detection of policies: NoViewOnDrive, RestrictRun, DisallowRun, NoControlPanel, LockTaskbar, NoDispCpl, NoDrives, DisableTaskMgr.
  • O7 - Added detection of restricted DACL permissions on some Policy and Certificate keys.
  • O7 - TroubleShooting: (EV) - added checking presence of essential system folders in %PATH%.
  • O10 - LSP: whitelist is removed. Checking is performed by EDS.
  • O10 - LSP: is now display all chain gaps and unknown providers and doesn't stop on the first found.
  • O18 - Protocols/Filters: criteria of checking is replaced with EDS; added check for registry subkeys.
  • O22, O23 - Windows Defender items are temporarily added to whitelist.
  • O26 - Added detection of UWP applications debugger
  • "Additional scan":
  • Added subsection O23 - Drivers: - list of loaded drivers.
  • Added subsection O23 - Dependency: (experimental), consist of 3 groups:
  • Microsoft Service 'X' depends on non-legit service: 'Y'
  • Microsoft Service 'X' depends on non-legit group: 'Y'
  • Microsoft Service Group 'X' contains non-legit service: 'Y' (Note: some 3d-party services can legally add their records to Microsoft Service Group)
  • "Environment variables" scan:
  • Added listing of special folders.
  • The environment variables are supplemented and divided into categories "[User]", "[System]", "[Current process]".
  • Fixes:
  • O22 - Added removing of task's executable (if it is not belong to Microsoft).
  • O23 - Added cleaning of legit services dependency from the service that is being deleted.
  • Compatibility:
  • Added compatibility with DBCS-systems (locale-independence).
  • Added compatibility when launch via Local System context:
  • also mark "<=== Attention! ('Local System' account)" will be displayed in the log.
  • some tools will not be available in this mode due to security reasons.
  • Reduced CPU loading in the "Scan on system boot" mode.
  • File choosing dialog boxes are now support x64 bit folders (c:WindowsSystem32).
  • vChecking the write access for new log is replaced by AccessCheck() API to not interfere with AV.
  • Improved protection against BSOD.
  • Errors:
  • Bug: Fixed cases in Win8/10 when line O4 is marked as StartupApproved (disabled) instead of RunRun32.
  • Bug: Fixed crash while HiJackThis finishing its work when launched from archive.
  • Bug: Fixed issue with 0 bytes size of the log, if StartupList was start just right before.
  • Bug: Fixed access denied while reading some tasks (thanks to Sandor for testing).
  • Bug: Fixed the failure of some functions when setting a specific date format in the system.
  • Bug: Fixed issue with displaying binary data in LSP log.
  • Finished "Jump to Registry/File" menu for O23 and other sections.
  • StartupList: added tracing the errors in /debug mode, fixed some errors that caused crash (thanks @Hostn4me for testing).
  • Updates checking:
  • Bug: Fixed updates checking. The program is untied from github due to problems with https on XP and is now downloaded from dragokas.com.
  • Added proxy support (Note: Socks5 is not supported) (thanks Sandor for testing).
  • Added option "Update to test versions" - if you want to receive the latest updates without waiting for a stable release.
  • Added option "Update in silent mode" - the program will automatically update and restart with the initial command line keys.
  • Interface:
  • Added ability to choose the font (for whole interface or for scan results list and input fields only).
  • Improved interface navigation during scanning.
  • The autoscrolling of the scan results list has been removed.
  • Horizontal scroll bar is added before scan is complete.
  • Translation:
  • The translation into Russian of the list of changes to individual Misc tools was completed.
  • Added ProcMan list of updates.
  • The Netherlands part is translated into English.
  • The spelling of the Ukrainian translation has been improved.
  • Updated English text with spell and grammar checking (thanks to Tanner Helland).
  • Tools:
  • START menu is appended with shortcuts of separate tools and plugins (upon installation of HiJackThis).
  • Accordingly, added command line keys:
  • /tool+StartupList
  • /tool+UninstMan
  • /tool+DigiSign
  • /tool+RegUnlocker
  • /tool+ADSSpy
  • /tool+Hosts
  • /tool+ProcMan
  • /tool+CheckLNK
  • /tool+ClearLNK
  • Uninstall programs manager is updated to v2.0:
  • Interface and format of the log lines is changed.
  • Improved x64 compatibility.
  • Added "Hidden" mark for the programs that could not be uninstalled via default Control Panel snap-in.
  • Added (no Uninstall command) mark for the programs that have no string to call uninstaller.
  • Added (User: username) mark for the programs that requires log in of another user to be properly uninstalled.
  • Added jump to registry key.
  • Added filter by HKCU / HKLM / HKU / Hidden / No uninstall command / Common Software.
  • Digital Signature Checker:
  • Fixed errors "Access denied" when verifying some files, protected with DACL.
  • Increased speed of system folder verifying.
  • Fixed issue with failure to work on Windows 7x64 SP0 and under some another conditions.
  • Added ability to verify and show 3d-party publisher of drivers on Vista+.
  • ProcMan: added ability to enum modules of 64-bit processes.
  • ADS Spy: added button "Save log".
  • ADS Spy: added support of ReFS file system.
  • Tutorial:
  • Completed work on the renewed Russian manual for the Fork and v2.0.5: https://regist.safezone.cc/hijackthis_help/hijackthis.html (thanks to regist)
  • Updated short help on sections (on English, Russian and Ukrainian), available inside the program and web-site: http://dragokas.com/tools/help/hjt_tutorial.html
  • Command line keys:
  • v Added and modified /Area command line keys (the old version will remain working for backward compatibility):
  • /Area:Processes is replaced by /Area+Processes.
  • /Area:Modules is replaced by /Area+Modules.
  • /Area:Environment is replaced by /Area+Environment.
  • /Area:Additional is replaced by /Area+Additional.
  • Added key: /Area+Modules - adds a list of modules loaded by processes. In this case, their PIDs are displayed in the list of processes.
  • Added keys: /Area-Processes, /Area-Modules, /Area-Environment, /Area-Additional - forcibly exclude the corresponding section from the log, even if it is enabled by user settings.
  • Keys /Area have the highest priority over the others.
  • Added key /saveLog "Path" (or /saveLog "PathFile.log") - saves the report to the specified folder (and under the specified name, if the extension is specified as .log).
  • The key /silentautolog is now display a window in a miniature form.
  • The syntax of all keys is extended and now allows you to specify them with a hyphen, for example: -autolog
  • Other:
  • Installation of HiJackThis Fork is now available via command line (Chocolatey): 'choco install hijackthis'
  • Maximum limit of the file size to calculate MD5 is increased up to 100 MB. Added MD5 calculation to sections where it was forgotten.
  • Whitelists are updated for R4, O4, O7 - Untrusted certificates, O22, O23.