{"id":13517286,"url":"https://github.com/dragokas/hijackthis","last_synced_at":"2026-02-14T23:26:46.610Z","repository":{"id":51134628,"uuid":"71896621","full_name":"dragokas/hijackthis","owner":"dragokas","description":"A free utility that finds malware, adware and other security threats","archived":false,"fork":false,"pushed_at":"2025-01-16T22:04:32.000Z","size":182265,"stargazers_count":726,"open_issues_count":17,"forks_count":114,"subscribers_count":49,"default_branch":"devel","last_synced_at":"2025-03-31T08:39:36.137Z","etag":null,"topics":["adware","cleanup","expert","hijacking-methods","malware","portable","pup","scanner","security","toolbars","tuneup","unwanted"],"latest_commit_sha":null,"homepage":"http://hjt.sf.net","language":"Visual Basic 6.0","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dragokas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"patreon":"dragokas"}},"created_at":"2016-10-25T12:51:16.000Z","updated_at":"2025-03-22T19:28:18.000Z","dependencies_parsed_at":"2023-02-09T20:30:59.376Z","dependency_job_id":"f364bc8c-4260-4891-b118-a1b58b8194ec","html_url":"https://github.com/dragokas/hijackthis","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/dragokas/hijackthis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragokas%2Fhijackthis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragokas%2Fhijackthis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragokas%2Fhijackthis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragokas%2Fhijackthis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dragokas","download_url":"https://codeload.github.com/dragokas/hijackthis/tar.gz/refs/heads/devel","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragokas%2Fhijackthis/sbom","scorecard":{"id":354954,"data":{"date":"2025-08-11","repo":{"name":"github.com/dragokas/hijackthis","commit":"9858429518cd297ca28da4a2e41ab9769e19f8c7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: src/MSCOMCTL.OCX.res:1","Warn: binary detected: src/tools/VBCCR/ActiveX Control Version/Bin/VBCCR17.lib:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU General Public License v2.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'devel'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-18T09:18:13.076Z","repository_id":51134628,"created_at":"2025-08-18T09:18:13.076Z","updated_at":"2025-08-18T09:18:13.076Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29460541,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T22:42:09.113Z","status":"ssl_error","status_checked_at":"2026-02-14T22:42:05.053Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adware","cleanup","expert","hijacking-methods","malware","portable","pup","scanner","security","toolbars","tuneup","unwanted"],"created_at":"2024-08-01T05:01:32.181Z","updated_at":"2026-02-14T23:26:46.598Z","avatar_url":"https://github.com/dragokas.png","language":"Visual Basic 6.0","funding_links":["https://patreon.com/dragokas"],"categories":[":shield: Security","Malware Analysis","Visual Basic 6.0"],"sub_categories":["ARM","Hashing"],"readme":"## Download\r\n[![](https://dragokas.com/tools/img/hjt/Icon_mini.png)](https://dragokas.com/tools/HiJackThis_test.zip)\r\n[Latest build](https://dragokas.com/tools/HiJackThis_test.zip) [v3.x] - Release\r\n\r\n[![](https://dragokas.com/tools/img/hjt/Icon_mini.png)](https://dragokas.com/tools/HiJackThis_stable.zip)\r\n[Stable build](https://dragokas.com/tools/HiJackThis_stable.zip) [v2 outdated] - not updated anymore\r\n\r\n![](https://dragokas.com/tools/img/hjt/main_menu2.png)\r\n\r\n_(this is beta-version - major changes are in progress; although it is definitely safe to use)_\r\n\r\n# HiJackThis+\r\n\r\n**HiJackThis+ (Plus)** (previously called: HiJackThis Fork v3) is a fork and a continuation of the original [Trend Micro HiJackThis by Merijn Bellekom](https://sourceforge.net/projects/hjt/) development, once a well-known tool.\r\n\r\nAt the moment, it is a step-by-step 100% rewritten source code of the original engine, aimed to provide a full compatiblity with the most recent Windows OS and a balance beetween compiling very fast results in logfile and combatting with the most popular malware, inluding the one not known to other antiviruses.\r\n\r\nIt is made by Alex Dragokas - a lawyer, security observer and malware researcher.\r\n\r\n## Overview\r\n\r\nHiJackThis+ is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. Shortly, consider it like Sysinternals [Autoruns](https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns).\r\n\r\nThe difference from classical antiviruses is the ability to function without constant database updates, because HiJackThis+ primarily detects **hijacking methods** rather than comparing items against a pre-built database (signatures). This allows it to detect new or previously unknown malware - but it also makes **no distinction** between safe and unsafe items. Users are expected to research all scanned items manually, and only remove items from their PC when absolutely appropriate.\r\n\r\nTherefore, FALSE POSITIVES ARE LIKELY. If you are ever unsure, you should consult with a knowledgeable expert BEFORE deleting anything.\r\n\r\nHiJackThis+ is not a replacement of a classical antivirus. It doesn't provide a real-time protection, because it is a passive scanner only. Consider it as an addition. However, you can use it in form of boot-up automatical scanner in the following way: \r\n * Run the scanning by clicking \"Do a system scan only\"\r\n * Add all items in the ignore-list\r\n * Set up boot-up scan in menu \"File\" - \"Settings\" - \"Add HiJackThis to startup\"\r\n * Next time when user logged in, HiJackThis will silently scan your OS and display UI if only new records in your system were found.\r\n\r\n## Tutorial\r\n\r\n * Please, refer to the [List of tutorials](https://github.com/dragokas/hijackthis/wiki/HJT:-Tutorial)\r\n\r\n## Features\r\n\r\n * Lists non-default settings in the registry, hard drive and memory related to autostart\r\n * Generates organized, easily readable reports\r\n * Does not use a database of specific malware, adware, etc\r\n * Detects potential *methods* used by hijackers\r\n * Can be configured to automatically scan at system boot up\r\n \r\n## Advantages\r\n\r\n * Short logs\r\n * Fast scans\r\n * Not necessarily to create fixing scripts manually\r\n * No need for internet access or recurring database updates\r\n * Already familiar to many people\r\n * Portable\r\n\r\n## New in version 2.6+\r\n\r\n * Detects several new hijacking methods\r\n * Fully supports new versions of OS Windows \r\n * New and updated supplementary tools\r\n * Improved interface, security and backups\r\n\r\nHiJackThis+ also comes with several modules useful for specific analysis and removing malware from a computer:\r\n * StartupList 2 **(\\*new\\*)**\r\n * Process Manager\r\n * Uninstall Manager\r\n * Hosts File Manager\r\n * Alternative Data Spy\r\n * Services Removing Tool\r\n * Batch Digital Signature Checker **(\\*new\\*)**\r\n * Registry Key Type Analyzer **(\\*new\\*)**\r\n * Registry Key Unlocker **(\\*new\\*)**\r\n * Files DACL Unlocker **(\\*new\\*)**\r\n * Check Browsers' LNK \u0026 ClearLNK (as downloadable components) **(\\*new\\*)**\r\n\r\n## Log analysis\r\n\r\n**IMPORTANT**: HiJackThis+ does not make value-based calls on what is considered good or bad.\r\nYou must exercise caution when using this tool. Avoid making changes to your computer settings without thoroughly studying the consequences of each change.\r\n\r\nIf you are not already an expert, we recommend submitting your case to an online help forum. Here are some suggestions:\r\n- English: [Our GitHub](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F) ; [GeeksToGo](http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/) ;  [BleepingComputer](https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/)\r\n- Russian: [SafeZone](https://safezone.cc/pravila/) ; [CyberForum](https://www.cyberforum.ru/viruses/thread49792.html) ; [OSZone](http://forum.oszone.net/thread-98169.html) ; [SoftBoard](https://softboard.ru/topic/51343-правила-подраздела/) ; [THG](http://www.thg.ru/forum/showthread.php?t=92236) ; [VirusInfo](https://virusinfo.info/showthread.php?t=1235) ; [KasperskyClub](https://forum.kasperskyclub.ru/index.php?showtopic=43640)\r\n\r\n\u003e Note: currently, only [VIRUSNET association](https://github.com/VIRUSNET-Association) can provide direct analysis of HiJackThis+ logs in [our github 'Issues' section](https://github.com/dragokas/hijackthis/wiki/How-to-make-a-request-for-help-in-the-PC-cure-section%3F). Please feel free to ask help there (English/Russian only).\r\n\r\n## Technical support\r\n\r\n * [Actual short User's manual](https://dragokas.com/tools/help/hjt_tutorial.html) (in English)\r\n * [Actual complete User's manual](https://regist.safezone.cc/hijackthis_help/hijackthis.html) (in Russian)\r\n * [Recent updates by the author](https://safezone.cc/threads/27470/) (in Russian)\r\n * [Additional instructions on Wiki-pages](https://github.com/dragokas/hijackthis/wiki)\r\n * Discussion and news are in [this topic](https://safezone.cc/threads/hijackthis-fork-i-voprosy-k-razrabotchikam.28770/) (in Russian) or at [BleepingComputer](https://www.bleepingcomputer.com/forums/t/792585/hijackthis-plus-explaining-development/) (in English; access restricted to experts only) or on our [GitHub page](https://github.com/dragokas/hijackthis/discussions/137) (for everybody).\r\n * You can also freely ask questions, report bugs, or propose improvements by [creating an issue on GitHub](https://github.com/dragokas/hijackthis/issues)\r\n\r\n## System requirements \u0026 Compatibility\r\n\r\n  * Microsoft™ Windows™ 11 / 10 / 8.1 / 8 / 7 / Vista / XP (32/64-bit desktop and server)\r\n  * WinRE \u0026 LiveCD are NOT supported\r\n\r\n## Copyrights\r\n\r\n * **Alex Dragokas** { [@dragokas](https://github.com/dragokas) } - author of fork (major v3 and all post-v2.0.6 updates), refactoring, additions, tools integration\r\n * **Merijn Bellekom** { [@mrbellek](https://github.com/mrbellek) } - original author, author of the new [StartupList v2](https://github.com/mrbellek/StartupList2) and [ADS Spy](https://github.com/mrbellek/ADSspy)\r\n * **Trend Micro** { [@trendmicro](https://github.com/trendmicro) } - owner of the [original version](https://sourceforge.net/projects/hjt/) (2.0.5)\r\n### Thanks to:\r\n * **regist** (VIRUSNET) { [@regist](https://forum.kasperskyclub.ru/index.php?showuser=44533) } - for the valuable tips and ideas, user's manual, database updates, closed and beta-testing\r\n * **Sandor** (VIRUSNET) { [@Sandor-Helper](https://github.com/Sandor-Helper) } - for the beta-testing, lot of reports, PC treatment on GitHub and forums of association\r\n * **akok** (VIRUSNET) { [@akokSZ](https://github.com/akokSZ) } - for product promotion, providing a platform for tests and discussion, help with resolving conflicts with antiviruses\r\n * **SafeZone.cc team** (general [VIRUSNET](https://github.com/VIRUSNET-Association/VIRUSNET) community) - for promotion and support, feedback and bug reports, PC treatment on forums of association\r\n * **Fernando Mercês** { [@merces](https://github.com/merces) } (Trend Micro) - coordinator of original HJT, for the tips, suggestions and promotion\r\n * **Loucif Kharouni** { [@loucifkharouni](https://github.com/loucifkharouni) } (Trend Micro) - coordinator of original HJT, for the tips \u0026 suggestions\r\n\r\nHiJackThis+ by Alex Dragokas is a continuation of Trend Micro HiJackThis development, based on [v.2.0.6](https://sourceforge.net/p/hjt/code/HEAD/tree/beta/2.0.6/) branch and 100% rewritten at the moment. HiJackThis+ was initially supported by Trend Micro, but they have since refused support and closed its GitHub repository.\r\nHiJackThis+ is distributed under the initial [GPLv2 license](https://github.com/dragokas/hijackthis/blob/devel/LICENSE.md). It also includes several tools and plugins available as freeware.\r\n\r\n## Reviews \u0026 Mirrors\r\n(clickable)\r\n\r\n[![](https://dragokas.com/tools/img/hjt/softpedia-reward.png)](https://www.softpedia.com/get/Security/Security-Related/HiJackThis-Fork.shtml) [![](https://dragokas.com/tools/img/hjt/mg_certified.gif)](https://www.majorgeeks.com/files/details/hijackthis_fork.html) [![](https://dragokas.com/tools/img/hjt/comss_one.png)](https://www.comss.ru/page.php?id=6749)\r\n[![](https://dragokas.com/tools/img/hjt/chocolatey_badge2.png)](https://chocolatey.org/packages/hijackthis)\r\n\r\n**Note:** These mirrors belong to other companies. They are non-official.\r\n\r\n### More references:\r\n * [Wikipedia (EN)](https://en.wikipedia.org/wiki/HijackThis)\r\n * [Wikipedia (RU)](https://ru.wikipedia.org/wiki/HijackThis)\r\n * [LabRats - Intro to HijackThis (Video)](https://www.youtube.com/watch?v=oZU6mTkGgGY)\r\n * Please, report more links if you know :)\r\n\r\n## Other projects\r\n\r\nYou may also find my other programs useful:\r\n- [Check Browsers' LNK](https://toolslib.net/downloads/viewdownload/80-check-browsers-lnk/) \u0026 [ClearLNK](https://toolslib.net/downloads/viewdownload/81-clearlnk/) to cure shortcuts\r\n- [Different tools](https://github.com/SafeZone-cc) at SafeZone repository.\r\n- [My articles, tutorials and research](https://www.cyberforum.ru/blogs/218284/blog3628.html) (in Russian)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdragokas%2Fhijackthis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdragokas%2Fhijackthis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdragokas%2Fhijackthis/lists"}