Home arrow Software arrow Page 2 - Interpreting HiJackThis Logs in Window...
Watch our Tech Videos 
Dev Hardware Forums 
Computer Cases  
Computer Processors  
Computer Systems  
Digital Cameras  
Flat Panels  
Hardware Guides  
Hardware News  
Input Devices  
Mobile Devices  
Networking Hardware  
PC Cooling  
PC Speakers  
Power Supply Units  
Sound Cards  
Storage Devices  
Tech Interviews  
User Experiences  
Video Cards  
Weekly Newsletter
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Interpreting HiJackThis Logs in Windows XP
By: Codex-M
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 2

    Table of Contents:
  • Interpreting HiJackThis Logs in Windows XP
  • Process Analysis, an Example
  • HJT Group Analysis
  • Malware Removal Steps

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article


    Interpreting HiJackThis Logs in Windows XP - Process Analysis, an Example

    (Page 2 of 4 )

    Entry under examination: C:WINDOWSSystem32smss.exe

    Path: C:WINDOWSSystem32

    File for analysis: smss.exe

    Step 1: Enter smss.exe in the search box found on the home page of , and click "Find."

    Step 2: After clicking on the results, you will see this screen shot:

    The tool returned six results for smss.exe. Bear in mind that only the GREEN result contains the specification for the correct/non-malware file; the rest of the results (in red) are reported malware or Trojans.

    Step 3: Click the GREEN result (first result) in the list. You will then see the description of the process under analysis, and most of the information which you should know in this page is under "General information."

    You will see the author and the default/standard process path; in this example it is:

    Author:Microsoft Corp.

    Part of:Microsoft Windows Operating System

    Common Path(s):%system%smss.exe

    The common path starts with %system%; path notations like this are called "environment variables" by Windows. The path actually points to the system32 folder in Windows XP. So in this case it will be:


    Another nearly complete list of environment variables commonly used is here:

    and here:

    Based on the result provided above, the common path coincides with the HJT entry for this process, so this means that it is not a malware or a Trojan entry.

    This is just a simple illustration of how to analyze a process entry in HJT logs. By doing this on a daily basis, you will soon be acquainted with what is normal and what is not, so in the long run, you will not need always need to look at as you slowly acquaint yourself with interpreting process- related entries.

    You can even put the HJT log into an Excel file and shade those entries that are malware. This way, you can systematically analyze processes one by one.

    More Software Articles
    More By Codex-M

    blog comments powered by Disqus


    - Top Add-ons for Gmail
    - Top Free Photo Editors
    - Administering Google Apps for Your Domain
    - Setting up Google Apps for Your Domain
    - EmailTray Helps Organize Email
    - Portable KeePass Tutorial for Ubuntu Linux a...
    - Windows 7: Applications to Enhance Your OS
    - Windows 7: Great Additions
    - Google Wave Waves Goodbye
    - Netvibes Releases Dashboard Engine
    - Monitoring your Children`s Online Activity w...
    - Evernote: a Lightweight Organizational App
    - A New Way to View Photos Online in 3D
    - Smartphone App iZup Helps Make the Roads Saf...
    - Adobe Elements 8 and Premiere 8 Editing Soft...

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
    KEITHLEE2zdeconfigurator/configs/INFUSIONSOFT_OVERLAY.phpzdeconfigurator/configs/ OFFLOADING INFUSIONSOFTLOADING INFUSIONSOFT 1debug:overlay status: OFF
    overlay not displayed overlay cookie defined: TI_CAMPAIGN_1012_D OVERLAY COOKIE set:
    status off