Privacy Watch: Kill Really Stubborn Spyware With This Tool

Illustration: Mark Matcho
The frustrating thing about spyware is how astonishingly persistent some of the nasty little apps can be. You think that you've cleaned them off with a squirt of some reputable anti-spyware utility; but the next time you boot up, they're back again. If you want to get rid of them permanently, who you gonna call? HijackThis.

HijackThis is a free tool of last resort, something you should turn to only after you've exhausted both Ad-Aware and Spybot Search & Destroy--and a full system antivirus scan as well. But if your PC has been infected with spyware, HijackThis can look deep within the places in Windows where spyware apps dig in their roots, and help you figure out how to yank the weeds.

HijackThis is different from a lot of anti-spyware apps. It doesn't attempt to identify which code it thinks is spyware, and it won't offer to remove the bad stuff automatically. To use HijackThis effectively, you'll probably need advice from experts, unless you can spot a spyware program by the names of its Registry keys and DLL files. One good resource is the large group of dedicated volunteers on the TomCoyote Forum.

Because it's a powerful tool, HijackThis could kill a critical part of Windows, rendering your PC unbootable. Your best course of action is to perform a full system backup beforehand. If you're running Windows XP, at least create a system restore point so that you can back out of any changes you make. To do this, click Start, Programs, Accessories, System Tools, System Restore, select Create a restore point, click Next, and follow the instructions.

Running the program is easy: Double-click HijackThis.exe, and then click the Scan button in the lower-left corner to start the analysis. The program gives you an inventory of everything it has found in 34 different locations where spyware can live. Click the Save Log button (it replaces the Scan button after the scan is complete) to create a text file of your results. Post that file, along with a description of your PC's symptoms, on the message board at TomCoyote Forum or another forum dedicated to spyware.

Getting rid of the spyware-related entries in HijackThis isn't always equally easy. After a volunteer makes a recommendation, rerun HijackThis and fill in the check boxes next to the entries that the volunteer recommends you delete. When you click the Fix Checked button, those Registry entries get deleted--but sometimes those keys can be restored the next time you reboot. In those circumstances, the volunteers will give further recommendations.

Using HijackThis can be tricky, but when a really nasty strain of spyware invades your system, you'll be glad you have it.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon