HJT: List of updates

[dragokas]

Here we'll public most recent HiJackThis Fork updates list.

If you want to test (experimental) version that is usually coming before actual pushing the source code, you can download nightly build by this link: https://dragokas.com/tools/HiJackThis_test.zip

---

For the full history (since v.2.6.1.0 Alpha Fork) - Oct 12, 2015 based on official v2.0.6, see: HiJackThis menu "Help" -> "About HJT" -> "History", or ./src/_ChangeLog_en.txt file. Russian version is here.

[dragokas]

2.6.4.21 - Apr 17, 2017
R4 - new whitelist mechanism for Bing.
R4 - fix is improved.
O4 - Startup other users: earlier the same user folder name was always displayed.
O21 - added checking ShellIconOverlayIdentifiers.
O21 - added checking EDS for pre-installed Microsoft dll-files.
O7 - TroubleShoot: new group. It display damaged system settings that can lead to OS malfunction.
O7 - TroubleShoot: added checking of environment variables - %TEMP%, %TMP%.
O2,O3,O22: improved compatiblity with x64.
Added interface locking while scanning via AutoLogger (key /silentautolog is affect).

[dragokas]

2.6.4.24 - Apr 24, 2017
File deletion mechanism is improved.
Added section O26 - Image File Execution Options.
Translation to Russian has been finished.
Revision and additions to program's internal help is finished (Help => About program => Sections).
Fixed error while starting program from read only drive.

[dragokas]

2.7.0.1 - Aug 17, 2017
The program is transferred to the Pre-Alpha status.
The code is significantly reorganized (refactoring).
Removed backup module due to the process of its full replacing.

v Added checking for updates avaliability via Internet.
(!) called from menu "Help" or "Misc Tools"
(!) available new option "Check updates automatically when program is starting".

v Ignore list: earlier you was unable to add entry with Russian or unicode characters.

v Added ASLR, DEP protection.

v Accelerated:

• EDS checking.
• saving huge reports.
• O1 - Hosts: if there are more than 40 records, the log will contain all of them, and results window will contain only first 20 and last 20 records + item "Reset contents to default".
• inteface navigation.

v Batch digital signature checker: added new fields to CSV report:

• is PE (whether the file is PE EXE format)
• Signer name
• Signer email
• Catalog path (path to the security catalogue, in which hash of the file was found)
• PE hash
• Algorithm of certificate hash
• Algorithm of signature digest
• Time Stamp (time when file was signed)

v Changed encryption:

• Program settings is now stored in HKLM\Software\TrendMicro\HiJackThisFork

v O26 - Image File Execution Options:

• added detection of AVRF Hook/DoubleAgent
• added checking of HKCU ш Wow64.

v Compatibility impovements:

• Windows Server with Terminal services.
• Cheking OS version.

v Security improvements:

• Blocked removing of Microsoft services.
  (!) Now system services can be removed only via menu "Tools" => "Delete Service".
  (!) "Tools" => "Delete Service" is now allows to enter display name of the service.
  (!) HTTP links have been replaced by HTTPS.

v Hyperlinks have been replaced and devided by languages for:

• "Analyze report" button
• sending error messages
• list of updates
• Online Guide in main menu
• Help => Support

v Added menu:

• Help => Support
• Help => Users' Manual => Sections' description
• Help => Users' Manual => Command line keys

v Updated GitHub Wiki pages: https://github.com/dragokas/hijackthis/wiki
v Opened common topic for discussing by English-speaking users: #4

v Size of program:

• HiJackThis.exe is now not packed by UPX due to the fact that UPX brokes binary compatibility when analyzing Crash-dumps.

[dragokas]

2.7.0.3 - Sep 02, 2017
O25 - WMI: fixed white lists.
O7 - IPSEC: reworked.
O17 - Added white list of good known DNS.
R4 - detalization of parameter names; checking is appended.
EDS: fixed cheking on Win 7 SP0.
Safe obtaining of environment variables.

[dragokas]

2.7.0.4 - Sep 14, 2017
Added displaying of default browser (for http protocol)

[dragokas]

2.7.0.9 - Sep 27, 2017
Menu has been reorganized, added icons.
Added output of OS version from NTDLL.dll file if it is different from the version obtained in the standard way.
Added output of Uptime (OS operating time).
Added output of "FirstRun" sign ("yes", if the scanning executed first time after system rebooting).
Added output of message, whether integrity of program is corrupted (e.g. due to the infection by file virus or due to the downloading of HiJackThis from non-official source).
O7 - TroubleShoot: added cheking of availability at least 1 GB of free disk space on system drive. Fix will call execution of Microsoft CleanMgr utility.
O7 - TroubleShoot: [Network] added checking whether computer name has empty name. It can lead to network problems.
Batch digital signature checker: added "Has internal signature?" field to the CSV report.

[dragokas]

2.7.0.10 - Sep 30, 2017
Accelerated work of the program on highly loaded systems on the CPU (due to the miners, etc.)
Fixed crash (clsStringBuilder)

[dragokas]

2.7.0.3 - 2.7.0.10
v Added full registry backup:
(!) called by pressing "Fix Checked" button, not more than once a week
(!) saved to a folder C:\Windows\ABR<Date>
(!) used utility ABR by Dmitriy Kuznetsov, so backups are compatible with UVs.
(!) recovering from backup is available with several ways:

• via HiJackThis: Main Menu => List of Backups => select item ": REGISTRY BACKUP" => Restore.
• run file C:\Windows\ABR<Date>\restore.exe
• via UVs v.4.0.8+ => Menu "File" => Restore registry from catalogue ... => select backup you need => Recover.
• via Windows RE: In command line of recovery environment enter :\Windows\ABR<Date>\restore :
  (!) recovery from backup will call system rebooting without warnings.
  (!) Uninstallation of HJT will lead to removing of backups from the folder C:\Windows\ABR, if only they was create via HJT.
  (!) All backups that is older than 28 days are removed automatically when new backup is created.
  (!) If system drive contains less than 1 GB of free disk space backups will not be created (!). You will see a warning in the section O7 - TroubleShoot: Free disk space on C: is too low = NNN MB.

[dragokas]

2.7.0.11 - Oct 06, 2017
EDS: fixed critical error in caching mechanism.
Now program will always run from the main menu, if not setted mark "Do not show this menu after starting the program". Earlier 2-nd program execution led to transition to the scan results window.

[dragokas]

2.7.0.12 - Oct 07, 2017
Added detection of OS Revision.

[dragokas]

2.7.0.13 - Oct 25, 2017
Added animation of progressbar in task bar when scanning processed.
Fixed work of ignore list.
Added O4 - HKLM..\BootExecute
Added O4 - HKLM..\FileRenameOperations
Cheking of launching from %temp% is now ignored for the switch /silentautolog and other switches.
Added possibility to install HiJackThis in folder 'Program Files' and menu 'Start' (File -> Install HJT).
Restored function of automatic HJT scanning at system startup.
Added button "Add ALL to ignore list" in context menu.
Added command line switch /install - to install HJT.
Added command line switch /autostart - to set HiJackThis for automatical scanning at system startup (use with /install)
Added warning if system has outdated Service Pack.
Added jumping to file or registry record via the result scanning window (look to right mouse click, Context menu => Jump to Registry / File).

[dragokas]

2.7.0.14 - Oct 27, 2017
R3 - Default URLSearchHook is missing: added CLSID fix
R3 - fixed error with redirector.
O2 - added checking of HKCU keys
O3 - added checking of HKCU keys
O3 - removed some white lists
O3 - added cheking of \Software\Microsoft\Internet Explorer\Explorer Bars
O8 - added checking of HKLM keys
Improved compatibility with Windows 2k.

[dragokas]

2.7.0.15 - Nov 03, 2017
All windows from 'tools' section will no longer lost the focus when you move mouse to the some items of main window.
F0, F1 didn't work after 2.7.0.1 (fixed).
F0, F1 is now show full path to file.
O1 - accelerated fix.
R1 - for ProxyServer: added displaying of status (enabled / disabled)
R1 fix for ProxyServer: added disabling of proxy.
O3 fix: added fix of WebBrowser and ShellBrowser keys.

[dragokas]

2.7.0.16 - Nov 06, 2017
O17 - DHCP DNS: fixed error when DNS is not displayed (curve code from Microsoft ^).

[dragokas]

2.7.0.17 - Nov 21, 2017
Added opportunity to download and launch programs for checking and cure shortcuts (Check Browsers' LNK & ClearLNK) via the menu Tools -> Shortcuts.
Accelerated creating of huge and debugging logs (optimized class of strings concatenation StringBuilder).
Accelerated creating of huge logs in /silentautolog mode (records are no longer added to ListBox). Fixed crash due to the ListBox overflow in /silentautolog mode.

[dragokas]

2.7.0.18 - Nov 25, 2017
Added cheking of registry type virtualization. No more double records for keys in log, if key has 'Shared' type.
Added universal iteration of registry hives. Now all hives: HKLM / HKCU / HKU (default, SID of services and other logged users) will be checked in every section.
Added O4 - Win9x BAT: C:\Windows\System32\Batinit.bat
Added O4 - Win9x BAT: C:\Windows\WinStart.bat
Added O4 - Win9x BAT: C:\Windows\DosStart.bat
Added O4 - Win9x BAT: C:\AutoExec.bat
Added O4 - WinNT BAT: C:\Windows\System32\AutoExec.nt
Added O4 - WinNT BAT: C:\Windows\System32\Config.nt
Added O4 - AlternateShell (SafeBoot):
Added O4 - ScreenSaver:
Added O4 - RunOnceEx:
Added O4 - RunServicesOnceEx:
Added O4 - Autorun.inf:
Added O4 - MountPoints2:
Added O7 - Taskbar policy:
O16 - Trusted Zone and Trusted IP range: added checking of https protocol.
O16 - ProtocolDefaults: added cheking of ldap, news, nntp, oecmd, snews, knownfolder protocols.
Added O21 - ShellExecuteHooks:
Introduces a new postfix "(folder missing)".
Added selection of menu item in scan results window by right mouse button click.

[dragokas]

2.7.0.19 - Dec 02, 2017
Added new Microsoft root certificate's hash.

[dragokas]

2.7.0.20 - Dec 04, 2017
/silentautolog - fixed error, when logfile cannot be created
O22 - Task: Reworked. Removed dependency from task scheduler service.
O22 - Task: Added support of output of several actions for 1 job.
O22 - Task: Added checking of legitimacy of ComHandler-jobs.
O22 - Task: The output of the job status (Running / Ready / Queued) is abolished, only the status "Disabled" is left.
O22 - Task: Added ability to remove damaged jobs.
Removed section O4 - Autorun.inf:
Removed section O4 - MountPoints2:

[dragokas]

2.7.0.21 - Dec 07, 2017
Updated whitelists.
Added horizontal scrollbar to the ignore list window.
O4 - HKLM..\FileRenameOperations: disabled output of entries, related to delayed deletion ( -> DELETE marks).
O22 - Task: added mark "(telemetry)" for entries, related to collection of statistics and tranferring to Microsoft server.
O22 - Task: removed marks "(Microsoft)" in tasks, that executes via host-process (cmd.exe, schtasks.exe e.t.c.)
Switch /ihatewhitelists - fixed.
Added switch /default - to load default settings (useful together with /silentautolog in case user changed settings himself). It is not affect ignore list.
Added switch /skipIgnoreList - do not load ignore list.
Added switch /timeout:sec, where 'sec' is a number of seconds allowed for HiJackThis to be run in /silentautolog mode until emergency shutdown (180 sec. by default); 0 - to disable.
Added output of time zone.
Correcting errors in the backup module.

[dragokas]

2.7.0.22 - Dec 09, 2017
Updated whitelists.
O17 - Removed ControlSet[x], referenced by the CurrentControlSet.

[dragokas]

2.7.0.23 - Dec 10, 2017
O22 - Task: Added parsing of .job files
O7 - Policy: [Untrusted Certificate] - added verification of the list of untrusted digital signature certificates and their analysis.

[dragokas]

[2.7.0.24] - Dec 15, 2017
Fixed error where log file created as trimmed due to the NUL characters.
Uptime is removed.
Finished translation of the list of updates into English.
Lists of updates of HJT, StartupList and ADSSpy are added to the tab in menu "Help" -> About HJT -> History.
R4 - SearchScopes: Changed format of log line.

[dragokas]

[2.7.0.25] - 17.12.2017
Updated list of certificates on XP.

[dragokas]

[2.7.0.26] - 23.12.2017
Updated list of DNS.
O4 - Added output of folders in Autostart directories.
O2, O3 - fixed heuristic cleaning.
R4 section - DefaultScope is merged with R4 - SearchScopes.
Little speed optimizations.

[dragokas]

[2.7.0.27] - 25.12.2017
O7 - Fixed output of certificates' owner name.
O7 - Added output of owner's name for certificates not listed in HJT database.
O7 - Added item "Policy: [Untrusted Certificate] Fix all items from the log", to fix all certificates at once listed in the log, if number of lines > 10.

[dragokas]

[2.7.0.28] - 01.01.2018
Fixed app crash when program is finishing its working.
Updated and improved script for retrieving new crash dump of program: http://dragokas.com/tools/debug/GetHJT_dump.zip

[dragokas]

[2.7.0.29] - 19.01.2018
All sections of the log are unified to cover a single template "Section prefix-bitness" - "optional, section name": "hive..\key": "optional, subkey" [parameter] = value
"Compressed" log O7 - IPSec: in case system has several identical rules.
Deleted attribute O7 - TroubleShoot: [EV] (environment value is altered)
Added attribute O7 - TroubleShoot: [EV] (folder is not exist)
Added attribute O1 - Hosts: is damaged (contains NUL characters only)
Attempting to fix a line with a legitimate file will now call SFC for it.
Separated into several lines with the possibility of separate fixes:

• O4 - HKLM..\Session Manager: [BootExecute]
• O17 - ... Parameters: [NameServer] (finalized)
• O20 - HKLM..\Windows: [AppInit_DLLs]
• O26 - IFEO (global).
  Added a forbiddance to the program to reboot the server OS with a request to the user to do it manually.
  Fixed the detection of some editions of server OS.
  Added bringing of the HJT window to the foreground as soon as the scan is complete.
  Improved file search by %PATH%.

[dragokas]

[2.8.0.2] - February 02, 2018
Logs:
Log "Environment variables" replaced by with the output of all environment variables of the current process.
O7 - Policy: [Untrusted Certificate] Black list of certificates and "Well-Known cert." attribute are removed.
Added option "Additional scan" (disabled, by default). It can be enabled in File -> Settings

Scan:
O4 - PendingFileRenameOperations (moved to "Additional scan")
O4 - Autorun.inf (added to "Additional scan")
O4 - MountPoints2 (added to "Additional scan")
O22 - Task: added attribute "(activation)" for tasks related to OS activation.
O22 - Task: added attribute "(update)" for GWX tasks ("Get Windows 10").
O23 - Service: added output of arguments.

Errors:
Fixed bug, that lead to absence of process list in XP.
Fixed bug in working with collections, that could lead to application crash.
Fixed several errors, when O23 malware entries were not included in report.
Fixed app crash when user attempt to close it before StartupList2 finishes its working.
Fixed work of checkbox "Mark everything found for fixing after scan".
Fixed bug when trying to add HJT to startup beeing launched via Start menu and also on XP/2k systems.

Protection:
Improved protection against removing system files when EDS mechanism is damaged.
Added protection from finishing system critical processes.

Fixes:
O21: added restarting of Explorer.
O4: added process freezing.
O22: added finishing of task.

Interface and other:
Added icons to the tools and removed unused from resources.
Added multilingual description in file properties (DE/FR/EN/RU).
Menu "Misc Tools" is reorganized:

• additional settings is moved to main settings menu;
• added section "Plugins";
• added buttons "Registry Keys Unlocker" and "Digital signature checker".

Main settings are splitted into categories:

• Scan area
• Scan options
• Fix & Backup
• Interface

Option "Ignore Microsoft files" is renamed into "Ignore Microsoft entries"
Option "Ignore non-standard but safe domains in IE (e.g. msn.com, microsoft.com)" is absorbed by "Ignore Microsoft entries".
Added tooltips to some checkboxes.
When HiJackThis.exe launches from archive, now it is asking for unpacking into {Desktop}\HiJackThis subfolder, not a root of desktop.
Improved scan speed on highly-loaded systems in /silentautolog mode.
Added command line keys:
/Area:Process - include list of running processes in report
/Area:Environment - include environment variables in report
/Area:Additional - execute "Additional scan"
Whitelists has been updated.

[dragokas]

[2.10.0.17] - Apr 07, 2022

• Added new Microsoft certificates.
• Files unlocker: Added buttons "Add File(s) / Folder(s)".

[dragokas]

[2.10.0.18] - May 28, 2022

• Returned missing buttons in Uninstall Manager ^^
• Fixed broken functionality of 01 - Hosts (thanks to Boxersteavee for report).
• Improved Hosts file read speed.
• Improved registry export speed.
• [Backup] CRC32 calculation speed and reliability are improved.

[dragokas]

[2.10.0.19] - Jul 24, 2022

• Whitelist services is updated.
• Some adjustment in O4 to show "(Microsoft)" postfix for more cases.
• O22 - Tasks_Migrated: Added detection of migrated tasks in Windows 11.
• O22 - Tasks: Added detection of tasks in SysWow64.
• O22 - Tasks: fixed incorrect decoding of non-English characters by xml parser.

[dragokas]

[2.10.0.20] - Aug 02, 2022

• Several AppLocker fixes are done (thanks to regist for report, analytics and support):
• O7 - AppLocker: Added detection of "ManagedInstaller" rule.
• O7 - AppLocker: Fixed hash-based rule displayed one record instead of multiple.
• O7 - Applocker: Improved "Fix all" procedure.

[dragokas]

[2.10.0.21] - Aug 28, 2022

• Added free memory info and total CPU loading *.

loading data may be overestimated on weak processors.

• Cut down icon metadata causing false positive detection by Yara rules (VT).
• Fixed Hosts template and its ACL permissions according to reference.
• O22 - Added -32 prefixes for 32-bit tasks on 64-bit OS.
• Tools=>Unlock file/folder: Improved recurvive procedure of reset permissions.

[dragokas]

[2.10.0.22] - Aug 29, 2022

• Digital Signature Checker Tool: New buttons "Add folder", "Clear list".
• Translation corrected.

[dragokas]

[2.10.0.23] - Sep 03, 2022

• Context menu: Added button "Copy" - "File Argument".
• Search: Save lastly entered phrase after program exits.
• ADS Spy: fixed functionality of "Browse" button (thanks to Alexyz21 for report).
• Uninstall manager: fixed location of "Remove Software" button.

[dragokas]

[2.10.0.24] - Jan 11, 2023

• Fixed ignore list operation when "Calculate checksum" option is enabled (thanks to Gordon-Dry for the notification).

[dragokas]

[2.10.0.25] - Jan 14, 2023

• Fixed freeze while fixing O7 - TroubleShooting: (EV).
• Whitelists Windows 11 has been updated.
• Added detection of Windows Defender policies and restoring AMSI providers.

[dragokas]

[2.10.0.26] - Feb 13, 2023

• Fixed system reboot on Windows 11.

[dragokas]

[2.10.0.28] - Mar 02, 2023

• Fixed progress bar bug (thanks to @Yashil06 for report).

[dragokas]

[2.10.0.29] - Apr 14, 2023

• Added O7 - AutoLogon.
• O7 - TroubleShooting (EV): [PathExt] and [PSModulePath] moved to "Missing list" method, which means item is displayed if only system defaults missing.
• Fixed Timer class overflow (thanks to Mikle Quits).
• Fixed "Search on Google".
• Some speed optimizations.

[dragokas]

[2.10.0.31] - May 06, 2023

• Fixed potential error in retrieving paths of executable images on Windows 8.1- due to OS bug (thanks to HackerVlad).
• TamperProtection will show an error code instead of the number 0 if an access is denied.
• Fixed freezing for 15 seconds on Windows 10+ when checking BITS.

[dragokas]

[3.0.0.1 Alpha] - May 26, 2023

• F*ck them all, manifest is on github: https://github.com/dragokas/hijackthis
• No f*cking release
  General:
• Renamed program to HiJackThis+ (Plus) to refer to a specific product without confusion with other forks:
  • smooth transition from stand-alone exe version to multi-file version is planned
  • the program can no longer be launched from the archive directly
  • part of the modules is planned to be ported to C++ code with multithreading
  • Due to violation EU GDPR by the certificate authorities which doesn't want to remove personal data from the certificate, excessive cost, as well as the war in Ukraine, the software certificate will not be renewed:
  • when starting the program, the publisher name will be displayed as "Unknown"
  • the program will be supplied with a self-signed certificate with the name of Alex Dragokas
  • you can manually add this certificate to the Windows root store to continue see the publisher name in the UAC window. Instruction: https://github.com/dragokas/hijackthis/wiki/How-to-add-HiJackThis-root-certificate
    New:
  • Added section "B" - (Browsers); under development; output/fix of suspicious Google Chrome extensions is currently supported.
  • Added "Registry key type analyzer" tool (you can see symlinks, redirector type (presence of WOW companion and its type: Shared/Reflected/Simple key), virtualization, flags, date, etc.). Would be useful for researchers and developers.
    Functionality:
• Added new marks:

• "(missing)" - displayed for a missing registry entry (parameter or key).
• "(access denied)" - displayed if there are no access permissions to the object.
• these marks are planned to be extended to work in all sections, however at the moment it only works in O7 [TamperProtection].

• x32 keys ("-32" sections) are displayed with normalized name now (\Wow6432Node\ is specified whenewer the section log record isn't shortened). Can be viewed fully through context menu "Jump".
  Bugs:
• Fixed Digital Signature Checker: could give incorrect (pre-cached) data for some fields due to faster processing.

[dragokas]

[3.0.0.2 Alpha] - May 29, 2023

• The situation in Ukraine: sirens, sirens, sirens == insomnia.
• "Additional scan" is included in the "default" settings.
• O7 - Taskbar policy: added NoViewContextMenu, NoSecurityTab
• Added display of current user account type: Local/Microsoft/ActiveDirectory/AzureAD/Internet (Windows 8 and above).
• Remove symlink keys (source).
• Better quality of taskbar icon.
• Fixed missing menu icons when selecting a language with unicode characters.
• Support Unicode text for the system menu (no context menu yet).

[dragokas]

[3.0.0.3 Alpha] - June 01, 2023

• Added definition of O7 - Account: UAC
• Added O7 - Policy: *..\Policies\Explorer\DisallowRun: Fix all - fixes all DisallowRun lines at once and sets the DisallowRun parameter to 0.
• Displaying account type in AutoLogon.
• Fixed: SFC wasn't performed for missing system files.
• Fixed: The file name wasn't copied via the context menu if "File missing".
• Fixed: DisallowRun displayed wrong state.
• Improved Regexp in Registry Key Type Checker; fixed bug with field selection.
• Fixed false positives of Additional subsections.
• Fixed mark Boot mode: Safe Boot ("with" or "without network support" is always written).
• Added the DataChecker class, which makes it easier to create definition rules.
• Design change:
  • text format changes
  • Button "None of above, just start the program" renamed to "Settings"
  • Removed the checkbox "Do not show the main menu after starting the program"
  • DPI support for logo

[dragokas]

[3.0.0.4 Alpha] - June 03, 2023

• Added BitsAdmin wait timeout (thanks Sandor)
• Improved compatibility with AutoLogger software (thanks to regist)
• Added new keys to O7 - Policy
• Improved Boot Mode output (displayed only if enabled and supported by hardware and OS):
  • Added Secure Boot state (thanks Kazakevich O.)
  • added Test Signing state
  • added Debug Mode state
  • added Hypervisor enforced Code Integrity (HVCI) state
• Added context menu Copy => File Hash

[dragokas]

[3.0.0.6 Alpha] - June 04, 2023

• Fight against false antivirus detections:
  • Encrypted strings with Windows Defender keys
  • Rollback of CopyBytes optimization because Avira doesn't like this function :(
  • Temporarily moved to legit certificate which almost out-of-date
• GitHub release link is replaced by static to a stable version 2.x, which will not be updated.

[dragokas]

[3.1.0.1 Alpha] - June 17, 2023

• Added detection of O4 - Active Setup (thanks to regist).
• Added flag (+safe mode) for services and drivers that starts in safe mode.
• Added file signer to the logfile (in all sections where it makes sense):
  • for all Microsoft files the mark will look like this: (Sign: 'Microsoft')
  • unsigned files: (no sign)
  • files with signature verification error: (invalid sign)
  • files with a successfully verified signature, however without trust of the root certificate: (sign: '', but untrusted root: '' with fingerprint: )
  • the signature is specified for the main file, not the argument. The exceptions are: O22 (based on Rundll32 and CLSID) and O23 host services, which displays the name of the dll signer.
  • other details can be found in additional help (RU only): https://www.safezone.cc/threads/dopolnenie-v-rukovodstvo-po-hijackthis.27470/post-333487
• EDS verification tool:
  • added field "Root Issuer" - name of the issuer of the root certificate.
  • added field "API error code" - GetLastError verification functions. Do not rely on this code as a validation result.
  • added field "Signer name (friendly)" - name of the signer, as it appears in the explorer properties window.
  • fixed lot of bugs.
• Optimization of the file existence check code.
• Support for Ctrl + A to select all text in input fields.
• Fixed: Data corruption while copying/pasting text into input fields with a different keyboard layout.
• Fixed: in O23 - Drivers some paths were specified with wrong redirector.
• Fixed: missing -32 prefixes for some sections.
• For O10 LSP Fix under Windows 8+ it is recommended to use Uncle Carey's NetFix utility.
• Updated the list of well-known DNS address substitutions for O17.
• Blocked possible closing of the window by the user in case of lag (thanks to The Trick).
• Installer: Added shortcut "Registry Key Type Analyzer".
• Auto-update: Improved installation of HiJackThis when it is shipped with multiple files.
• Auto-update: Fixed several bugs when HJT is installed to another folder via /instDir key (thanks to de-served).

[dragokas]

[3.1.0.2 Alpha] - June 19, 2023

• EDS verification tool:
  • added expert options
  • added PE EXE filter (search for all files corresponding to the Portable Executable format)
• O23 - Driver: Fixed skipping 3rd party drivers signed with single signature (by Microsoft).
• O23 - Driver: If the third party driver is only signed by Microsoft, the "CompanyName" field from the file properties will be added to the mark.
• Forced launch in "Additional Scan" mode if HJT v3.1.0.1 or lower was in use before.

[dragokas]

[3.2.0.1 Alpha] - Sep 17, 2023

• [new] Added detection of O7 - Policy: Bitcoin wallet address hijacker is present (no fix).
• [new] Added section O27 - Account & Remote desktop protocol. Description can be found in menu Help - About - Sections.
• O7 - Autologon is moved in O27.
• Added mark "(no fix)" - which means the fix is not provided.
• Registry Key Analyzer: added option "Create key if not exists" (it should create key and instantly remove after checking if it didn't exist).
• [clean] Pending delete file operations items are moved to whitelist (known as PendingFileRenameOperations -> DELETE).
• Autobackup registry (ABR) is updated to v1.10.
• Removed suggestion to use Uncle Carey's Windows 10 NetFix to fix O10 - LSP, because this utility became payed. For Windows 8.1 use other tools, like: https://support.kaspersky.ru/common/windows/12378
• Fixed compatibility with Windows XP.
• Windows 2000 is no longer supported.

[dragokas]

[3.2.0.2 Alpha] - Oct 09, 2023

• Fixed a bug with displaying the user group name.
• Fixed code looping on some interceptions.
• The "Hosts file manager" module has been rewritten with more reliable code; added "Reset" and "Update" buttons; The "Open" button now launches the default editor.
• The style of the main menu buttons has been replaced and unified to be identical in all OS versions. The buttons support themes, however so far only one theme has been drawn (dark).
• Removed the "Misc Tools" button.
• The "Online Guide" button has been renamed to "Tutorial & Support", and now opens a submenu with access to a choice of online/offline help and treatment forums.
• Renamed the "List of Backup" button to "Backups".
• Renamed the menu button "Help" - "Support" to "Report a bug".
• The "Do a system scan..." buttons are no longer disabled when scanning; pressing again will switch you to the results window.
• Fixed quality/cropped logo at DPI >= 150 (thanks to Eduardo and VanGoghGaming for help).
• References to Dr.Web were deleted because the company no longer uses HiJackThis for the treatment on forum.
• Minor corrections to the translation and the main project page.
• Improved debugging mode.

[dragokas]

[3.3.0.5 Alpha] - Nov 02, 2023

• All UI elements have been replaced with Unicode counterparts (thanks to Krool and VanGoghGaming).
• Fixed out-of-buffer writing in rare cases with incorrect registry keys.
• Fixed insufficient control with an attempt to check the digital signature of a folder, which could lead to a crash due to the redirector being disabled (thanks to Sandor for the support).
• Fixed Kaspersky false positive on the fix behavior. To prevent this from happening, unpack all utility files from the archive (thanks to akok for the notification).
• Comprehensive cleaning and code "obfuscation" from primitive checks of antiviruses and sandboxes to prevent their suspicions (thanks to akok for the help).
• Refactoring of the program initialization stage.
• Loading of the main menu has been accelerated.
• Hosts Manager: reset is standardized to the default hashes of the vanilla OS hosts file; fixed "Open in editor" button.
• List of OS editions has been updated.
• Improved compatibility with Windows XP and Vista.
• Changed the settings storage key. The previous settings will be moved automatically.
• Unnecessary databases are removed.
• Dead links are removed.
• Dependency on Microsoft MSCOMCTL32 is removed.
• Temporary: dependency on the apps\VBCCR17.OCX component

[dragokas]

[3.3.0.6 Alpha] - Nov 02, 2023

• Deleting the log before starting the scan
• Corrected program version

[dragokas]

[3.3.0.7 Alpha] - Nov 09, 2023

• Fixed broken checkboxes of lists after the latest update.

[dragokas]

[3.3.0.8 Alpha] - Nov 27, 2023

• Added escaping of line breaks and non-printable characters. Format: \x1F, where 1F is the ASCII code of the character in Hex.
• Added remembering of the last opened folder in various tools.
• Fixed file modification time during assembly.
• Added build date to the log header.
• Workaround for problems in Windows that prevent HijackThis from running.

[dragokas]

[3.3.0.9 Alpha] - Dec 15, 2023

• Added detection of autorun Null-values.
• Added the database of LolBin files with updates from lolbas-project.github.io service (thanks to @oddvarmoe, @bohops, @xenoscr, @ConsciousHacker, @liamsomerville, @wietze, @_josehelps)
• HijackThis fix is protected against accidental deletion of LolBin files that didn't pass digital signature verification for some reason.
• Escaping http => hxxp.
• Additional information is displayed for unsigned files: company from the file properties and SHA1 hash.
• The way of obtaining paths to processes has been changed - it doesn't require opening the process (thanks to @fafalone).
• O7 - TroubleShooting: improved checking of %Temp% system profiles.
• Auto-removal of DACL locks of HJT settings keys.
• More reliable handling the clipboard (thanks to @wqweto).
• MS certificates list has been updated (thanks to Sandor).
• Whitelists have been updated.
• Other fixes.

[dragokas]

[3.3.0.10 Alpha] - Dec 18, 2023

• Unlocked the ability to remove services with Microsoft-signed executable.
• Added company and SHA1 hash output for files with damaged digital signature, marked as "(invalid sign)".
• The allowed file size for hash verification has been increased to 300 MiB. If the check exceeds or fails, this will be indicated in the log.
• Improved digital signature verification: for Win 8+, the secondary signature (of the manufacturer) is displayed, if the primary signature by Microsoft.
• Bugs of the previous build have been fixed.

[dragokas]

[3.3.0.11 Beta] - Dec 21, 2023

• O7 - KnownFolder: added checking for physically missing folders.
• Fixed HijackThis installation error.
• The Hosts File Manager tool is presented as a separate window.
• Added Anti-BSOD when deleting services.
• Fixed a bug where the standard font wasn't applied by some forms.
• Added the ability to change the standard UI font separately from the list font.
• Fixed errors in compatibility with XP/Vista, checking minimal processes on Win 8+.

[dragokas]

[3.4.0.1 Alpha] - Jan 28, 2024

• Fixed a vulnerability in the buffer overflow of the scan results list.
• Fixed a critical error in the HiJackThis backup restoration function:
  • It is not recommended to use the "Restore" button for backups in versions 3.3.0.5 - 3.3.0.11 without updating to this version, as it may destroy all other backups;
  • However, it is safe to revert to backups created by previous versions of HiJackThis.
• Compatibility improvements and BCD fix when using registry restoration through Autobackup Registry:
  • ABR updated to v1.12 (thanks to D.Kuznetsov).
• Fixed a crash on right-click on certain items in scan results (thanks to de-served for reporting).
• O7 - KnownFolder: (folder missing) false triggering on legal redirection fixed. The redirection fix now also includes creating folder structure (thanks to de-served).
• UI behavior fixes for Ctrl + F.
• Fixed regression: item not being marked on double-click.
• Added escaping www. => vvv.
• Improved program update procedure for certificate errors (thanks to regist).
• O22, O23 whitelists have been updated.
• MS certificates have been updated (thanks to Sandor).