June 9, 2009 - "HijackThis™ is one of the well-known free utilities of Trend Micro that quickly scans a user’s Windows computer to find settings that may have been changed by spyware, malware, or other unwanted programs. By itself, it does not determine what is good or bad but it lists registry keys and files system of the scanned system where unwanted programs potentially could reside. Only experienced users and IT experts with outstanding practice in HijackThis could use the initial text information without the community help. Almost all users of this tool rely on the online evaluation and analysis of the report, provided by several HijackThis communities. A list of some of these communities can be found here*. Edgardo Diaz, Jr., Escalation Engineer in TrendLabs, found a certain executable program (Loaris Trojan Remover
) that contained the HijackThis program repackaged using Delphi-based packager InnoSetup. Upon extraction, the user interface (UI) gives the user the option of running HijackThis from an external source. The application really does install HijackThis on the user’s computer. Unlike the real version, however, Loaris’ repackaged version sells its own antivirus solution using HijackThis as a come-on
. Users who are really interested in using HijackThis, may thus be tricked into buying the antivirus by accepting the end-user license agreement (EULA - see Screenshot at the Trendmicro URL above
) that comes with the installer.
>>> Beware, Trend Micro does NOT sell nor intend to sell HijackThis. Trend Micro supports its communities by providing information and updates to registry keys, validity of system or BHO (browser helper object) files. Details and free downloads are available at TrendSecure web site**.
This is not the first, not the only and not the last software used in illicit schemes. Users are strongly advised to download software only from the official vendor sites or highly trusted communities."