Hijack.Shell

Short Bio

This is the generic description for hijackers that alter the registry values

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\SystemShell

or

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System
Shell

It does this to point to one of their own files, which will then be run automatically when the system starts running Windows.

Remediation

Malwarebytes can remove Hijack.Shell without further user interaction. Removal will often require a reboot. The user will be prompted to do so if necessary.

Associated threats

  • Hijack.Shell.Generic

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language