Hijacked Browser

Internet security
Somehow I've managed to have my browser (MSIE v6.0.2800.1106) hijacked. By this I mean every time I reboot my computer my home page and search page are always changed to something I don't want. I've used Spybot - Search & destroy to find the problems, which it does remove, but every time I reboot my pages are changed again. How can I fix this without having to buy something to specifically take care of it. Thanks,

Answer Wiki

Thanks. We'll let you know when a new response is added.

There are a lot of anti-spyware programs out there that can solve your problem. I’ve actually just tried out the new Microsoft beta called Microsoft Windows Antispyware (Beta). The beta is free and it allows you to set what the home page, search page, etc… should be set back to if it does find a hijacking. Download it here: http://www.microsoft.com/athome/security/default.mspx

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Bobkberg
    Get a copy of hijackthis.exe - it's free from many places (like download.com). This is one of those stealth apps that re-installs itself - so you need make sure that everything is clean. Just make sure you know what you're doing. HijackThis is a powerful tool - which will also allow you to shoot yourself in the foot. Bob
    1,070 pointsBadges:
  • Sexton
    Although the other suggested solutions may work (I've never used either product), Spybot has the tool set required to clear up your issue. The default installation which most people do, is not enough to "protect" your computer. In fact, currently no single product is enough to protect from this fast growing trend of spy / malware. However, in your case, Spybot can do the job just fine. Since there is much more spybot can do, I will try to keep this focused on your exact issue, but you should certainly look at the other features for maximum protection with Spybot. Before you open Spybot, set your internet explorer home page to what you want it to be. Then open Spybot, click on the "mode" pull down menu and select advanced mode. This will now show the other options. Click on "Tools". On the right, I check everything except "bug report". This will show more options under tools (back on the left). Go through them all, as they all have great value. Click on "Browser Pages" and look at each one on the right. If one does not look like one you use, click the change button, and change it to something you want. "About Blank" is fine if you don't want another, but I usually use Microsoft, or Google, but you can pick any you want. Now, click on "IE Tweaks" and make sure the "Lock IE Start page setting against user changes (current user)" Note: this is user dependant, and you will need to do this for each user that may log on this pc. Also, if you ever want to change your home page, you will have to uncheck this as the option to change in IE will be grayed out. Notice the Lock Hosts file option, as I mention this later. Now click on "Resident" and make sure the check box for "Resident "TeaTimer" (Protection of over-all system settings) active." is checked. Again, this is per user. This can be a pain in the butt, however, less painful than not using it. Rule of thumb for non IT people, if your doing something (windows updates, program installations / changes etc.) and you get the teatimer popup window, allow it. If your not intentionally doing something, deny registry change. This should clean up your browser hijack issue. Now, there are a lot of people who will argue this one, and I'm not going to argue. I know the hosts file was created with a different intent, but I do use the spybot "host file" feature. It will add known bad sites to your host file, and point it to localhost so the page will not show up. From time to time after updates, I remove them and re-add them in case an update also includes hosts file updates. I've also used this very same list, with the addition of my own to my firewall block list. I also believe you have some issues in "system startup". New or changed entries since the last time you were in system startup will be in bold. There is a Vertical bar on the right hand side that should be moved to the left (it has a left arrow at the top, and bottom). Now when you click on an item in system startup, if Spybot knows about the product, it will tell you what it knows. Spybot does not know about everything, but it's surprisingly good. Feel free to "toggle" the status, and later delete should an item not be needed. Be warned, deleted items do have a method of re-appearing, if this happens, you got something else going on that has gone undetected, and will require further investigation. Spybot is a freeware program, and if used properly, does a good job, however, I still find other anti-spyware programs are needed for maximum protection. To keep the author of Spybot producing signature files, you should make a donation. And no, I don't know the author, but like the program, but wish for more frequent updates. Good luck. Robert
    0 pointsBadges:
  • Habiru
    Well since you want a free solution, you're going to have to pay anyway with some time. http://www.pchell.com/support/spyware.shtml Go here and get a little education on what has happened to you so you can make an informed decision on how to handle it. There is such a wide variety of homepage hijackers and some of them or polymorhpic and resist standard removal methods. You will need a copy of HiJack this, and don't forget to read the tutorial or you will end up breaking more than you fix. HiJack this will ensure that all spyware is removed. The reason for the other programs is that they will also removed the executables that loaded the crap in the first place. Using the new "Giant" aka Microsofts Beta software is a good place to start. You can also use Counterspy free for 30 days.Make sure to download Spybot and configure it properly as was also noted.If your winsock is broken after removal you will also need to repair your winsock or have a winsock repair tool BEFORE you attempt repair. http://www.spywareinfo.com/~merijn/ Go here to get the other tools you might need such as the winsock repair tool or some of the other specialty tools requires such as CWS shredder for Cool Web Search. Then either educate yourself or download Firefox or use an alternate browser to keep some of this spyware that uses active x installers from installing through IE. No doubt you'll have much more spyware on your computer than you think you have. So, run Giant first, then Spybot with the config mentioned earlier from a well informed respondent. Run Giant/Microsoft and reboot each time until it tells you nothing is left. Then run spybot, and when it tells you nothing is left, then run HIJack This. If it indicates you still have malware, then you'll have to start digging. YOu can also run CWS shredder just for the heck of it if you don't know what you are doing. Won't hurt. Make sure you have the winsock repair tool before you start in case your winsock gets nuked by removing some of the spyware.
    0 pointsBadges:
  • Dad1989
    I concur with the previous replies. I will note that Spybot has saved me a number of times. At home I have switched to Firefox for additional vulnerability avoidance. At work I cannot totally switch yet because internal applications are not compatible with Firefox. Another useful tool is BHODEMON. This plugs into your MSIE and provides additional protection against Browser Helper Objects (BHOs). Malicious BHOs could have a part in some hijacking cases, although I could not say that is the case with yours. Check out more about it at: http://www.definitivesolutions.com/bhodemon.htm This tool saved me once recently. I will reiterate the notes written earlier about being careful with the tools mentioned as they are quite powerful.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: