HomeHome »Topics»Computer Security»Hijacked browser? Fix it!

Hijacked browser? Fix it!

Latest Forum Posts


Recommended System Tools


Top 5 Software

Driver Detective

Download a FREE trial of Driver Detective today!
It keeps your drivers up to date for your PC, to keep it running safe and secure.

Download Today!

Created: 03 Jan 2004 ::: Last updated: 02 May 2007

Applies to:   Win95   Win98   WinMe   Win 2000/NT   WinXP   WinVista   MacOS

Keywords: internet, security, remove, spyware, browser, homepage, search, page, anti-virus, Hijack, This

By Andy Walker

(This is part of the anti-spyware FAQ on Cyberwalker.com.)

Here's a series of steps you can take to use Hijack This to fix a browser hijack.

(Thanks to my good friend RT for teaching me this, providing the notes this was based on, and allowing me to pass this on to you.)

BEFORE YOU START
Download and install Hijack This from www.downloads.com.

Step 1: THE SAFETY STUFF
Back up your documents and create a system restore point.

Step 2: CHECK FOR SUSPICIOUS STARTUP ITEMS.
You can use Hijack This to clean out hijacked items from Microsoft's Internet Explorer (hijacks are redirections caused by to spyware), but they will return if the executable program causing it is not also removed.

  1. Click on Start > Run, and type msconfig and click OK.
  2. Select the Startup tab.
  3. Uncheck any items you don't recognize, but be careful -- many legitimate programs will appear here, too.
    Most spyware will load from this area. If you're unsure whether a particular item is legitimate or not, do a Google search on the .exe file name that loads. The only caveat here is that some spyware .exe files get a randomly generated name, so a search will not identify those.
    You can look in the Command column to see the name of the .exe file itself. If you cannot see the entire name, stretch the column.
    By the way, it IS safe to uncheck everything here, as a test anyway - nothing critical to Windows loads here. So, if in doubt, it is OK to uncheck something.
  4. Apply the changes, and restart Windows.

Step 3: RUN HIJACK THIS.

  1. Run the tool, and select Scan.
  2. Look mostly at the R0, R1, and 02 entries. This relates to the hijack, and represents changes to your default browser settings for your home page or search page.
  3. Have a look at the addresses for these entries. If you find any that are different from your preferences, check the box next to each one.
  4. Click on >Fix Checked and confirm.
    This process cleans out the modified (hijacked) entries. You can also define what Hijack This uses by clicking the Config button (lower right), but this is not required.

1 | 2 | 3  Next Page »