KB ID 0000056 Dtd08/01/09Also See KB0000183 Spyware / Malware Rogue AV and Rogue Antispyware “Scareware”
There is currently an alarming trend of companies and websites that think its quite OK to change your web browser without your permission. What most of them try to do is,
1. Modify your homepage.
2. Modify your default search page.
Sometimes your default connection will be pointed at sites that carry adult material or sites that are simply selling something. Another thing these guys do is drop items into your favorites, quicklinks folder and even to your desktop. Most of the time they are simple to fix and simply resetting your homepage will cure the problem, but if they have been really malicious this can be automatically set back to the “Rouge” page by executing code.
Normally I would put “How to Prevent Being Hijacked” First, but sadly the fact that your reading this probably means you have already been stung ๐
You can start manually digging through the registry if you wish, but most people will not know where to start, so we are going to need to get help from a third party vendor (don’t panic this wont cost you anything) any of the following can find and remove your problem.
Option 1 (This is what I use)
Simplicity itself, load it up, click start, leave it on its default setting of “perform smart system-scan”, Click Next. It will take a while to scan the entire registry and your hard drive (Time for a coffee!) When Its done click Next, Tick EVERYTHING in the obj. column and click next, you will have to click OK to confirm. NOTE Sometimes Ad-aware cannot remove them right away and will ask if you want to remove them on reboot select yes and reboot the PC, when it comes back up Ad-aware will reload and finish its job ๐
HELP! Its not fixed
OK If the above software didn’t solve the problem then your next step is to download the following piece of software.
Run this little doohickey, and it will list registry entries and running processes that it considers suspicious (NOTE a lot of innocent entries will be listed). OK now you have a list of what’s running you need to analyzed it (Gulp!) Don’t panic the good thing is, if you haven’t got a clue, DONT go posting your hijack list to a forum like EE It just gums up the message boards go here and have it analysed for you CLICK HERE
How To Prevent being hijacked
Well to be honest the best way is stop using Internet Explorer and use another browser like Opera (Free). But seeing as the vast majority of you will be using IE, I’ll give you some pointers.
The very first thing to do is update your browser (And Operating System) with all the latest security patches and hotfixes, CLICK HERE
Open your Control Panel and select Internet options or from internet explorer click Tools > Internet options.
1.vClick the security tab
2. Click Internet then custom level.
3. Click the drop down arrow, select Medium, click reset, then click OK.
4. You should now be back where you were at step 2 click the custom button again
5. You will see more options than these I’ve cut the others out, set yours to the same.
NOTE: If you are bugged to death being asked if you want to run scripts then set the Scripting>Active Scripting to enable (But I warned you ๐
6. Click OK and accept the warning by clicking “Yesโ
OK now your browser is set up, there a a few more steps you can take to remain “Hijack free”
1. Download in Install IE-SPYAD this will add a raft of “Known abusers” web sites to your restricted zone, you will still be able to go there but the sites wont be able to abuse you.
2. Ensure you have installed the following (MS00-075)
3. Now install some software to sit and monitor your browser while you are online in case any “Miscreant” tries to hijack your browser. Already listed above SPYWARE BLASTER