 You open your browser and instead of your standard home page, a flashing screen appears with pictures that belong to a different Web site. How could this happen? You didn’t change your browser settings. You have never visited this site before. The answer is: You’ve been hijacked!
Browser hijackers are programs or scripts that adjust your PC’s browser settings. The scenario described above is one of the most obvious forms of hijacking, but it’s not the only one. Some hijackers change or add a search box on your toolbar. Others add Favorites or bookmarks, and some perform a combination of these actions. One of the most infuriating hijackers causes a seemingly endless stream of pop-up windows to appear.
How does a hijacker hitch a ride into your system, and how can you eradicate it? Once it’s gone, how can you prevent other hijackers from attacking you? (Refer to the “Prevention Tips” sidebar for answers to this last question.)
 The Source Of Evil | 
Not all toolbars carry malicious code. The Google Toolbar, for example, offers useful features, including a search engine. You can choose to enable the Toolbar’s built-in usage reporting feature. |
Hijackers are not a “common-cold” strain of malware. They fall into the classification of adware or spyware, programs that monitor and report on your Internet or PC behaviors. Hijackers can arrive bundled as part of a freeware program installation, so it’s easy to unwittingly install the hijacker yourself. Hijackers also arrive as so-called “drive-by downloads”—they install themselves or make changes when you open an email attachment, download a file, or visit a Web site where the executable program code resides.
Some software from reputable firms will even change your home page, install toolbars, or add sites to Internet Explorer’s Trusted Sites zone. These programs should ask permission to make these changes, but some make the installation an option selected by default. If you don’t deselect it during installation—pop goes the hijacking weasel.
If you’re infected with one of the more insidious hijackers, you’ll no doubt want to be rid of it as soon as possible. Even if you like some new browser components, you may eventually want to eradicate them—especially if they start serving you targeted ads (a sign of behavior tracking).
Explore The Explorer
If you are running Windows Vista, the UAC (User Account Control) feature should have notified you before it installed new program components or made other system changes. (If you have turned UAC off, you’ll likely need to be even more aggressive.) However, UAC will not question changes in Internet Explorer’s options, including the home page, trusted sites, and bookmarks. That makes it easy for Web-based browser hijackers to access those settings, too.
If your home page has changed, navigate to the one you want. Select the Tools drop-down menu and select Internet Options. Click the General tab, and under Home Page, click Use Current. That will change your home page back—for now. If the home page changes back to the hijacked one, then you have bigger problems.
If you have unwanted toolbars, select Tools, Internet Options, Programs, and then select Manage Add-ons. Make sure Add-ons That Have Been Used By Internet Explorer is selected in the Show drop-down menu. Scroll down until you see an add-on with a name and publisher you do not recognize and select it. Under Settings, click Disable. See if this removes the toolbar from your browser interface. To remove the toolbar completely from your system, refer to the "Exert Some Control” section.
To eliminate a proliferation of pop-ups, click the Internet Options Privacy tab and click the checkbox in front of Turn On Pop-Up Blocker. Click the Settings button and make sure the Show Information Bar When A Pop-Up Is Blocked option is selected. To allow most helpful pop-ups, change the Filter Level drop-down menu to Low, Allow Pop-Ups From Secure Sites. (This may let some malware through. Another option is to override pop-up blocking when desired by pressing the CTRL-ALT keys consecutively when you click links.)
| 
An antispyware program with a free scanner, such as NoAdware, can help you find browser hijackers. |
To check IE’s Trusted Sites and Restricted Sites zones, click the Security tab, select Trusted Sites, and then click Sites. Vista will not scrutinize the behavior of any site in this zone. If you see any suspicious sites, select them and click Remove. Close the dialog box, select Restricted Sites, and click the Sites button. In the Add This Website To The Zone field, enter the name of the suspect site and click Add. Internet Explorer will use maximum safeguards with sites in this zone.
Exert Some Control
If you were hijacked by a program and not a Web site (more likely if you turned off UAC or Windows Defender, a Vista utility that protects against harmful software installation, you may need to dig a little deeper.
Depending on the installation, toolbars can be easy to remove. Try the Uninstall A Program feature. To do so, click Start and open the Control Panel. Under Programs, click the Uninstall A Program link. Another option is Windows Defender. From the Control Panel, click Security and click Windows Defender. Click the Tools icon and the Software Explorer link. Look under Startup Programs for offenders, select them, and if possible, click Remove.
If a well-disguised program is causing your woes, you may have to search it out. First, use System Restore to create a restore point (click Start, All Programs, Accessories, System Tools, and System Restore). Next, click Start, and in the Start Search box, type *.hta and click Search Everywhere. Repeat this process by typing the search string *.js instead.
Note that .JS (JavaScript) files are fairly common. If you have a large number of these, examine the locations in the folders column. A large number of similarly named files in adjacent locations (such as in a Games folder) are likely benign.
Right-click each questionable file and select Open File Location. Note the location of the file. Click Start and select All Programs, Accessories, and Notepad. On the File menu, select Open and navigate to the location of the file to open it. Scan the text for Web sites to which you have been hijacked. If you find any, delete files that include a .JS or .HTA file extension.
Finally, close all open programs. Return to the Start Search box and type the search string *.tmp. Click Search Everywhere. Select all results (hold down the SHIFT key to make multiple selections). Right-click them, select Delete, and then accept the prompt.
There are even more complicated options for removing hijackers, but we don’t recommend them for the average user. If you are determined to try, a program called HiJackThis (www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) can get you started. A safer and easier option is to purchase an anti-malware program or security software with an antihijacker component. (For more on anti-malware programs, refer to “Big Medicine” on page 63 and “Avoid Virtual Spies” on page 66.)  by Jennifer Farwell
Prevention Tips
Vista value. Use Windows Vista’s UAC (User Account Control) and Windows Defender for added protection against browser hijackers.
Free defense tools. Two we like are ZonedOut (www.funkytoad.com), which adds a list of dangerous sites and domains in Internet Explorer’s Restricted Sites list, and Browser Hijack Retaliator (www.zamaansoft.com), which prevents your Internet Explorer settings from being altered without your consent.
Windows Update. Use Windows Update (windowsupdate.microsoft.com) to keep both Windows and Internet Explorer up-to-date.
IE settings. Change your Internet Explorer settings to a higher level of protection.
Change browsers. The ubiquity of Internet Explorer makes it an attractive target for virus creators, so we recommend switching to a less-popular browser, such as Mozilla Firefox (www.mozilla.com). |
|
Email This
Print This