Has Your Browser Been Hijacked?

Downloaded and installed 'SuperAntiSpyware' about 7-8 years ago and clicked the 'Hi-Jack Prevention' tab. Entered my home-page address and haven't been hi-jacked since.
Every couple of years I'll goof up and end up with a toolbar that I don't want, so I have to delete that then run CCleaner (Registry). Poof! Gone! But never had a home-page hi-jacking.

Hello Mr. Rankin and everybody else!

ONCE you remove the miscreants that hijacked your browser (by using anti-malware software to get rid of it) then you better head over to www.tweaking.com and install their Windows Repair (All-IN-ONE) application.
It will reset all the windows functions back to normal pre-computer attack!

I can vouch for it because when my buddy had 200 pieces of viruses; trojans; rootkits and the like in his desktop it TOOK OUT the Windows Update module running on Windows XP. It took a while to remove all that Bacteria (Yuck). I could have re-installed the computer but I wanted to SAVE the computer and the files on it!
Please note: When someone's computer is as viciously attacked as his was . . . It is vitally important that YOU change the password at sites where YOU transact sensitive information online!
(One does not know how far the attack went to remove important information from your computer!!!)
The All-in-One did its job and restored over ten windows functions PLUS it Re-Activated Windows Update which is so Vitally important in maintaining the Windows Operating System!

Respectfully,

TheRube

East Coast Middle Atlantic States

hi bob,
don't you mean control, alt, DELETE? control alt escape just opens the start menu, last i checked.

that said, control alt delete can allow you to bring up the default windows taskmanager. but it can't close hung or hijacked applications usually.
if you want a taskmanager with some COJONES, i've been using dimio task manager free for about the last decade...gives you a task manager with some real power to it, nothing like the default ms wimpid one. you can force reboots, end processes and kill almost anything that runs on the machine. if you haven't checked it out yet, please do bro. still lovin' the newsletter all these years later..keep 'em coming old friend!
peace, jimi

EDITOR'S NOTE: Nope, Ctrl-Alt-Esc works on all versions of Windows to bring up Task Manager. C-A-D only works on XP.

From curiosity I looked at HOSTS file (Windows 7 with 64 machine). copied link to explorer and was asked what to open with - chose Notebook.
My hosts file is just a sample file - # starts every line. So I browsed to location and in //etc/ folder. hosts has no live lines; networks, protocol & services files all have active lines (I get the same 'open with' options for each when 2-clicked).
I found no etc/ in system/ or SysWOW64 folders, and no other /hosts file anywhere.
I guess it only uses the DNS system for to find sites.

I once downloaded some free software and agree to install something like the google taskbar at the same time because I didn't read the fine print carefully before I clicked "accept". I discovered that I should have unchecked the box that said "do you want to install X". This was technically not a hack - I could have known that it would happen if I'd read more carefully, but I was in a hurry to use the software.

My Internet Explorer used to open with a welcome to Toishba page but now MSN comes up and the Welcome to Toishba is on Google Chrome

First of all, I'd to say that, anyone owning a computer and doesn't run antivirus software and a firewall today, shouldn't be complaining. They're the first programs to be installed. There's a bunch of Free programs and most are good. My favorites are MSE (Microsoft Security Essentials), Avira and Avast.

That said,your advice is good. The way I go about it, is to download, from a Clean computer (friend or family), these tools and save them on a USB stick (Flash Drive):

MalwareBytes' Anti-Malware

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

SuperAntispyware Portable:

http://www.superantispyware.com/portablescanner.html

DrWeb CureIt :(you will need to accept the license agreement)

http://www.drweb-online.com/en/cure_it.asp?rpid=

CCleaner : (the free version)
http://www.piriform.com/ccleaner/download

Now, Boot in Safe Mode Only and plug in the USB Drive to access those programs you just downloaded.

If not already installed ( make sure you are running the latest version), Install CCleaner and run it. Delete what it finds. Close application.

Next, install MalwareBytes' and run a Quick Scan.
IF it finds anything , have the program delete what it finds. (we usually run a Full scan once in Normal Mode after the quick scan)

The next one you would like to run in Safe Mode would be SuperAntispyware Portable It does extremely well in Safe Mode. A Full scan would be advised. It will most likely find and delete lots of cookies as well.

Now, boot in Normal Mode and run Dr.Web CureIt. It's an .exe so , no install needed. Let it run a Quick scan. IF it finds anything, let it delete or "Cure" what it finds and then run a Full scan.

IF MalwareBytes' found malware in Safe Mode then, run a Full scan of it also in Normal Mode.

After all these scans , I like to install (or you can use the .exe to simply scan):

(Please take note: This is a powerful program and needs to be handled by people who know their way around computers)

HiJackThis:

http://sourceforge.net/projects/hjt/

(Trend Micro USA bought HiJackThis but, has made it Open Source and you can now download from SourceForge.)

In this little program, you will find many tools. One of which is to scan your PC. Save a copy and Upload the scan to this site:

http://www.hijackthis.de/

Copy and Paste the scan in the open box and click on the Analyze Button at the bottom. Wait a few second and you will get a detailed review of the scan along with how Safe those entries are. Click on the Check Marks or Red X's to get more details on that particular entry along with members view on their experiences with this entry

Also included in this program are the means to delete those nasty Tool Bars, plus the Hosts File and it's contents where, once again, you can delete bad entries.

Once you deem your PC safe and follow Bob's advice on resetting your browser(s) and it's security features I would then, Create a Restore Point "manually" and delete All others. This is in case malware has been "saved" to a previous restore point. It is not active but, should you restore your PC to that restore point, you will then be re-installing that malware.

Well, that's how I go about it. It does take time but, saves me the trouble of re-installing Windows.

Now, follow what Bob said about

Recently got a Trojan-Backdoor:PHP/C99shellG. It played havoc and sent out email spam to everybody. It also somehow changed the modem wireless settings which were password protected. Anyhow,, I downloaded MS Standalone Sweeper on another computer onto a CD. I ran that in the infected computer. That took five hours but it did find the bug and toasted it. I then loaded a different Antivirus program. The comput had been running McAfee Internet Security when the comput got infected. I loaded Bitdefender Internet Security and it caught the bug trying to get back in. Then, I had to reset the modem back to factory settings and set it up again with different passwords and closed all the ports except the ones I needed. I set the allowed connections to two, which is the number of computers that are connected at the same time. I had to go into the registry and delete some lines there that should not have been there. I then went through my program applications in the MSCONFIG and deleted anything that should not have been in there. Lastly, I put in my original Windows Recovery disc and did a Repair to Windows. Then, I started the computer in Safe Mode with Networking, just to be sure. Also cancelled the email account that the Trojan came in on along with my contacts list after I had printed them off to be re-entered in a new file. How long did all this take; almost a week and some long nights. What a pain this thing was. I emailed McAfee and sent them the particulars on the invasion but only received an email asking me to send them a sample of the infected files. Too late! They were all deleted. Whoever creates these invasive programs should be tarred and feathered then dumped over Niagara Falls. Just my opinion of the creators of viruses and Malware programs.
Thank you for the info on your site. I have learned much and pass on to others what you share.
God Bless

I don't have a HOSTS file, per se. All I have at C:\windows\... was a small file (734 bytes) telling me what a HOSTS file was.
Should I sit on the panic button or does this matter?

EDITOR'S NOTE: If the filename is "HOSTS" then you do have one! Inside you'll find instructions for modifying the HOSTS info, as you mentioned.

Thanks for sharing. In the past few weeks, my home page of Avant browser had been changed I couldn't change it back, Now, after some work, it backs to good again,Happy.

Not much to add here, but I've noticed a few issues in the comments.
The process explorer shortcut is not ctrl-ALT-esc, but ctrl-SHIFT-esc (Bob made the same mistake in his reply edit).

Christine Cassello - I suspect Toishba is the name of your computer manufacturer. Internet Explorer is often set up on new machines to point to the makers web site. When you installed Chrome it defaults to importing your settings from Internet Explorer - including that start page :)

If you have Window (and Linux too!) you have a "Hosts" file. It's just where Bob said it is (I use it all the time for privacy purposes and to help with pop under ads). If for some reason it's not there, just create it with the single line "127.0.0.1 localhost" (no quotes of course).

I've had 30+ years of IT, including being a systems programmer, and as Bob will attest, due vigilance is just as important as antimalware software. Don't become overly dependent on it for protection.

In your answer to Jimi did you not mean ctrl-shift-esc to access task manager?

I think the main reason why people get unwanted toolbars and other unwanted parasites is because when installing a new program they just click "next-next-next" and don't look at what else will be installed.
I always go through the installation process slowly and carefully, sometimes hitting the BACK button a few times, to make sure nothing unwanted is installed.
I also use the Custom settings instead of the "Recommended" settings.
This process has prevented a multitude of unwanted applications and toolbars from becoming installed.
I hope this helps. :-)

Problem with Ask.com toolbar.Not fix

Here's one that should put in jail, Babylon!! Yes Babylon! It hijacked my browser, then made itself the default search engine, then when I ran SuperSpyware it failed to notice anything about Babylon, but then I ran Spy-Boot and it found adware Babylon with an 572 other add-on's to Babylon with all kinds of folders, cookies, god knows what else, cryptic gibberish, etc. I used SpyBot to get to rid of baby, but then as a malicious attacker Baby then crashed my system. I had back ups, I restored, and again saw that damn Babylon as default search engine. I ran SpyBot again, and again it crashed my system, it says 17 other folders of the 572 could not be removed, but may be removed if you re-boot. Do a re-boot and bingo, another crash. If you try to removed Baby it will a Trojan, virus, worm, whatever into your Windows/system. Command to crash your system "AFTER" you try to deleted Babylon. baby calls it sweet revenge!! There must be some way to put these cursed people in jail. See other forums regarding Baby, everyone is complaining of it!!.