My Browser Got Hijacked!
A reader asks: 'Every time I open my browser, it goes to an unfamiliar search engine page, and when I search from the toolbar, it no longer uses Google. Was my browser hijacked somehow? If so, how do I get my settings back to normal?'
What is Web Browser Hijacking?
If your Internet Explorer, Firefox or Chrome browser suddenly behaves in unexpected or undesirable ways, it may have been hijacked. Browser hijacking is usually an attack by malicious software that changes your Web browser's settings. Some users who have been hijacked report popups or having searches redirected to pages for online casinos, weight loss products and even porn sites. In other cases, the user's preferred search engine is changed without notice.
Here are some symptoms that indicate you've been hijacked, and how to fix it.
- Browser home/start page changed to an unwanted site
- New favorites, bookmarks, toolbars, or desktop shortcuts that you did not add
- Typing a URL into the address bar and being taken to some other URL instead
- You default search engine has been changed
- Inability to access certain sites, particularly anti-malware sites that might help you
- Your Internet security settings have been lowered without your knowledge
- Endless pop-up ads for things you don't want to see
- Sluggish computer response; malware often slows your whole system down
How does hijacking happen? In many cases, the hijacking software is something you downloaded and installed, thinking it was something beneficial. Sometimes it's a result of unpatched software components that have been exploited by hackers to initiate a "drive-by download." See my recent article on the Java security problem. Other hijackers are buried in toolbars, add-ons, and even fake anti-malware programs. My article on Fake Anti-Virus and Celebrity Scams has details about how some people are being tricked into installing malware.
A hijack is not necessarily malevolent, some are just annoying. One example in this category is the Ask.com toolbar, an insidious annoyance that keeps taking over the search functions of the browser on one of my home computers. This falls into the category of what I call Do-It-Yourself Hijacking. The most common reason why people get unwanted toolbars and other parasites is because they're not careful when installing a new program. It's tempting to just click "next-next-next" after downloading, in order to get through the installation process.
But if you look carefully, there's often a pre-checked box, asking if you want to install some other unrelated program or toolbar. These are usually not harmful, and can be removed using the Control Panel. Even if there's no malware, per se, you're still better off getting rid of these unwanted browser pests.
Getting Back to Good
If you believe your browser has been hijacked, shut down your browser immediately. If you cannot close the browser in the usual way, press Ctrl-Shift-Esc to access Windows Task Manager, highlight your browser's file name in the Processes column (iexplore.exe, firefox.exe, chrome.exe) and click "end process" to close the browser.
Hijackers are one reason it is vital to have real-time anti-malware defenses in place at all times. If you're already running internet security software, obviously it didn't protect you from this particular menace. If the problem happened recently, System Restore may "undo" the problem and get you back to normal.
If that doesn't do the trick, download one of these Free Anti-Virus Programs or another free anti-malware utility such as MalwareBytes Anti-Malware. Install the software and run a full scan on your system. Delete any suspected malware that it finds.
Restart your computer, open your web browser and put things back in order. Review and reset your home page, security settings, privacy settings, etc. Delete any unwanted favorites/bookmarks. Review the list of add-ons and uninstall any that look unfamiliar.
But Wait... There's More!
You're not done yet. Hijacking malware also likes to mess with registry settings. See my list of Free Registry Cleaners to remove bad registry entries and close security holes in the registry.
The HOSTS file is another favorite target of hijacking software. The HOSTS file contains pairs of host names and their associated IP addresses. When a host name listed in the HOSTS file is requested by your browser, Windows directs the request to the associated IP address instead of looking up the host name in the DNS system. Hijack software may add entries to the HOSTS file so that certain sites are blocked or redirected to unwanted sites. The HOSTS file is located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS and can be opened with Notepad or your favorite text editor.
On Vista or Windows 7 you may need to open your text editor by right-clicking, then select "Run as Administrator". Make sure the HOSTS file includes ONLY the line "127.0.0.1 localhost" and any other pairs that you know you added yourself. Delete unwanted entries and save the HOSTS file.
To avoid browser hijacking, use real-time anti-malware defenses; don't give unknown websites permission to install software, toolbars, or ActiveX controls; and keep your browser's security settings on medium or high level.
Have you been hijacked? Tell us how you fixed the problem, or prevent it from happening. Post your comment or question below...
Posted by Bob Rankin on 21 Jan 2013
For Fun: Buy Bob a Snickers.
Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!
Is The FBI Holding Your Computer for Ransom?
The Top Twenty
Is Your Password Strong Enough?
Link to this article from your site or blog. Just copy and paste from this box:
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- My Browser Got Hijacked! (Posted: 21 Jan 2013)
Copyright © 2005 - Bob Rankin - All Rights Reserved