Help, My Browser Got Hijacked!
A reader asks: 'Every time I open my browser, it goes to an unfamiliar search engine page, and when I search from the toolbar, it no longer uses Google. I also have new toolbars that I didn't ask for. Was my browser hijacked somehow? If so, how do I get my settings back to normal?'
What is Web Browser Hijacking?
If your Internet Explorer, Chrome or Firefox browser suddenly behaves in unexpected or undesirable ways, it may have been hijacked. Browser hijacking is usually an attack by malicious software that changes your Web browser's settings.
Some users who have been hijacked report popups or having searches redirected to pages for online casinos, weight loss products and even p**n sites. In other cases, the user's preferred search engine is changed without notice.
Here are some symptoms that indicate you've been hijacked, and how to fix it.
• Browser start page changed to an unwanted site
• New toolbars, bookmarks, or desktop shortcuts that you did not add
• Entering a website address and being taken to some other page instead
• Your default search engine has been changed
• Inability to access certain sites, particularly anti-malware sites that might help you
• Your Internet security settings have been lowered without your knowledge
• Endless pop-up ads for things you don't want to see
• Sluggish computer response; malware often slows your whole system down
How does browser hijacking happen? In some cases, the hijacking software is something you downloaded and installed, thinking it was beneficial. My article on Fake Anti-Virus and Celebrity Scams has details about how some people are being tricked into installing malware.
Sometimes it's a result of unpatched software components that have been exploited by hackers to initiate a "drive-by download." See my related article about Drive-By Download Dangers to learn how to protect against those.
A hijack is not necessarily malevolent, some are just annoying. One example in this category is the Ask.com toolbar, an insidious annoyance that keeps taking over the search functions of the browser on one of my home computers. This falls into the category of what I call Do-It-Yourself Hijacking. The most common reason why people get unwanted toolbars and other parasites is because they're not careful when installing a new program. It's tempting to just click "next-next-next" after downloading, in order to get through the installation process.
But if you look carefully, there's often a pre-checked box, asking if you want to install some other unrelated program or toolbar. These are usually more annoying than harmful, but sometimes are hard to remove. Software such as Conduit and Babylon toolbar fall into this category. Even if there's no malware, per se, you're still better off getting rid of these unwanted browser pests.
My article Downloading? Watch Out For These Danger Signs explains why previously trustworthy sites such as CNET's Download.com and Tucows are now landmines to be avoided.
Getting Back to Good
If you believe your browser has been hijacked, shut down your browser immediately. If you cannot close the browser in the usual way, press Ctrl-Shift-Esc to access Windows Task Manager, highlight your browser's file name in the Processes column (iexplore.exe, firefox.exe, chrome.exe) and click "end process" to close the browser.
Hijackers are one reason it is vital to have real-time anti-malware defenses in place at all times. If you're already running internet security software, obviously it didn't protect you from this particular menace. If the problem happened recently, System Restore may "undo" the problem and get you back to normal.
If that doesn't do the trick, download one of these Free Anti-Virus Programs or another free anti-malware utility such as MalwareBytes Anti-Malware. Install the software and run a full scan on your system. Delete any suspected malware that it finds.
Restart your computer, open your web browser and put things back in order. Review and reset your home page, security settings, privacy settings, etc. Delete any unwanted favorites/bookmarks. Review the list of add-ons and uninstall any that look unfamiliar.
But Wait... There's More!
You're not done yet. Hijacking malware also likes to mess with Windows registry settings, and may not uninstall cleanly. I recommend a free program called Privazer to scan your system and clean up any malware traces.
The HOSTS file is another favorite target of hijacking software. The HOSTS file contains pairs of host names and their associated IP addresses. When a host name listed in the HOSTS file is requested by your browser, Windows directs the request to the associated IP address instead of looking up the host name in the DNS system. Hijack software may add entries to the HOSTS file so that certain sites are blocked or redirected to unwanted sites. The HOSTS file is located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS and can be opened with Notepad or your favorite text editor.
On Vista or Windows 7 you may need to open your text editor by right-clicking, then select "Run as Administrator". Make sure the HOSTS file includes ONLY comments (lines that start with "#"). The only exceptions would be "127.0.0.1 localhost" and any other lines that you know you added yourself. Delete unwanted entries and save the HOSTS file.
To avoid browser hijacking, use real-time anti-malware defenses; don't give unknown websites permission to install software, toolbars, or ActiveX controls; and keep your browser's security settings on medium or high level.
Have you been hijacked? Tell us how you fixed the problem, or prevented it from happening again. Post your comment or question below...
This article was posted by Bob Rankin on 6 May 2014
|For Fun: Buy Bob a Snickers.
Facebook and Your Digital Shadow
The Top Twenty
Geekly Update - 07 May 2014
There's more reader feedback... See all 30 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Help, My Browser Got Hijacked! (Posted: 6 May 2014)
Copyright © 2005 - Bob Rankin - All Rights Reserved