Hijacked browser

Q: From bugwit, "Somehow I've managed to have my browser (IE v6.0.2800.1106) hijacked. Every time I reboot my computer, my homepage and search page are reset. I've used Spybot-Search & Destroy to find the problems, and it does remove them, but every time I reboot my pages are changed again. How can I fix this without having to buy something to take care of it?"

A: From CasinoAdmin, "There are many anti-spyware programs out there that can solve your problem. I've actually just tried out the new Microsoft beta called Microsoft Windows Antispyware (Beta). The beta is free and allows you to set what the home page, search page and other Internet settings should be set back to if it finds a hijacking. You can download it on the Microsoft Web site."

A: From bobkberg, "Get a copy of HijackThis.exe -- it's free on many sites (like download.com). This is one of those stealth apps that re-installs itself, so you need make sure everything is clean. Just make sure you know what you're doing. HijackThis is a powerful tool, which will also allow you to shoot yourself in the foot."

A: From sexton, "Although the other suggested solutions may work (I've never used either product), Spybot has the tool set required to clear up your issue. The default installation, which most people do, is not enough to "protect" your computer. In fact, currently no single product is enough to protect from this fast growing trend of spy / malware. However, in your case, Spybot

    Requires Free Membership to View

can do the job just fine and should clean up your browser hijack issue. Spybot is a freeware program, and if used properly, does a good job. However, I still find other anti-spyware programs are needed for maximum protection. To keep the author of Spybot producing signature files, you should make a donation. I don't know the author, but like the program and wish for more frequent updates."

A: From Dad1989, "I concur with the previous replies. I will note that Spybot has saved me a number of times. At home I have switched to Firefox for additional vulnerability avoidance. At work I cannot completely switch yet because internal applications are not compatible with Firefox. Another useful tool is BHODEMON. This plugs into your MSIE and provides additional protection against Browser Helper Objects (BHOs). Malicious BHOs could have a part in some hijacking cases, although I could not say that is the case with yours. Check out more about it at: www.definitivesolutions.com/bhodemon.htm. This tool saved me once recently. I will reiterate the notes written earlier about being careful with the tools mentioned, as they are quite powerful."

This question and answer thread was originally posted in the ITKnowledge Exchange forum.

Join your peers today and start receiving valuable answers to your toughest information security questions. Or network with your peers to exchange technical advice and strategic ideas on security topics. Visit the ITKnowledge Exchange.


This was first published in February 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.