My father-in-law -- a computer novice -- recently telephoned me for help changing his Internet Explorer home page. After I walked him through the usual technique, he explained that a Windows Permission Error was preventing him from making the change. I asked him a few more questions and soon realized that, at some point in the past, a pornographic Web site had hijacked his copy of Internet Explorer. Every time he opened IE, the browser went straight to this pornographic site. Worse yet, the modification prevented him from changing the home page.
A three-hour battle ensued during which we tackled some serious registry edits and a malicious group policy. Eventually we were able to return control of IE to my father-in-law and remove the offending application. Here's how we did it.
One size doesn't fit all
It's a sad truth that malicious individuals can hijack a Web browser in a variety of ways. And since there is no standard hijacking technique, there is no standard repair technique. If your browser is hijacked, a significant chance exists that the repairs that worked for my father-in-law will not work for you. I will therefore cover several repair techniques
Begin with a thorough scan
When faced with an IE hijacking, you should first scan the computer for viruses, Trojans, adware, and spyware. It's highly likely that one of these items is the hijacker. Until you ensure that your computer is free from these parasites, you'll only be treating the symptoms rather than the actual problem.
Unfortunately, I have yet to discover a single program that effectively scans for every potential form of spyware, adware, virus, and Trojan. I therefore recommend using several different programs. I know it's time consuming to download all these utilities and perform a separate full-system scan with each, but this is a critical step in the troubleshooting process.
Scan for viruses first. My antivirus program of choice is ViRobot Expert from Hauri. Although Hauri is a relative unknown in the United States, it has been a leading antivirus program in Asia for many years. ViRobot Expert will completely repair the damage from many viruses that Norton and McAfee will only quarantine or delete. In fact, my father-in-law was running McAfee — with the latest updates. I asked him to uninstall McAfee and install the free trial version of ViRobot Expert. ViRobot Expert instantly caught four viruses that McAfee had missed. Another reason I recommend using ViRobot for this particular problem is that ViRobot Expert not only scans for viruses, but also scans for common hacker tools.
Now that the system is virus free, it's time to scan for adware with a utility such as PestPatrol (which also removes spyware) or my personal favorite, which is Ad-aware from Lavasoft. After you have scanned for adware, I recommend scanning the system for spyware with a spyware removal tool, such as SpyBot-Search & Destroy from PepiMK Software or, my favourite, BPS SpyWare/Adware Remover from Bullet Proof Soft.
After you have scanned the system for virus, adware, and spyware, reboot and try to change IE's home page. If you're still unable to do so, then it's likely the hijacker has modified the Windows registry or configured a malicious group policy.
Talkback
For heavens sake, why don't you just install Firefox? Its a better browser and it is not one tenth as vulnerable to hacks.
Microsoft fanatics bewilder me. They will stick with that corporation's software, no matter how bad it gets and no matter how much better the alternatives are.
Proof that Windows really IS easy to use! And has a low TCO as well. Splendid. I would recommend this article even to a novice user.
HijackThis and SpySweeper not mentioned!
ZDNet publishes an article about Browser Hijacking and omits mentoining HijackThis? Please visit :
http://www.google.com/search?q=hijackthis (search the web for "HijackThis")
http://www.hijackthis.de/index.php?langselect=english (program's page)
http://www.spywareinfo.com/~merijn/index.html (author's page)
ZDNet also omitted SpySweeper. Beware, there seems to have 2 competitors under that same "SpySweeper" name:
http://www.spysweeper.com/
http://www.webroot.com/products/spysweeper/
Paris, Thu 4 Nov 2004 15:17:10 +0100
No need to visit porn to get infected. ZDNet is misleading when making people think they are at no risk as long as they don't visit porn sites.
Whatever you visit (or don't), the spammers (and other malevolent people) will always get you anyway if you are in their target list - and they won't if you are not, whatever and how much you can visit porn or financial sites or anything else.
So, be warned: spam (as well as financial thefts and any other malevolent actions) don't depend on your behavior on the net - they actually depend on your race or political orientation. And those actions will always be hidden behind benign pretexts (as visiting porn sites, or eBay, or else, or even without any pretext if they don't find one).
I know repeating this is utterly dangerous - and will be denigrated first. But if taking no risk, we are buying short term limited relief at the expense of sure troubles for everyone some time later.
Paris, Thu 4 Nov 2004 15:51:50 +0100
Excellent piece of information.. Interestingly enough, my Father in Law had the very same problem - being hijacked by a pornographic site - what is it with Fathers in Law?! This article has helped me clean his system up once and for all ..Many thanx.
Hijack This is mentioned, in detail and with screenshots, from page 3 of this article onwards...
If you read articles before flaming them, you might actually be listened to rather than have scorn poured upon you.
The article also doesn't mention Zerospyware which is one of the top rated anti spyware applications on the market.
http://www.fbmsoftware.com/
i am currently using PANDA's version of anti virus program..it seems to do the job better then norton/mcaafee. but i have a question about using mozzilla/firefox..i hear they're gr8 programs...but i presently use IE and OE for my browser/email..if i download mozzilla/firefox....how do i prevent having to go back and delete emails in the OE programm?