Before we begin
Warning: The following section involves editing your system registry. Using the Windows Registry Editor incorrectly can cause serious problems requiring the reinstallation of your operating system and may lead to the loss of data. TechRepublic does not and will not support problems that arise from editing your registry. Use the Registry Editor and the following directions at your own risk.
Clean the registry
When a program hijacks IE by modifying the registry on a Windows NT/2000/XP system, the change often impacts only the current user. This is because many users don't have local administrative privileges and can only modify the HKEY_CURRENT_USER portion of the registry, not the HKEY_LOCAL_MACHINE portion. If the user has local administrative privileges or the machine is running Windows 9x/Me (which won't protect the registry), the change could be applied to all of the users on the system, depending on hijacker's level of sophistication.
With this in mind, log on as the person who's having the problem and open the Registry Editor. Then, navigate through the registry tree to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\ Internet Explorer\Control Panel
Check for the existence of keys named ResetWebSettings or HomePage. If such keys exist, delete them.
Next, navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Verify that the information stored in the Default_Page_URL key and Start Page key is correct. If these keys contain values that reflect an undesirable startup page, double-click on the key to open its dialog box and then replace the existing value with an appropriate one.
There are two more registry entries you should check, but you'll need to ensure you have the proper permissions before doing so. As I mentioned before, if you're using Windows 9x/Me, any user can modify the registry, but if you're using Windows NT/2000/XP you'll need local administrative privileges.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
As before, check the Default_Page_URL and the Start Page keys for inappropriate values and change the values if necessary. Next, navigate to:
HKEY_USERS\Default\Software\Microsoft\Internet Explorer\Main
Once again, check the Default_Page_URL and the Start Page keys for inappropriate values, and change them as necessary.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
With windows it is always more bloat, and a lot of that seems to be duplicated in various places. I've noticed that you will have freed space on...
3 hours ago by ator1940 on Can you believe it - 2765 kB will be freed?
Buzz My Stat : New search for http://www.zdnet.co.uk Take a look: http://www.buzzmystat.com/site/zdnet.co.uk
8 hours ago on Twitter by BuzzMyStat
Hi Jamie, I'm sorry your comment got caught in the spam filter. We use an industry standard blacklist for this. I suspect that the comment may...
12 hours ago by Karen Friar on Spam? Filter Changed?
Pop - Neither have I. Ever, under any circumstances. I'm much more accustomed to Windows slowly, but inexorably, consuming more and more disk...
13 hours ago by J.A. Watson on Can you believe it - 2765 kB will be freed?
Apple are currently pushing to get tv content on the iPad by April 3rd. This could possibly be seen as a spoiler for that announcement I suppose....
1 day ago by John Molloy
Hey - presume you mean something that builds on Apple's existing TV device? Apple have already had a couple of runs at building Apple TV and it's...
1 day ago by Andrew Donoghue on Google's TV timing may reveal more to come
Google, Sony, Intel may build TV project www.zdnet.co.uk/news/emerging-tech/2010/03/18/google-sony-intel-may-build-tv-project-40088359/
1 day ago on Twitter by BVE2011 70,0000 to 90,0000 computers? A very small number considering some of these botnets are in the millions, and there are so many of them operating,...
1 day ago by ator1940 on Microsoft says it decimated Waledac botnet I agree Roger, and why can't they write secure code? What will happen when they find stolen code in windows? They have a track record of...
1 day ago by ator1940 on Microsoft lashing out at Linux, open source Do you think it will really take days?
1 day ago by ator1940 on Microsoft previews Internet Explorer 9 with HTML 5 support
Wonder how many days it will take before somebody codes an exploitive hack for IE9?
2 days ago by Xwindowsjunkie on Microsoft previews Internet Explorer 9 with HTML 5 support
There are some really good people in Microsoft and I wonder, how embarassing it must be for them to see how the organisation behaves from it's...
2 days ago by roger andre on Microsoft lashing out at Linux, open source On further inspection, it looks like some things are missing, is it possible that there was a time lag between whatever state the site was in that...
2 days ago by J.A. Watson on Welcome to the new ZDNet UK community!
Ok. Now I'm getting annoyed. Previously I could just click on just about any item or comment I saw and get a reply box. How do I manage that...
2 days ago by Tezzer on ZDNet UK: faster, smarter, still IT all the way hey Roger. Think I have spotted a bug as when I click on my name it takes me to the same page as if I had clicked on "Edit Profile". i.e...
2 days ago by Andrew Donoghue on ZDNet UK - Now cleaner than an Archbishop's conscience
Great new look for ZDNET UK web-site http://bit.ly/9R5eAA to check it out @ZDNetUK #zdnet
2 days ago on Twitter by ajclarke
Microsoft previews Internet Explorer 9 with HTML 5 support - zdnet.co.uk http://bit.ly/9FSh23
2 days ago on Twitter by feedfrog
We were just pondering on when IE will get HTML5 and CSS3 onboard! this is excellent
2 days ago by kencogold on Microsoft previews Internet Explorer 9 with HTML 5 support
RT @suziedaniels: relaunched www.zdnet.co.uk raises the bar yet again! its so fast it makes my eyes bleed.
2 days ago on Twitter by riptariFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
For heavens sake, why don't you just install Firefox? Its a better browser and it is not one tenth as vulnerable to hacks.
2 Nov 04 00:46 ReplyMicrosoft fanatics bewilder me. They will stick with that corporation's software, no matter how bad it gets and no matter how much better the alternatives are.
Proof that Windows really IS easy to use! And has a low TCO as well. Splendid. I would recommend this article even to a novice user.
3 Nov 04 08:44 ReplyHijackThis and SpySweeper not mentioned!
4 Nov 04 14:17 ReplyZDNet publishes an article about Browser Hijacking and omits mentoining HijackThis? Please visit :
http://www.google.com/search?q=hijackthis (search the web for "HijackThis")
http://www.hijackthis.de/index.php?langselect=english (program's page)
http://www.spywareinfo.com/~merijn/index.html (author's page)
ZDNet also omitted SpySweeper. Beware, there seems to have 2 competitors under that same "SpySweeper" name:
http://www.spysweeper.com/
http://www.webroot.com/products/spysweeper/
Paris, Thu 4 Nov 2004 15:17:10 +0100
No need to visit porn to get infected. ZDNet is misleading when making people think they are at no risk as long as they don't visit porn sites.
4 Nov 04 14:51 ReplyWhatever you visit (or don't), the spammers (and other malevolent people) will always get you anyway if you are in their target list - and they won't if you are not, whatever and how much you can visit porn or financial sites or anything else.
So, be warned: spam (as well as financial thefts and any other malevolent actions) don't depend on your behavior on the net - they actually depend on your race or political orientation. And those actions will always be hidden behind benign pretexts (as visiting porn sites, or eBay, or else, or even without any pretext if they don't find one).
I know repeating this is utterly dangerous - and will be denigrated first. But if taking no risk, we are buying short term limited relief at the expense of sure troubles for everyone some time later.
Paris, Thu 4 Nov 2004 15:51:50 +0100
Excellent piece of information.. Interestingly enough, my Father in Law had the very same problem - being hijacked by a pornographic site - what is it with Fathers in Law?! This article has helped me clean his system up once and for all ..Many thanx.
8 Nov 04 19:56 ReplyHijack This is mentioned, in detail and with screenshots, from page 3 of this article onwards...
9 Nov 04 11:37 ReplyIf you read articles before flaming them, you might actually be listened to rather than have scorn poured upon you.
The article also doesn't mention Zerospyware which is one of the top rated anti spyware applications on the market.
12 Nov 04 20:45 Replyhttp://www.fbmsoftware.com/
i am currently using PANDA's version of anti virus program..it seems to do the job better then norton/mcaafee. but i have a question about using mozzilla/firefox..i hear they're gr8 programs...but i presently use IE and OE for my browser/email..if i download mozzilla/firefox....how do i prevent having to go back and delete emails in the OE programm?
15 Jan 05 19:10 Reply