How to solve Browser Hijacker Problem ?
Here's a series of steps by step on how you can take to use Hijack This to remove a browser hijack.
So Before you start please Download and install Hijack This
STEP 1 Use Safety Stuff to backup your documents and create a system restore point.
STEP 2 Check for suspicious startup items
You can use Hijack This to clean out hijacked items from Microsoft's Internet Explorer (redirections due to spyware), however they will return if the executable program causing it is not removed.
a.Click on Start> Run and type "msconfig" and click OK.
b. Select the "Startup" tab.
c. Uncheck any items you don't recognize.
Note that many legitimate programs will appear here too.Most spyware will load from this area.
If unsure if a particular item is legitimate or not, do a Google search on the .exe file name that loads. The only caveat here is that some spyware .exe files get a randomly generated name, so a search will not identify them.
You can look in the Command column to see the name of the .exe file itself and you can stretch this column if you cannot see the entire line of text.
By the way, it IS safe to uncheck everything here as a test anyway - nothing critical to Windows loads here. So, if in doubt, it is OK to uncheck something.
d. Apply the changes, and restart Windows.
STEP 3 - Run Hijack This.
1. Run the tool, and select "Scan".
2. Look mostly at the R0, R1 and 02 entries. This relates to the hijack, and represent changes to your default browser settings (homepage, search page).
3. Have a look at the addresses for these entries. If they are different from your preferences, check the box next to it.4. Click on "Fix Checked" and confirm.
This process cleans out the modified (hijacked) entries. You can also define what Hijack This uses by clicking the Config button (lower right), however this is not required.
STEP 4 Double-check home page and test
One problem is that if the IE Home Page isn't cleared, you'll get "rehijacked" when you launch IE. This is because that particular page is the source of the problem. (It may try to load an ActiveX control.)
Hijack This may have already reset your Home Page in
STEP 3, but double check before starting IE:
a. Head to Control Panel, Internet Options.
b. Change your Home Page on the General tab.
c. Browse the Internet, reboot your machine, and test over the next little while.
If the hijack stays away, you've successfully cleared it, and one of the Startup items you disabled in STEP 2 might still be the cause.
STEP 5- PERMANENETLY DELETE THE CAUSE
We need to find the Startup item that is causing this, if any. Recall that in STEP 2 we disabled some suspicious startup items. One, or several of them may be triggering the hijack.Also note that we've been testing the machine with the Startup Items disabled. We want to ensure the computer runs fine (no errors) with all these items unchecked.
If you are unsure about deleting an item or using the registry editor, seek help with your local tech expert.
a. Launch MSCONFIG once more.
b. For the first suspicious item, expand the "Location" column to see where it is loading from in the registry.
c.Click on Start, Run, type "regedit" and click OK.
d. Browse to the key listed in the "Location" column for MSCONFIG.
e. Delete the key on the right hand side only, that specifically matches that startup item.
f. Note the "Command" folder in MSCONFIG. Browse to this folder, and delete the .exe file itself.
So Before you start please Download and install Hijack This
STEP 1 Use Safety Stuff to backup your documents and create a system restore point.
STEP 2 Check for suspicious startup items
You can use Hijack This to clean out hijacked items from Microsoft's Internet Explorer (redirections due to spyware), however they will return if the executable program causing it is not removed.
a.Click on Start> Run and type "msconfig" and click OK.
b. Select the "Startup" tab.
c. Uncheck any items you don't recognize.
Note that many legitimate programs will appear here too.Most spyware will load from this area.
If unsure if a particular item is legitimate or not, do a Google search on the .exe file name that loads. The only caveat here is that some spyware .exe files get a randomly generated name, so a search will not identify them.
You can look in the Command column to see the name of the .exe file itself and you can stretch this column if you cannot see the entire line of text.
By the way, it IS safe to uncheck everything here as a test anyway - nothing critical to Windows loads here. So, if in doubt, it is OK to uncheck something.
d. Apply the changes, and restart Windows.
STEP 3 - Run Hijack This.
1. Run the tool, and select "Scan".
2. Look mostly at the R0, R1 and 02 entries. This relates to the hijack, and represent changes to your default browser settings (homepage, search page).
3. Have a look at the addresses for these entries. If they are different from your preferences, check the box next to it.4. Click on "Fix Checked" and confirm.
This process cleans out the modified (hijacked) entries. You can also define what Hijack This uses by clicking the Config button (lower right), however this is not required.
STEP 4 Double-check home page and test
One problem is that if the IE Home Page isn't cleared, you'll get "rehijacked" when you launch IE. This is because that particular page is the source of the problem. (It may try to load an ActiveX control.)
Hijack This may have already reset your Home Page in
STEP 3, but double check before starting IE:
a. Head to Control Panel, Internet Options.
b. Change your Home Page on the General tab.
c. Browse the Internet, reboot your machine, and test over the next little while.
If the hijack stays away, you've successfully cleared it, and one of the Startup items you disabled in STEP 2 might still be the cause.
STEP 5- PERMANENETLY DELETE THE CAUSE
We need to find the Startup item that is causing this, if any. Recall that in STEP 2 we disabled some suspicious startup items. One, or several of them may be triggering the hijack.Also note that we've been testing the machine with the Startup Items disabled. We want to ensure the computer runs fine (no errors) with all these items unchecked.
If you are unsure about deleting an item or using the registry editor, seek help with your local tech expert.
a. Launch MSCONFIG once more.
b. For the first suspicious item, expand the "Location" column to see where it is loading from in the registry.
c.Click on Start, Run, type "regedit" and click OK.
d. Browse to the key listed in the "Location" column for MSCONFIG.
e. Delete the key on the right hand side only, that specifically matches that startup item.
f. Note the "Command" folder in MSCONFIG. Browse to this folder, and delete the .exe file itself.
Comments