Custom Search

Sunday, October 5

How to solve Browser Hijacker Problem

(This is part of the anti-spyware FAQ on Cyberwalker.com)

Here's a series of steps by step on how you can take to use Hijack This to remove a browser hijack.

(BTW, thanks to my good friend RT for teaching me this, providing the notes this was based on and allowing me to pass this on to you.)

BEFORE YOU START - Download and install Hijack This from http://www.downloads.com/

-STEP 1- SAFETY STUFF

Backup your documents and create a system restore point.

-STEP 2- CHECK FOR SUSPICIOUS STARTUP ITEMS

You can use Hijack This to clean out hijacked items from Microsoft's Internet Explorer (redirections due to spyware), however they will return if the executable program causing it is not removed.a.

Click on Start> Run and type "msconfig" and click OK.b. Select the "Startup" tab. c. Uncheck any items you don't recognize.

Note that many legitimate programs will appear here too.Most spyware will load from this area.

If unsure if a particular item is legitimate or not, do a Google search on the .exe file name that loads. The only caveat here is that some spyware .exe files get a randomly generated name, so a search will not identify them.

You can look in the Command column to see the name of the .exe file itself and you can stretch this column if you cannot see the entire line of text.

By the way, it IS safe to uncheck everything here as a test anyway - nothing critical to Windows loads here. So, if in doubt, it is OK to uncheck something.

d. Apply the changes, and restart Windows.

-STEP 3 - Run Hijack This1.

Run the tool, and select "Scan".

2. Look mostly at the R0, R1 and 02 entries. This relates to the hijack, and represent changes to your default browser settings (homepage, search page).

3. Have a look at the addresses for these entries. If they are different from your preferences, check the box next to it.4. Click on "Fix Checked" and confirm.

This process cleans out the modified (hijacked) entries. You can also define what Hijack This uses by clicking the Config button (lower right), however this is not required.

-STEP 4 - DOUBLE-CHECK HOME PAGE AND TEST

One problem is that if the IE Home Page isn't cleared, you'll get "rehijacked" when you launch IE. This is because that particular page is the source of the problem. (It may try to load an ActiveX control.)

Hijack This may have already reset your Home Page in

STEP 3, but double check before starting IE:

a. Head to Control Panel, Internet Options.
b. Change your Home Page on the General tab.
c. Browse the Internet, reboot your machine, and test over the next little while.
If the hijack stays away, you've successfully cleared it, and one of the Startup items you disabled in STEP 2 might still be the cause.

-STEP 5- PERMANENETLY DELETE THE CAUSE

We need to find the Startup item that is causing this, if any. Recall that in STEP 2 we disabled some suspicious startup items. One, or several of them may be triggering the hijack.
Also note that we've been testing the machine with the Startup Items disabled. We want to ensure the computer runs fine (no errors) with all these items unchecked.

If you are unsure about deleting an item or using the registry editor, seek help with your local tech expert.a. Launch MSCONFIG once more.b. For the first suspicious item, expand the "Location" column to see where it is loading from in the registry.c.

Click on Start, Run, type "regedit" and click OK.d. Browse to the key listed in the "Location" column for MSCONFIG.e. Delete the key on the right hand side only, that specifically matches that startup item. **See example below.** f. Note the "Command" folder in MSCONFIG. Browse to this folder, and delete the .exe file itself. **See example below.**


-----EXAMPLE-----
In this example, the Startup Tab of MSCONFIG indicates that:
pxzyc.exe loads from Command "C:\WINDOWS\PXZYC.EXE" and Location "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
In this case, we go to the registry editor and find that Run key on the left window. On the right hand Window pane you'll see each item in that Run key, specifically "pxzyc.exe" in this case. Delete the entry for "pxzyc.exe" in the registry only.

In addition, we'll browse to the C:\WINDOWS folder, and manually delete the pxzyc.exe file that resides there.-----------------
g. Repeat these steps for each suspicious item.

-ADDENDUM 1
-Some spyware also adds itself as Web content on your desktop background.To remove this:

a. Right-click the desktop, selecting Properties.b. Select the Desktop tab, then the Customize button.c. Select the Web tab, and delete any content indicated.

-ADDENDUM 2
-In STEP 3, you may note that the RO, R1 etc. entries point to an .htm or .html file on your local computer. Although Hijack This will clean out your IE settings, it will not delete the local copy of the html file on your computer. Be sure to browse to the location of the file indicated, and delete the file manually.

-MORE-Still need more info, check out this excellent site with more detail info and a watch through tutorial about Hijack This and the process of removing a browser hijack.

***Finished reading this page? or you want a Quick Salution to remove Browser Hijacker from IP address: 85.12.43.84 you can just go to this website

to this website and download and antivirus that Why not go try out for free for a month - you can remote control your computer from anywhere. Cyberwalker uses it and thinks it's fantastic!

No comments:

Share/Bookmark
Love of A Little World