Browser hijacking is fast-becoming an all-too-common scenario. But how do you know if it's happened to you? Maybe your browser is behaving oddly or perhaps your homepage is suddenly different (and you've never seen the website before). If you ever find yourself in this alarming scenario, these tips will help you to remove the threat.
There are many signs that point to a browser hijacking. In addition to those mentioned above, your operating system might seem generally slow, or perhaps you get an error or pop-up ad encouraging you to download software that you never asked for. Or perhaps your search engine has been changed and you're redirected to different websites. You might notice web pages are slow to load, and you're getting browser toolbars you haven't seen before or advertisements are popping up multiple times.
If any of the above is happening to you, you have experienced what is known as a browser hijack. This means changes have been made to your browser without your permission. Often this is done sneakily as part of the installation process for an application you downloaded because you thought it was legitimate (this is called piggy-backing). It could well be you agreed to the extra download as part of the terms and conditions. Sometimes it can be browser plugins or add-ons that cause this problem.
Common examples of browser hijackers include Astromenda, Ask.com, Babylon Toolbar, Binkiland, Conduit, Search (Search Protect), CoolWebSearch, Coupon Server, Delta Search and Claro Search, GoSave, Groovorio, istartsurf, Jamenize.com, Mindspark Interactive, Mixi.DJ, MyStart.IncrediBar Search, Onewebsearch, RocketTab, Searchassist, Search-daily.com, Searchult.com, Searchgol.com, Searchnu.com, Snap.do, Taplika, Trovi, Tuvaro, TV Wizard and Vosteran. If your browser is acting strange it's probably down to one of these guys. You need to remove them asap.
What causes a browser hijack?
The software was probably spyware, either designed to track personal data or adware that regularly pops up dubious advertisements. If you did install something, it might have offered you the option to decline the install, but it could have been displayed in a way that was deliberately confusing (after all, they want you to download the software).
Or you could have unwittingly visited an untrustworthy website. Usually your browser's address bar will warn you in red if this is the case) and your regular search engine (such as Google or Bing) would also probably have warned you too, but it happens.
So if your browser has been hijacked, what can you do about it? The main thing to do is not to panic. Seriously. We know it can seem like all your data is at risk but it probably isn't. And in any case, if you are panicking about your data, it's likely you haven't got it backed up. If not, you are not helping yourself! It goes without saying (but we'll say it anyway) – always back up your precious files, music, photos and videos!
If you have continuous, cascading pop-up windows, then press [Ctrl]+[Alt]+[Del] on your keyboard. Click on Task Manager, then click the Processes tab. Click IEXPLORE.EXE/CHROME.EXE/FIREFOX.EXE (depending on which browser you use) and click 'End Process'. In Windows 8 and 8.1, you'll just see the program called by its proper name rather than the process name. If there are multiple instances of your browser running, be sure to 'End Process' them all.
How to fix a browser hijack
The first thing to try is a System Restore, the method of 'rolling back' Windows. This will be especially useful as the software install should have given you a restore point to roll back to. But a restore point may not have been created or you simply might not know when the hijack happened. Avoid rolling back too far as you may lose other applications from your computer (you will never lose files).
One thing you can also try is to find the software within the 'Add/Remove Programs' list, in the Windows Control Panel. It may or may not be present there. If it is, try and uninstall it.
If you can't do a system restore or uninstall, you need to download legitimate software to scan and remove the software. We'd recommend Microsoft's own Malicious Software Removal Tool, Norton Power Eraser or the Kaspersky Virus Removal Tool. Once you've run one of these packages, your problem will hopefully have been detected.
Finally, you need to reset the settings in your browser to make sure any nasty extensions or rogue search engines have been removed, as well as your default search engine restored and your browser home page is what you want it to be.
In Internet Explorer's Tools menu, click 'Manage add-ons'. Under 'Toolbars and Extensions' if there are any mysterious ones, click them, then click 'Disable'. If your search engine has been changed then under Add-on Types, select 'Search Providers'. Select a search engine, and click 'Set as default'. Select the unknown search engine, and click 'Remove and Close'. To remedy your homepage, go to the General tab of Internet Options, under Home page, and enter the address of your preferred page.
If you have Google Chrome, click the menu icon in the top right-hand corner and click 'Settings' and click 'Extensions'. In the Extensions window, select the unknown extensions, and click the trash bin icon. In the Settings window, under 'On startup', click 'Set pages'. Get rid of any mysterious settings. If your home screen has changed go to 'Appearance', select 'Show Home' button, and click 'Change'. If your search engine has changed, then under 'Search', click 'Manage search engines'. Remove any you don't recognise.
Finally, if you have Firefox, click on the menu icon then 'Add-ons'. Select 'Extensions' and again delete any mysterious ones. In the 'Options' window, under 'General' tab, click 'Restore to Default'. Finally, in the main Firefox window, next to the address bar, click the down arrow and select 'Manage Search Engines'. In the 'Manage Search Engine List' window, select any unknown search engines and click 'Remove'.
Prevention is key and we'd recommend you install reputable anti-virus software. If you don't want to buy a security suite from Kaspersky, McAfee, Bitdefender or Norton, free options are available from Webroot, AVG and Microsoft in the form of Microsoft Security Essentials. Thankfully these suites aren't like they used to be; they no longer slow your PC down like some of the software of old. They're all pretty lean, designed for a light touch on your system's resources. If you don't have one installed, now really is the time.
5 things you should always do on the internet
- Always check your browser address bar for any warnings about a non-reputable site's identity.
- Always install reputable anti-virus software.
- Always uncheck boxes during software installations if you're offered extra software to download.
- Always keep your browser up-to-date and enable automatic Windows updates.
- Always configure your browser for a high security level in Internet Options.
4 things you should NEVER do on the internet
- Never click on an email attachment from someone you don't know.
- Never be panicked into downloading something you don't want – just follow the steps we've covered here.
- Never install freeware unless it comes from a reputable site, with positive user reviews.
- Never give personal information to someone you don't know, even if requested by a bank or other financial organisation, the latter don't ask for personal details to be given online.
This story originally appeared on Lifehacker UK.