Also known as homepage hijackers, Browser hijacker bugs are a type of malware (a trojan, I believe) that changes browser defaults, effectively "hijacking" a users homepage and sometimes even adding unwanted links to favorites lists. A browser hijacker changes users homepages, typically pointing it to a new site full of links, ads, pop-ups and other annoying money-making features. They also commonly install spyware and adware on your computer to keep track of the sites you visit so they can analyze your browsing habits and target their marketing better.
Browser hijackers can get on to your computer a few different ways. Many browser hijackers exploit errors and instabilities in IE to get onto your computer (commonly disguised as BHOs a.k.a. browser help objects). These kind of bugs can be installed onto your computer without your knowledge or consent, by simply viewing a webpage that employes these bugs. Some browser hijackers come disguised as a "browser enhancment", offering free gifts, special software and other enticements to users in an attempt to get them to download the bug onto their computers. Browser hijackers can come in the form of *.hta, *.js, and *.EXE files (and many many others).
In some (rare) cases, a browser hijacking can be easy to fix by simply changing your settings back. Unfortunately, most browser hijackers change your registry and install programs on your computer that change your defaults back to their settings everytime you open your browser or re-start your computer. In some cases, browser hijackers have even been know to remove the internet options from the toolbar, preventing users from changing their settings.
Getting Rid of Hijackers
A few browser hijackers can be gotten rid of by running a spyware removal program. The most highly recommened are Norton Antivirus, Ad-Aware (available free from www.lavasoft.com) and Spybot Search and Destroy.
Another easy and highly effective technique is to stop using internet explorer. Most malicious code is written to exploit internet explorer. If you stop using it, the code stops working. Internet explorer is also riddled with errors that the programmers of Mozilla (http://www.mozilla.org/), Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com/) have taken care to avoid.
If you are going to continue to use internet explorer it is recommended that you get Windows Updates (http://windowsupdate.microsoft.com) as often as possible and replace Microsoft Java VM with Sun Java (go to http://www.java.com) (browser hijackers have been known to exploit errors in Microsoft Java VM as well.)
If you are one of the unfortunates that has been infected with CoolWebSearches go to Merijn.org (http://www.spywareinfo.com/%7Emerijn/cwschronicles.html) for vital information on the virus in its many incarnations and a free downloadable program that will remove most versions of it. (Have used this site and its download in the past and find that it is VERY effective, I highly recommend it.)
For more information and indepth instructions on removing various Browser Hijacking bugs visit these pages: (it would be pointless and ridiculously time consuming for me to duplicate the removal procedures here)
- http://www.spywareinfo.com/articles/hijacked/
- http://www.geekgirls.com/net_hijacked.htm
- http://www.spywareinfo.com/%7Emerijn/cwschronicles.html
- http://www.pcstats.com/articleview.cfm?articleID=1579