SECURITY EVANGELIST

PC is now booted, you open up the browser. It’s in the load screen a bit more than usual. You don’t quite know why, but it is kind of annoying. You have important stuff to do.

“Hmm?”

*click*  *click*

“This is so fascinating.”

*click*  *click*

“I don’t remember installing any of these.”

“Ah, browser hijacking, my old friend!”

How to protect yourself against a browser hijacker

Compared to other malware infections, browser hijackings are a less severe form of malware infection.

Most browser hijacking malware isn’t conceived to damage or steal your files. Instead, the authors of the malicious code seek to profit from you either by feeding you ads, redirect you to a certain page or, like in the example above, install various useless toolbars and other software on your device.

However, other types of browser hijackers may act as “gates” for truly nasty stuff, such as ransomware, keyloggers or even botnet malware that can enslave your device.

What is browser hijacking?

A browser hijacker’s usual definition is any sort of potentially unwanted program that installs itself on your computer without you agreeing to the installation. After this step, the hijacker will modify your settings in order for the browser to do one or more of the following:

1.    Feed you with a lot of malvertising popups and ads.

2.    Change your browser homepage to a new one.  For examples, it changes your default home page from Google to another search engine.

3.    Redirect you constantly to a particular website, such as an online store. This one is called a DNS hijacking.

But it doesn’t stop here. It won’t even allow you to change your settings, since it keeps reverting to its own default configuration. In other words, it will keep changing your browser’s homepage until you give up fighting it and accept the hijacker’s new homepage.

Creepy, isn’t it?

 

The fact that most users don’t run the latest  version of their web browser is also a major problem and helps hijackers spread with relative ease.

As you can see in the chart above, around 50% of browsers run an outdated version, with known vulnerabilities.

How do you get infected with a browser hijacker?

In a surprising twist, companies are responsible for many of the hijackers out there, due to the commercial interests involved. Of course, malicious hackers also have their own methods of installing a browser hijacker on your device, as we will see later on.

1.    When good companies go bad

Internet businesses are hungry for any sort of consumer information. This allows them to have better targeted ads and increase their profitability, even at the expense of user privacy.

Because of this, companies can do all sorts of unethical and even illegal shenanigans to install their software on your device.

For instance, advertisers may end up buying the company behind a popular browser tool-bar and then modify the product so it then feeds you ads or redirects you to certain pages.

But the most frequent cause of a browser hijack is malicious free software.

Free software is never really “free”. The developers have to make a profit somehow, so they track your usage habits and then sell the information or they bundle other apps in the installer. And more often than not, these other apps are even bigger pieces of junk.

Here’s what happened to the guys at howtogeek.com after they decided to default install the top 10 apps on the “reputable” download.com.

And here’s a memorable quote:

“Each time we ran through this experiment over the last few months, different software would end up being bundled in a rotation, but every single software that bundles itself ends up bundling the same culprits: browser hijackers that redirect your search engine, home page, and put extra ads everywhere.

Because when the product is free the real product is YOU.”

2.    Malware infections hijacked my browser

Sometimes you don’t even need to install a program to have your browser infected. Malicious hackers prefer simple solutions to complex problems, so instead of asking you to go through multiple steps in order to install an app, they instead ask for a single click.

And sometimes, it can be really darn hard not to give them that click.

Some pop-ups for instance are specifically designed so that the “X”, “Close” or “Cancel” is actually an “Install” button in disguise. And to make sure that you click it, they make the pop-up persistent, so it won’t go away even if you try to close down the browser window.

Other times however, you don’t even need to click something to have your browser hijacked. These types of malware attacks are called “drive-by-downloads” and are specifically designed to avoid any user interaction. They rely on almost undetectable fileless malware, which infiltrates your RAM and stays there, avoiding the hard disk memory where it can be easily picked up by a scan.

The scariest thing about drive-by downloads is that they can happen even on legitimate websites, since a cybercriminal can infect the page with malicious code, so every visitor is potentially at risk.

Browser hijacker removal guide

Usually, removing a browser hijacker can be done simply by uninstalling the malicious free programs behind it. However, if your real problem is actually a malware infection, then you will probably need some specialized tools and a bit more patience.

Uninstall the malicious free software and clean-up your system

Most of the times, simply uninstalling the troublesome app will solve all your problems. That being said, we recommend you use Control Panel for the removal process. After all, how much can you trust the “Uninstall” option on a malicious software?

To access this uninstallation method, press your Windows start button on the bottom left of the screen, then click on Control Panel (or use the search function if you can’t see it), and under the Programs section, click Uninstall a program.

This will then take you to a menu, simply click on the malicious app, and then press Uninstall/Remove button.

But there is a chance this won’t completely remove the malicious app from your PC!

 

It’s possible the app downloaded another program. In this case, you need to uninstall that one too, otherwise you are still exposed to further browser attacks. Be careful not to uninstall any Windows critical programs.

Reset these settings after you remove the browser hijacker

A browser hijacker works primarily by changing your settings so that it always redirects you to a certain page. That’s why you probably keep getting redirected even after you uninstalled the malicious software.

Fix any browser shortcuts the malware might have altered

Right click on the icon of your browser, and then go to Properties.

In the Shortcut tab you will see a Target field.

The hijacker will modify this field so it will always take you to a certain page once you boot up the browser. As such, you need to delete the URL in the target field.

In normal use, the browser target should look something like this:

Chrome: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”

Firefox: “C:\Program Files (x86)\Mozilla Firefox\firefox.exe”

In our example case, the browser was targeted to go to a suspicious website.

To fix this, simply remove the URL that comes after .exe”.

Browser hijackers will change your homepage and default search engine

So here’s how you can reset these settings and go back to your usual options.

Hijacked Chrome browser: Go to the Settings button in the top right corner of the browser. Once there, go to the On startup section.

The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

If however, you do want to setup a different homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as your homepage.

If the browser hijacker changed your default search engine, then go to the Search section and press the Manage search engines options.

Here you can select the default search engine and delete the ones you don’t need. So go ahead and delete the hijacker’s preferred search engine.

Settings for Firefox: You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.

In order to reset your default search engine, go to the Search tab. Choose your default search engine from the dropdown dialog box.

Also, be sure to remove any unwanted search engines the hijackers might have inserted into your settings.

Double check your proxy settings

Some browser hijackers can even change what Internet server you use to connect to the web. Simply removing the malicious program or the malware itself won’t change this, so it’s an important step in fixing up your computer.

To access your proxy settings, first go to Control Panel, then Network and Internet and finally press Internet Options.

In the Internet Options menu, go to the Connections tab.  Press the LAN settings button.

Make sure that Automatically detect settings is checked in, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are not empty.

Ideally, your settings should look like this:

How to remove malware-based browser hijackers

This one is a more serious issue and requires specialized software to properly remove the damaging malware.

1.      First, you need to restart your computer in safe mode with networking

To restart your computer in Safe Mode, you need to restart it and press the F8 key at boot-up. Assuming you pressed the key at the right time, you should arrive a screen similar to this one.

Be sure to select Safe Mode with Networking, since you’ll need an internet connection to download some necessary programs.

Having trouble entering Safe Mode? Then check out either this article or this one instead.

2.    Download the free Kaspersky TDSSKiller and remove any rootkits on your PC

 

This tool specializes around detecting and removing rootkits. These are special types of malware designed to gain privileged access to your computer and lower its defenses so other types of malware can go ahead and properly infect the computer.

Here’s where you can download the tool.

The program is executable, meaning you only have to start up the downloaded program and let it run.

SOURCE

3.      Use the Rkill software to stop a malicious process so you can then eliminate it

Malware often comes with its own defensive functions, designed to stop security programs from detecting and removing it. For this reason, you’ll need to use a process killing software to freeze the malware while you go ahead and wipe it out of from your PC.

Download link for Rkill.

All you have to do next is to simply run the program and wait for it to finish.

IMPORTANT: Do not restart your PC at this point, since you will also restart the malware process.

4.      Use Malwarebytes Anti-Malware to remove the browser hijacker from your PC.

Malwarebytes Anti-Malware is a free security tool that excels at removing malware on your PC, without entering into conflicts with your antivirus program.

Once you finish downloading and installing the program, do a scan and then press Quarantine selected in order for the discovered threats to be removed at your next system restart.

SOURCE

5.      Still not sure you cleaned up that pesky hijacker? Use HitmanPro to clean up the stragglers.

A well-known and trusted security tool, HitmanPro doesn’t interact in any negative fashion with known antivirus or security programs.

Download Link

It’s worth mentioning that is a premium software, but it does a trial version, so you’ll need to press Activate free license in order to enjoy the 30 day trial and get on with the malware removal process.

6.      Use AdwCleaner to remove any other adware and browser hijackers you might have hidden on your PC

AdwCleaner is a free browser hijacker removal tool, specialized around removing adware and other similar types of malware.

Here’s the download link for AdwCleaner.

The program is an executable one, meaning you don’t need to install it. Just press it and run.

Once you finished the scan, press the “Clean” button to remove the threats you might have on your PC.

Hopefully, your PC should be completely cleaned up by now!

How to prevent a browser hijacker infection

You’ve probably noticed how time consuming and complex is to remove a browser hijacker, or any other malware for that matter. It’s easier to prevent an infection rather than clean up after one.

There’s even a saying for that: “An ounce of prevention is worth a pound of cure.”

So in this section, we’ll go over all the steps you should follow to prevent a hijacker from taking over your browser.

Keep your software updated at all times

Browsers are some of the most vulnerable apps you can have on your computer. Because they are the first point of contact to the Internet, browsers are exposed to some of the worst kinds of attacks and exploits.

Not only that, but browsers are developed by humans, meaning they are flawed by design. Here’s a graph from CVEdetails showing just how many security vulnerabilities have been identified for browsers over the years.

Source: www.cvedetails.com

Because of this, we recommend you make sure your browser is updated to the latest version, so that known vulnerabilities are patched up.

However, you should also keep all other software on your PC updated as well, most importantly your Windows operating system.

We admit that constantly monitoring your apps to make sure they are updated can be a chore, but thankfully, our own Heimdal FREE can take away a lot of the pain involved in the process, since it automatically updates the software without bothering you with pop-ups and other useless notifications and dialog boxes.

Use a good antivirus to keep the hijacker away

A good antivirus can make all the difference between an infected PC and a clean one. That’s why you should put some thought into finding the best one for your needs. Here’s a complete guide to finding the best antivirus you could use.

Be suspicious of free programs

There is no such thing as a free program. Yes, you don’t give away money to use it, but you pay for it in other ways.

Double check how secure and legit a free program is before you download it. Do a Google search such as “is (name of software) safe” or “is (name of software) legit”.

Trustworthy free apps and software should have good reviews and user opinions. If you can barely find any information about the software in question, then that’s a bad sign. If the little information you do find is negative, and claims the software is actually a malware or adware in disguise, then run for the hills and don’t look back, since you’ve just avoided some unnecessary cyberpain.

Most of the times, this should be enough to weed out the bad software out there and leave you with the ones that are truly good.

Avoid suspicious websites at all costs

Sometimes it’s impossible to know whether a site is trustworthy or not before you click the link to it. But once you are on their page and it looks something like this:

Then you know for sure you have to get out and never visit that website again. The less time you spend on it, the better.

Conclusion

Browser hijackers are an annoying and aggravating type of malware. Fortunately, it’s not as severe as a ransomware attack or financial malware, but if you don’t take it seriously, it might snowball into a much more serious problem.

secure Online Browsing guide
2017.11.17 SLOW READ

Here’s How To Get Solid Browser Security [Update 2017]

where-malware-hides-featured
2016.10.27 SLOW READ

Practical Online Protection: Where Malware Hides

Traffic Filtering online security
2016.03.23 SLOW READ

How Traffic Filtering Can Secure your PC from Cyber Threats

Comments

At least give Jay Z some credit

99 problems

PAUL
CUCU
JR. SECURITY EVANGELIST

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP