Spyware :: Threats :: Browser Hijackers :: Internet Reset Hijack

Internet Reset Hijack (iereset.inf hijack)

It's possible to reset your browser settings in Internet Explorer. You can do this by going to "internet options" then the programs tab.

When you click reset Internet Explorer reads it's default settings from a file called iereset.inf. This file basically carries out a few registry changes on the system like altering the StartPage and DefaultSearchPage. Unfortunately some Hijackers know that users may want to get rid of their hijack and that many users just click reset to undo the changes the hijacker made. Therefore some browser hijackers even go as far as to alter this file as well, so when the user clicks reset it just resets with the values the hijacker already has made.

HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Page_URL",0,%START_PAGE_URL%
HKLM,"Software\Microsoft\Internet Explorer\Main","Default_Search_URL",0,%SEARCH_PAGE_URL%
HKLM,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","1",0,"www.%s.com"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","2",0,"www.%s.org"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","3",0,"www.%s.net"
HKLM,"Software\Microsoft\Internet Explorer\Main\UrlTemplate","4",0,"www.%s.edu"
HKCU,"Software\Microsoft\Internet Explorer\Main","Search Page",0,%SEARCH_PAGE_URL%

Above is a small portion of the file. You can see that this file is just text and it's possible to alter any one of these values. The searchalot.com hijack was known to alter these value in the iereset.inf file.

Browser Hijackers : Further Info on Adoko
Further Information
URL Prefix Attacks
Host Hijack
Adoko Forum - If you've been hijacked, and need any advice on how to remove it - try the adoko forum.

Browser Hijackers : Links
Internet Controller - A program from Adoko.com, you might find this useful for sorting out hijacking problems.
Hijackthis - A great program for sorting out hijacking problems.