Spyware :: Threats :: Browser Hijackers

What is Browser Hijacking?

Browser Hijacking is caused by malicious code which can alter your browser settings without your knowledge. Browser Hijackers is extremely common, I'm sure most people have been victims of scum sites which add their own page to your favourites list without your consent. I personally have been to one page which added about 50 favourites to my browser contained within about 10 new folders, my PC slowed to a halt for a good minute due to the ridiculous quantity of new favourites. It's funny, they didn't seem to be favourites of mine.

Other common practises include changing your homepage. Your homepage is ONE site which you pick to be loaded automatically when you start your browser, how can these scum justify altering it without your permission? A homepage is a site which you consider good, not some cheap site which needs to resort to these practices to get hits.

These problems can be corrected quite easily by going into the Internet Options screen in IE. However, some sites have code which can change your search page, default search page, and default Start page etc, which can be annoying to fix, as it normally means fixing it manually by editing the registry.

Your search page can be found out by typing a few words in the address bar. If the address you typed in is not resolved by adding .com, .net etc to it - it will use your search page to complete the search. Depending on your search settings normally you'll get a search page from MSN search. For example, type 'yahoo' in the address bar and you should get directed to www.yahoo.com, but type 'yahoooooooa', because the .com .net and other top-level domains don't exist it will carry out a search on 'yahoooooooa' instead.

Here's a list of the typical effects a Browser Hijacker can have on your system.

  1. Altering the Homepage, Search Page of your browser.
  2. Changing various options in your Internet settings.
  3. Blocking access to certain functions (parts or all of the internet options screen, registry editor etc)
  4. Changing to reset (iereset.inf) file to prevent user being able to "reset web settings" within the internet explorer options screen.
  5. Automatically add sites to your "trusted zone"
  6. Hijack of URL prefixes, therefore if you enter a site in your browser without a prefix (ie google.com), internet explorer automatically appends http:// to the address. This function can be abused to redirect you to any site if you omit the prefix.
  7. Altering your winsock list of providers used to resolve domain names.
  8. Adding a proxy server so all your traffic could be intercepted.
  9. Altering your user stylesheet (normally used for visually impaired users), thereby changing the way websites appear.

Browser Hijackers : Further Info on Adoko
Further Information
URL Prefix Attacks
Internet Reset Hijack (iereset.inf hijack)
Host Hijack
Adoko Forum - If you've been hijacked, and need any advice on how to remove it - try the adoko forum.

Browser Hijackers : Links
Internet Controller - A program from Adoko.com, you might find this useful for sorting out hijacking problems.
Hijackthis - A great program for sorting out hijacking problems.