Make your own free website on Tripod.com

For years, companies such as Microsoft, Netscape and many others have been adding links and changing browser settings without permission.

One example: When you install AOL or any of its affiliated programs, such as ICQ or AOL Instant Messenger, without asking it adds http://free.aol.com to Internet Explorer’s Trusted Sites zone.

Any site in the Trusted Site list is treated as a ‘safe site’ and by default all of IE’s security options are set at their least restrictive for these sites. This means if you visit the AOL site, AOL can run any script, download items to your desktop and perform a variety of functions without requesting your permission.

 

AOL/Netscape -- automatically adds itself to Internet Explorer's Trusted Sites zone. To eliminate it: Select Internet Options from the Tools Menu, click the Security tab, click Trusted Sites and then the Sites button, locate http://free.aol.com in the list of sites, select it, then click Remove.

01_IE_Trusted_Site.jpg (24463 bytes)

It’s easy enough to undo such changes. Indeed, most browser hijackings require little more than a resetting of options.

Advanced Hijacking Techniques

Some browser hijackings, though, are more destructive. For example, home page hijacking. In its simplest form, home page hijacking is very easy to recover from:

Select Internet Options from the Tools Menu, on the General tab type your desired home page’s address into the Home Page box, and click OK.

That’s easy enough. But some home page hijackings go further. Three techniques used include:

How hijackers strike

There are numerous ways.

Defending yourself

Fortunately, most hijacking attempts can be prevented by using a few common sense measures:

 

Step-by-step: Fixing a hijacked Internet Explorer

Note: These instructions involve editing the registry and other advanced techniques. Do not attempt these procedures without making proper backups and don’t attempt them at all if you’re not familiar with registry editing.

  1. If your Control Panel’s Internet Options have been disabled, get them back by locating the file control.ini.

Go to Start -> Find/Search to locate it. 
Normally located in c:\windows

02_Control_ini.jpg (46517 bytes)


Open control.ini in Notepad and look for the lines:

[don’t load]
inetcpl.cpl=yes

03_Control_ini2.jpg (48007 bytes)

 

Delete the  inetcpl.cpl=yes    line, close and save the file and reboot your computer.

04_Control_ini3.jpg (63766 bytes)

Close any open Internet Explorer windows.

  1. Next    Click Start -> Run,

a. type regedit and click OK to open the Registry Editor.

b. Navigate to:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

If you find sub-folders called restricted or control panel, delete them.

05_RegEdit02.jpg (44540 bytes)

06_RegEdit03.jpg (44385 bytes)

Check for the same sub-folders in:

HKEY_LOCAL_MACHINE\ Software\Policies\Microsoft\Internet Explorer

and delete them, too, if they exist. Then close Regedit.

  1. If your search pages have been redirected, re-establish the defaults:

a. Again open the Registry Editor and navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

07_RegEdit04.jpg (80154 bytes)

 

4. Go to  IE's top menu bar, select the Tools menu.
      Scroll to  "Internet Options".
      It will display a popup dialog box.
      Click on the Programs tab, to see a display like that on the right.

      Find the button near the bottom labeled "Reset Web Settings".
      Click, and these four registry settings will be corrected.

    08_IEResetWeb2.jpg (56125 bytes)

  Reset your home page to your chosen page:

  1. In Internet Explorer, choose Internet Options from the Tools Menu
    and, on the General tab, type in your preferred home page.

           IE_Options01.jpg (51710 bytes)


  1. Do a search for any files with the extension HTA. If you find any such files, open each in turn in Notepad and see whether they contain a reference to the site which has hijacked your browser. Delete any HTA files which contain such a reference.



  2. BHO'S: A Browser Helper Object,  is just a small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. For example, Go!Zilla, the downloading utility, installs a BHO created by Radiate (formerly Aureate Media); this BHO tracks which advertisements you see as you surf the WebThey can also routinely conflict with other running programs, cause a variety of page faults, run time errors, and the like, and generally impede browsing performance

    Use BHODemon   Bho Captor or BHOCop to control which Browser Helper Objects (BHOs) are loaded when you open your browser. When you run the program, it will let you know which BHOs are being loaded. Usually, you should see nothing more than Acrobat Reader (Acroiehelper.ocx) and perhaps an anti-virus helper, such as Norton’s NavShExt.dll. If BHODemon reports any other BHOs, click the Details button and then More Details to check the source.

    If you’re suspicious of any BHO, disable it (usually by unchecking it from the list provided by the programs).


  3. Click Start > Run > msconfig and check the programs under the Startup tab. If you find an entry which contains    regedit.exe /s         disable it, and disable other programs you know to be suspicious.

    09_msconfig.jpg (40780 bytes)

    a.   Still in msconfig, click the System.Ini tab and click the + beside [boot] to expand the section. Look for a line reading shell=explorer.exe. The line should read exactly that; delete any following commands, but make sure you leave shell=explorer.exe intact.

     

    10_Systemini.jpg (45139 bytes)

     

    Note: If you’re using Windows NT, 2000 or XP, this information is contained in the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

    Which should contain the value explorer.exe.

    Click OK to exit from msconfig and reboot your system.