Go Back   TechArena Community > ARENA > Guides & Tutorials
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



How to remove Hijacker

Guides & Tutorials


Reply
 
Thread Tools Search this Thread
  #1  
Old 21-09-2005
Member
 
Join Date: Mar 2005
Location: Mera Bharat
Posts: 5
Post How to remove Hijacker
  

A Hijacker is any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search Hijackers change your search settings. Homepage Hijackers will change your home page to some other site. Error Hijackers will display a new error page when a requested URL is not found. Hijacking has become very common, as these guide illustrate. This guide explains how to clear such hijacks of Microsoft Internet Explorer (IE) manually and how to prevent it by disabling scripting.

Search Hijacks
If your Search capability has been hijacked, your use of IE's Search Button (see below) will lead to unexpected (and usually unwanted) results.
What the hijacker has done is to change four registry keys:
Quote:
1. In the Root key HKEY_CURRENT_USER, the key Software\Microsoft\Internet Explorer\Main has a value "Search Page" that has likely been reset to something like "http://www.secret-crush.com/search/search.php"
2. The value "Search Bar" in this key has also likely been reset to something.
3. In the Root key HKEY_LOCAL_MACHINE, the key Software\Microsoft\Internet Explorer\Search has a value "SearchAssistant" that has likely been reset to something
4. The value "CustomizeSearch" in this key has also likely been reset to something.


Fixing this is simple. From IE's top menu bar, select the Tools menu. On this menu, choose "Internet Options". It will display a popup dialog box. Click on the Programs tab, to see a display like that on the right.

Find the button near the bottom labeled "Reset Web Settings". Give it a click, and these four registry settings will be corrected.


Last edited by devilish : 21-09-2005 at 09:11 PM.
Reply With Quote
  #2  
Old 21-09-2005
Member
 
Join Date: Mar 2005
Location: Mera Bharat
Posts: 5
HomePage Hijacks - How to remove Hijacker

If your Home page changes unexpectedly, you have a "HomePage hijack", and will see this page each time you invoke your browser. What the hijacker has done is to change the registry key:

Quote:
* In the Root key HKEY_CURRENT_USER, the key Software\Microsoft\Internet Explorer\Main has a value "Start Page" that has likely been reset to something.
* In the Root key HKEY_LOCAL_MACHINE, the key Software\Microsoft\Internet Explorer\Main has a value "Start Page" that has likely been reset to something like http://yourbookmarks.ws/
Fixing this seems simple, but some pests make repair a bit more difficult. For instance, CWS.Bootconf sets the first of these entries to http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63 %68%2e%63%6f%6d/%7a/%61/%78%31%2e%63%67%69?%36%35%36%33%38%37 This is "encrypted"; its decryption works out to http://www.searchv.com/
Reply With Quote
  #3  
Old 21-09-2005
Member
 
Join Date: Mar 2005
Location: Mera Bharat
Posts: 5
cool Disabling Scripting: How to remove Hijacker

IE supports "scripting", a useful but dangerous capability that you will want to disable if you ever visit unknown sites. The scripts that can be run will be Javascript or VBScript, often embedded in a web page you visit. Such scripts can execute ActiveX controls, which can do anything in your machine that any software can do.

To be stop scripting the easy way, do this: From IE's top menu bar, select the Tools menu. On this menu, choose "Internet Options". It will display a popup dialog box. Click on the Security tab, to see a display like that to the right.

Each zone has four security levels available, ranging from Low Security to High. IE is configured for Low Security when it is first installed. Medium or High is what you need.

Quote:
* High (most secure) Exclude content that could damage your computer.
* Medium (more secure) Warn before running potentially damaging content.
* Medium-Low (Same as Medium) No warning before running potentially damaging content.
* Low Minimal safeguard and warning before running potentially damaging content.


For the Internet Setting, move the slider to "Medium" This will ensure that you are prompted before signed ActiveX controls are run, and unsigned ActiveX controls will not run.

But it will still allow active scripting. So click on the "Custom Level" button, and follow these instructions:

Configure IE so that it does not run Active scripts automatically:
Quote:
* On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
* In the Settings box, scroll down to the Scripting section, and click Disable under Active scripting and Scripting of Java applets.
* Click OK, and then click OK again.
Configure IE so that it does not automatically use items that show active content, such as vertical marquees or animations:
Quote:
* On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
* In the Settings box, click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting.
* Click OK, and then click OK again.
Verify that IE's internal Java Just-In-Time (JIT) compiler is disabled:

Quote:
* On the Tools menu, click Internet Options, click the Advanced tab, and then click to clear the JIT compiler for virtual machine enabled (requires restart) check box under Java VM.
* Click OK.
Configure IE so that it does not run Java programs automatically.

Quote:
* On the Tools menu, click Internet Options, click the Security tab, click the Internet Web content zone, and then click Custom Level.
* In the Settings box, click Disable Java under Java Permissions, click OK and then click OK again.
complied from pestpatrol logs
Reply With Quote
  #4  
Old 01-10-2005
GunshotSilence
 
Posts: n/a
Re: How to remove Hijacker

well i guess i know whats the prob.

since i upgraded to ZA sec suite 6.67.00, its installation crashes due to some dll lib problem

see http://forum.zonelabs.org/zonelabs/b...ssage.id=40246

now im reinstalling the previous version 6.66. which worked fine 1 whole month since download only gave probs recently when it connected to dataone but no data transfer.
Reply With Quote
  #5  
Old 24-12-2005
Member
 
Join Date: Sep 2005
Posts: 110
where did u get all this guide... awesome man

nice information
Reply With Quote
  #6  
Old 13-01-2006
Member
 
Join Date: Dec 2005
Posts: 136
Re: How to remove Hijacker

Yeah Thanks Pal...it Is A Good One
Reply With Quote
  #7  
Old 12-06-2006
Member
 
Join Date: Dec 2005
Posts: 102
Re: How to remove Hijacker

thanks for this wonderful guide
__________________
"Water is insubstantial. By this I mean you can not grasp hold of it. You can not punch it and hurt it. Be formless, shapeless, like water.
Reply With Quote
  #8  
Old 15-06-2006
Member
 
Join Date: Jan 2006
Posts: 278
Re: How to remove Hijacker

Thats A Great Guide
__________________
If PrAcTiCe MaKeS pErFeCt AnD nObOdY iS pErFeCt WhY pRaTiCe...ThAtS wHaT pEoPlE mAkE hAcKs FoR
Reply With Quote
  #9  
Old 17-08-2006
Member
 
Join Date: Dec 2005
Posts: 87
Re: How to remove Hijacker

Thats A Good Post Mate
__________________
------- EARTH
Reply With Quote
  #10  
Old 03-10-2008
Member
 
Join Date: Aug 2006
Posts: 106
Hi,

How to Detect a Hacker's Attack?
- Its also a beautiful Guide on Hacker's. As the title suggests, it gives you information for detecting hacker.
Reply With Quote
  #11  
Old 06-10-2011
Member
 
Join Date: Oct 2011
Location: Portland
Posts: 1
Re: How to remove Hijacker

What if the Hijacker has attached it self to a specific account, not I.E. but like a yhaoo or google account? How can that be fixed?
Reply With Quote
Reply

  TechArena Community > ARENA > Guides & Tutorials
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "How to remove Hijacker"
Thread Thread Starter Forum Replies Last Post
How to remove Antivirfox.com hijacker Fox28 Networking & Security 6 05-08-2010 06:03 AM
How to remove Antispymega.com hijacker Erie Networking & Security 6 05-08-2010 06:02 AM
How to remove Antispymv.com hijacker Algonkin Networking & Security 5 05-08-2010 06:02 AM
How to remove Avmirror.com hijacker Beothuk Networking & Security 6 05-08-2010 06:01 AM
How to remove Av-fox.com hijacker TechyGuy Guides & Tutorials 2 02-08-2010 01:40 PM


All times are GMT +5.5. The time now is 07:53 PM.