• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Browser Hijacking › Tips › Tutorials - HowTo › Hijack Removal “How to”

Hijack Removal “How to”

Myantispyware team December 5, 2005     No Comment    

Any of the products below will remove most hijackers completely, unless it is one which has just started spreading.

Spybot S&D [recommended]
Ad-aware

If you have a hijack that is not fixed by any of these products, you may use these solutions below that I have gathered after helping to fix these same problems countless times through email and at a comp tech forums. Read on…

Your browser now has a new start page and a new search page. Every time your browser loads a page that doesn’t exist, you end up at some strange site, probably filled with popup ads.

Skip any step that deals with a problem that doesn’t effect you

1. Assuming that none of the spyware removal programs listed above helps you, the very first thing you need to do is download and run HijackThis. Put a check mark next to every search and start page setting it lists which you haven’t put there yourself and choose fix. Do the same for any hosts file entries. If it lists anything as O5, O6, or O7*, fix those as well. Please ask for advice at a comp tech forums before using HijackThis to change anything else.
*Note: Spybot S&D, Start Page Guard, Settings Sentry, and similar programs may provide options to lock settings against unauthorized changes. If you have these options enabled, HijackThis will detect that as a restrictions hijack. Disable those options before scanning with HijackThis.

2. Second, you have to put Internet Options back into the control panel. Do a file search and look for a file named “control.ini”. Open it in Notepad. You may see something like this:
[don’t load]
inetcpl.cpl=yes

Delete the “inetcpl.cpl=yes” line under “[don’t load]”. Save and close the file, then try the control panel again. If it’s still not there, restart your machine and it should be there.
For Windows 2000 and XP, you will need to edit the registry to do this. Go to the start menu > RUN command > type REGEDIT and press enter. Navigate through the registry keys until you get to HKEY_CURRENT_USER\Control Panel\don’t load\. Look and see if inetcpl.cpl is listed. If it is, delete the entry for it and log off.

3. Run a search on your hard drive for any files ending with *.hta or *.js. If you find any, open them in notepad or some other text editor and look for the URLs that you have been hijacked to. Any file with those URLs, delete them. Also delete all *.tmp files on your drive; some of them contain malicious code (for e.g. browser hijacks or malware (re)installations). Besides, deleting *.tmp files doesn’t hurt, unlike dll’s which are also used sometimes for this purpose. (Thanks to cexx.org for the additional info in this step).

4. HijackThis will list any BHO(browser help object) installed on your computer. Check the BHOs listed against the list of all known BHOs. If you find one listed as some sort of spyware/malware/hijackware, run HijackThis again and find that BHO in the list. Check its box and have HT fix it.
If you find a BHO that is not included in the list, please make a post in the Browser Hijackings section of comp tech support forums with the HijackThis log pasted in along with an explanation of your problem. Please wait for replies before deleting this BHO, as it may be a new one which I can have added to various spyware/malware cleaning programs. It may also be an innocent file that is not causing your problem, so please wait for advice before deleting it.

5. Now you need to see if there is a startup entry for your hijacker file. The next time you reboot, the hijack might come right back. The reason for this would be an entry in the run section of the registry.
Look in HijackThis for 04 startup items. Check the entries listed against Pacman’s List. Items listed as virus, malware, spyware, or something else that is undesirable, put a checkmark next to it and “fix” it.

Again, it will be absolutely necessary for you to close all open Internet Explorer windows before any of these changes will take effect. That includes this window. Some changes may even require a log off or even a reboot before they have any effect.

Still not fixed?

I hope this helps anyone who has become a victim of a browser hijack. If it does, great.
If the problem still remains after doing all of the above, you can visit comp tech support forums and post the specifics of your problem there.

Browser Hijacking Tips Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Mo22.biz
How to remove Mo22.biz pop-ups (Virus removal guide)
gtlbin.pro
How to remove Gtlbin.pro pop-ups (Virus removal guide)
New-message.co pop-ups
How to remove New-message.co pop up scam (Virus removal guide)
Maxcooper.club
How to remove Maxcooper.club pop-ups (Virus removal guide)
Mo21.biz
How to remove Mo21.biz pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

remove chrome extension
How to remove Chrome extensions installed by enterprise policy
How to reset Google Chrome settings to default
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]

Recent Posts

HijackThis – your first tool for remove homepage hijackers
Browser Hijacking
How to remove CWS Hijacker
IE flaw lets intruders into Google Desktop
More exploits out for Windows flaws

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.