One of the most annoying and often dangerous computer compromises is browser hijacking. You probably have experienced it. A program changes your home page, redirects browser typos to a search engine you have never heard of or to other sites. This is annoying, popping up ads and displaying unwanted site. However, it is often malicious. The pop-ups and redirected sites may download spyware or viruses that monitor or control your computer.
You may have inadvertently approved the installation of the browser hijacker when installing another program. License agreements and approvals are very ambiguous and many of simply do not pay attention to what we are approving during installations. Companies make money by bundling the installation of other firm’s software with their installations and do not always take good care that they are dealing with reputable firms.
Browser hijackers are also spread through infected e-mail, a file share, or a drive-by download. Suffice to say you should not rush past user agreements and be sure you know what you are downloading when you click on links. A momentary lapse of judgment when dealing with an unknown source can cause a world of hurt.
Some browser hijackers can easily be removed through the Windows Control Panel uninstall. However, many have reinstall programs that will then run on reboot. It’s possible, but very difficult to locate and delete such reinstall programs. I’ve accomplished this by searching on names that I know are related to the hijacker and looking for program files most recently installed or created.
Another strategy for removing hijackers is to completely uninstall the browser. For this to work, you may need to delete all user data and folders related to the browser. Beyond the most popular, there are a lot of good browsers out there, such as Comodo Dragon, that you could try if this fails.
Browser hijackers can also be removed with good virus and spyware scanners. Scanners often identify such programs as potential hazards, but may not automatically remove them. If you have been hijacked, make sure you run a scanner and review its results carefully.