7 Gold

Re: My Browser has been Hijacked

That's good. We have just some remnants to clean up and you'll be in good shape. Please launch HijackThis and place a checkmark next to the following:

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

Close all other windows and click "Fix Checked". Close HijackThis. Reboot.

If everything is still running well....

To flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have installed Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. Microsoft's widows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date. Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_fr...

3.You might consider installing Mozilla / Firefox.

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7. Practice Safe Surfing with with TrendProtect by Trend Micro. This is not compatible with Firefox 3.0 yet. TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content. The following color codes are used by TrendProtect to indicate the safety of each site.

  • Red for Warning
  • Yellow for Use Caution
  • Green for Safe
  • Grey for Unknown

For Firefox, you can use Web Of Trust.  It uses similar colored alerts to warn about risky websites that try to scam visitors, deliver malware, or send spam.


8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"

"I'm not pulling your leg, honest"
by Sandi Hardmeier

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!


Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

1 Copper

Re: My Browser has been Hijacked

Hi Bugbatter,

Looks like a job well done. A tick for the good guys and a black eye for the bad malware people. You have my utmost gratitude for saving me significant time and money resolving this problem. I do hope that you get more from the assistance you provide here than grateful acknowledgements. Once again thank you for your prompt, professional and concise assistance.

Best Regards Geoff.


0 Kudos
7 Gold

Re: My Browser has been Hijacked

You are most welcome. I'm glad we could help. 

Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos