How to Kill Pesky Homepage rodents and Secure your Browser

Buy Shoes

Homepage hijackers are basically those codes or pieces of software that cause your default homepage setting in Internet Explorer to change from
your settings to the hijackers' settings. Even if you manually change IE's default homepage setting, it will simply revert once you restart your PC. And trust me, the websites set by the hijackers to be your default homepage can be pretty sick.

So what causes your homepage to be hijacked?

The single most important factor is spyware. (Read more in Spider's October
2003 issue). Spyware which sends information about your surfing habits can just as easily send information about your PC, hence ensuring that a third party has access to your browser's settings.

Cookies also play an important role. You have no clue as to how many cookies are installed on your PC when you are visiting any website. Any of these cookies can be the culprit.

A program installed on your PC ensures that the hijacker's homepage remains the default one. This program can come from any source (spyware mostly).

Some programs use the Windows startup registry. They put a reference to their hijacking program in the registry, hence every time you start Windows, this program will run and your default settings will be changed.

Hijacks can also happen if you've downloaded an executable file that promised to enhance the abilities of your browsers or update it. Such executable files are nothing but a means of hijacking your browser.

Some hijackers exploit a security loophole in Internet Explorer. This loophole allows the hijacking program to be installed on your PC while you are viewing a website, or by changing your system's settings, cause the hijacker's commands to run. Through this program, they will install one or more files which have an .hta extension. These files will be run on Startup
by Windows Scripting Host and hijack your
browser's settings.

Detection and Removal

  1. Install a good anti-hijack software and keep on updating and running it.

  2. Perform a "*.hta" search on all your drives and see if you can locate the files with ".hta" extensions. If you find such files on any your hard drives, then change their extension to either ".htat" or "hta_l" so that they cannot be accessed by any malicious code.

  3. Edit your Windows registry so that the hijack program does not load every time you start your PC. For more technical details on how to edit your registry, check out the sites listed in this article. A word of caution here: if you don't know what you're doing, then you'd better not mess with the Windows registry.

When my PC got hijacked, I used a combination of the following software before I got rid of the annoying homepages:

Cool Web Search Shredder
HijackThis 1.97.7
Lavasoft Ad-Aware 6.0
Spyware Blaster
Spyware Guard
SpyBot Search and Destroy
Zone Alarm Firewall

Long-term measures:
Be very vigilant about installing any new software, especially if it makes tall claims.


Copyright Manjor Inc.