Microsoft defines browser hijacking as a kind of online fraud.
Cybercriminals use malware to take control of a web browser and influence what it displays on a user’s screen when surfing the web.
The manufacturer of Windows and Internet Explorer is particularly interested in curbing the spread of malware that attacks a web browser. The company provides some guidelines that will help to recognize that cybercriminals have taken control of the browser.
How to recognize a browser hijack?
Changing the home page, search providers and other browser settings are the most visible symptoms of browser hijacking. Malware also adds links to sites that you usually avoid.
Among other symptoms, Microsoft mentions the inability to open specific web sites, in particular, those related to security and anti-spyware software, the infinite number of advertisements appearing on the user’s monitor, and new toolbars and Favorites list entries in the web browser.
Malware can also significantly slow down your computer, try to set up your error pages or redirect your browser to a fake site if you make a mistake and enter an incorrect name in the address field.
Unwanted browser hijack programs also modify your browser’s security settings. For example, you may want to add sites to your list of trusted sites that should never be on your list.
It is not at all difficult to “catch” such an Internet virus. The most important medium for the spread of malware that attacks web browsers are sites that encourage the installation of various plugins, add-ons, and libraries on the user’s computer. Such a request can often be met when you try to play a video recording or download free (or illegal) software. Malware is also distributed as attachments to webmail and via social networking sites.
Finally, like spyware and adware, software that modifies browser settings is installed without the user’s knowledge or with the user’s unwitting consent. These applications are included in the freeware and shareware programs, giving their authors a chance to earn one or more dollars.
Examples of browser hijackers
- Win32/StartPage – A family of Trojan horses that change the home page of popular web browsers. The last modification of this bug was detected in 2013 and labeled Win32/StartPage.ORS, modifies Google Chrome, Firefox and Opera settings files and registry keys that store Internet Explorer configuration.
- JS/Chromex.FBook is another Trojan horse that was detected in 2018. The bug is distributed as an extension for Google Chrome browsers ((JS/Chromex.FBook.A) and Firefox (JS/Chromex.FBook.H). It remains hidden until you log in to Facebook. When this happens, the bug publishes its posts on the user board with a link to an infected site. That encourages friends to download and install the add-on to their browser.
- Win32/ProxyChanger modifies the proxy server settings to redirect traffic from selected websites to a different IP address. This tool is a technique used by various types of bank trojans who try to defraud login credentials and authorization codes. In W32/ProxyChanger.HJ, the bug tries to take control of a remote computer (deleting files, killing processes) and use it to carry out DoS-type attacks.
- Win32/Boaxxe is another family of sneaky trojan browser hijackers. In Win32/Boaxxe.BE, the bug modifies the search results to redirect the user to sites that contain adware. Also, it automatically “clicks” the ads to generate extra traffic for the scammers and conquer visitor statistics. Trojan works perfectly with Internet Explorer, Google Chrome and Firefox.
How to remove malware from your computer
In principle, you can remove any malware from your computer on your own. Removing malware requires deleting executable files, libraries, and other objects created by the trojan from the disk, and restoring the configuration of the operating system, browser, and other applications to their previous state.
Nevertheless, you can remove browser hijackers by using:
- RogueKiller
This is an advanced tool for removing malware, worms, and rootkits such as ZeroAccess and TDSS. The application uses a variety of methods and techniques to detect malware: heuristics, signature-based scanning, and some undocumented tricks.
In addition, RogueKiller scans system registry, running processes, loaded libraries, browser configuration and autostart entries. The tool quickly detects and corrects improper changes in the host’s file, DNS settings, proxy, and application shortcuts.
- AdwCleaner
It quickly finds and effectively removes various types of adware, unnecessary toolbars, PUPs and browser hijack programs that change browser settings. AdwCleaner displays scan results by category: Services, Folders, Files, Shortcuts, Registry, Internet Explorer, Firefox and Chrome.
Lastly, AdwCleaner is free of charge and does not require a subscription. The program generates a log of your work, which you can pass on to a colleague or computer scientist asking for help in removing an unwanted add-on to your browser.
- Junkware Removal Tool
Another security tool for searching and removing various types of adware, toolbars and other potentially unwanted programs (PUPs).
The application works from the command line and does not require installation on your computer. Junkware Removal Tool removes toolbars and other browser add-ons, including Ask Toolbar, Babylon, Facemoods / Funmoods, iLivid, IncrediBar, MocaFlix, and MyWebSearch.
The program scans the registry, installed libraries, autostart entries, running processes, Windows event logs and accessible browser settings.
- Malwarebytes Anti-Malware
This is a popular tool for malware removal and the most crucial competitor of Lavasoft Ad-Aware. The application is available in a free version and paid Pro for $24.95.
It offers three modes of computer scanning: fast, full and instant, although the latter is only in the full version of the program. The scanner also detects unknown (zero-day) malware, even those overlooked by antivirus programs.
In the full version, Malwarebytes Anti-Malware provides continuous protection, blocks hostile takeover attempts and phishing messages, and lets you schedule your scans according to schedule.
- Kaspersky TDDSKiller
This is a free tool for removing rootkits, malware that is designed to hide files, registry keys and processes that allow cybercriminals to maintain control over the system.
The tool fights bugs such as TDSS, SST, ZeroAccess, Sinowal, Whistler, Phanta, RLoader, and several others.
It scans computer memory, drivers and services, boot sector and loaded modules. When detecting malware, TDSSKiller uses the Kaspersky Security Network (KSN) cloud services.
The Norton Power Eraser Symantec helps to detect and remove deeply hidden malware, often overlooked by traditional virus scanning mechanisms such as rootkits, fake AV software, and others. The most exciting feature seems to be the Reputation Scan option, which allows you to assess the reputation of a file or folder in the Norton Cloud database.
How to prevent browser hijacking
Always use legal software. Update your Operating Systems as well as application software most especially web browsers to the latest version.
Lastly, you can make use of a VPN service provider such as RitaVPN to obfuscate your online activity. That way, you can evade online threats such as browser hijackers.
