- I don't normally ask Jeff to post items like this, but
the browser hijacker (which hijacks on Firefox and probably other browsers)
is a real show-stopper if you are doing research or just surfing the web.
If you copy and paste a URL into the browser's URL bar, you won't be hijacked
with this particular bug. But clicking on a link on a browser page or even
a link in an email will cause you to be taken somewhere you don't
want to go.
-
- If you perform a Google search and find that when you
click on a search result you suddenly are taken to myshovel.com, triplexfeed,
evil-, etc.. then it's very likely your browser has been compromised. One
such indicator of a bug present will be a very long URL that
appears up in the address bar. The string of text will not even remotely
resemble the URL you are clicking on. That long string of crytographic
letters you see is actually malicious code that re-directs your
browser to a commercial website.
-
- Leading anti-virus and anti-spyware programs won't find
this hijacker. You contracted this bug when you probably visited a
website which silently put the malicious file on your hard drive.
-
- The reason the malicious file is invisible to most
anti-virus or anti-malware programs, is that this bug hides itself using
a normally harmless file name like Google Installer. This filename is completely
ignored by anti-spyware and anti-virus programs. Tests and scans performed
with two popular anti-virus and anti-spyware programs - Xsoftspy and
ZoneAlarm Suite - has revealed they cannot find this bug as of this writing.
-
- A search of the web has revealed very little help to
solve this particular problem. The discovery of the root source of
this hijacker works and the solution for it below is completely my
own work and no one else's.
-
- WHAT TO DO
-
- 1. First, stop the problem immediately using your firewall.
Look at the list of programs in your firewall program. I found a program
named Google Installer. Think about this a minute - why would Google - a
search engine company - be installing anything on your computer?
-
- 2. Disable ALL priveleges for Google Installer and your
hijacking problem will probably be fixed immediately. If not, look for
some other installer that you never ask to be downloaded. You can always
go back later and re-enable it disabling a program doesn't fix the problem.
-
- 3. To test your repair, do a web search with Google you
did previously that was hijacked and see if the hijack to an unknown
commerical website still occurs. For example, use rense.com as a search
term in Google and then click on the link shown to see if it actually
takes you to rense.com. If so then you have fixed your problem.
-
- 4. Next, do a file search to manually find and delete
the malicious program.
-
- 5. NOTE! KEEP the program in your firewall program list
disable and do NOT delete it! This protects you in case it's somehow downloaded
again. If it ever is downloaded again, then having already listed in the
firewall as blocked will prevent future hijacking.
-
- This information was provided as a courtesy by data4science.net.
- I hope this information helps people everywhere have
a less painful web-surfing experience.
-
- Ted Twietmeyer
|