Results 1 to 9 of 9

Thread: is there a way to recover from browser hijacking?

  1. #1
    Join Date
    May 2014

    is there a way to recover from browser hijacking?

    my browser got hijacked! it must have been one of the freeware programs i installed. i always have a strict rule to scan every downloaded exe file before installing it but unfortunately, i still got infected. what's happening is when i go to a particular site, the browser will be directed to another site. i can turn off javascript and stop this from happening but this is non-browser specific because when i use another browser, it's also being directed to that site. i'm thinking there's a running process that's injecting the javascript code whenever i visit the site i want to visit so i used sysinternals autoruns and procmon to tried to find the malware but wasn't able to.

    am i correct that there's a malware process that's injecting the javascript code to redirect the page? if so, how to i find and get rid of it? and if it's not a malware, where does the malicious javascript code come from?

    it's frustrating trying to locate this malware....i'm almost to the point of reinstalling windows.

  2. #2
    Join Date
    Oct 2013
    Sheboygan, Wisconsin
    And your browser is???

  3. #3
    Join Date
    May 2014
    firefox and internet explorer

  4. #4
    Join Date
    Oct 2013
    Sheboygan, Wisconsin
    Malwarebytes, https://www.malwarebytes.com/
    Adwcleaner https://www.malwarebytes.com/adwcleaner/
    and Junkware Removal tool. https://www.malwarebytes.com/junkwareremovaltool/

    Then look in add-ons for it too.

  5. #5
    Join Date
    May 2014
    none of those tools found anything....

  6. #6
    Join Date
    Oct 2013
    Sheboygan, Wisconsin
    Hate to say it, reinstall time if they could not find it.

  7. #7
    Join Date
    Jun 2017
    The browser hijacking issue may be caused by malware or adware, that youíve unwittingly installed it on your Windows, or if not, you may have had your DNS settings in your router hijacked, or you may simply be visiting sites that have JavaScript-based redirectors that trigger after conditions are met.

    The process you will need to use depends on how it operates. For a lot of malware or adware, it typically comes in when you install an already infected application from the Internet.

    There are a lot of people who intentionally propagate these infections through freeware or shareware on the Internet using "bundling". If you use Windows PC, freeware from the Internet may bring such adware or malware.

    The first thing to determine is exactly whatís doing the redirection.

    For example, if itís your router, itís not even your PC' fault, and it can usually be fixed by updating your DNS settings in the router, or having the ISP doit for you.

    If it is caused by adware or, follow the steps below:

    Uninstall suspicious programs from Windows Control Panel
    Remove unfamiliar browser add-ons/extensions
    Reset your browser settings to defaults or reinstall your browsers
    or try the following free anti-malware programs:
    Download and scan with AdwCleaner. Have it found something and deleted, then reboot => https://www.malwarebytes.com/adwcleaner/

    Download & Scan with Junkware Removal Tool. Have it found something and deleted, then restart => https://www.malwarebytes.com/junkwareremovaltool/

    Download & Scan with MalwareBytes Anti-Malware Premium 14-Day Free Trial. Property MBAM quarantine found everything, then restart => https://www.malwarebytes.com/premium/

    Follow-up by doing a scan with malware removal tool (free virus scanner). Remove / delete everything that found itself, then reboot => http://www.okpckit.com/SpyHunter_Download.php

  8. #8
    Join Date
    Mar 2007
    You have other perennials such as Spybot Search & Destroy, Ad-aware and Spywareblaster and you should also invest in a decent firewall and anti-virus service.

    As a temporary measure, if you open your hosts file and insert the URL of the sites redirection and point it to then your browser is only redirecting to your localhost (your computer) But I do recomend that you download, install, update signatures then DISCONNECT completely from the internet, that means unplugging your cable or turning the router off while you do a deep clean of your computer. Note that some programs will take a long time (Spybot & Adaware) whereas Spywareblaster is a program that populates your hosts file and does not need to be run until you update and enable the protection for your browsers.
    --> JavaScript Frameworks like JQuery, Angular, Node <--
    ... and please remember to wrap code with forum BBCode tags:-

    [CODE]...[/CODE] [HTML]...[/HTML] [PHP]...[/PHP]

    If you can't think outside the box, you will be trapped forever with no escape...

  9. #9
    Join Date
    May 2014
    thanks for your inputs but i found out what the problem was. the website in question doesn't allow you to access the homepage if you don't have adobe flash plugin installed. it redirects you to a page to install flash but since that page is no longer maintained, you get a generic "buy this domain" page that makes it look like your browser has been hijacked!

    it's too bad that i had to find this out after i repartitioned my hard drive and reinstalled windows....

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.10389 seconds
  • Memory Usage 2,919KB
  • Queries Executed 14 (?)
More Information
Template Usage (32):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (9)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates