how do u get rid of a hijacked home page?

Answer 1

Many different types of Trojans install homepage hijackers. Knowing the homepage would be a great help in determining the Trojan and the best removal method.

It could be a Smitfraud Trojan that installed the Homepage hijacker. These two sites remove Smitfrauds.

http://www.internetinspiration.co.uk/roguefix.htm

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

A Vundo Trojan could be the culprit.

Please download Atribune's VundoFix.exe (version 4.2.71 [as of 21 April '06], or later), from

http://www.atribune.org/ccount/click.php?id=4

and save it to your desktop.

Double-click VundoFix.exe to run it.

Put a check next to Run VundoFix as a task.

You will receive a message saying vundofix will close and re-open in a minute or less. Click OK Note: If VundoFix does not reopen after a minute (or two), then you should skip-over the "Run as a task" step, and continue-on to the following steps to SCAN and REMOVE.

When VundoFix re-opens, click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

It could be any number of other Trojans that installed it. AVG Antispyware is the best general Trojan remover available. Since many adware are installed by Trojans the Adware SE may be helpful. Do the step listed below them for the best chance of removal.

Download and Update Ewido (now called the AVG Antispyware). Do not run:

http://www.ewido.net/en/download/...

Download AdAware SE and update. Do the setup. Do not run:

http://www.filehippo.com/download_ad-aware/

AdAware SE Setup:

1. Select "use custom scanning options" then select "customize". Make sure the following options are enabled: "scan within archives," "scan active processes," "scan registry," "deep scan registry," "scan my IE favorites for banned URLs," "scan my Hosts file."

2. Select the "tweak" option. Under "scanning engine," make sure "unload recognized processes and modules during scan" is enabled. Enable "scan registry for all users instead of current users."

3. Under "cleaning engine" turn on "always try to unload modules…," "during removal unload explorer and IE if necessary," "let windows remove files in use at next restart," and "delete quarantined items after restoring."

4. Use the "select drives and folders to scan" option to ensure that your entire hard drive is scanned (if you have more than one hard drive, scan all of them (of course, do not include floppy and CD/DVD).


TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR ANTI-VIRUS OR ANTI-SPYWARE PROGRAM.


When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode. DON'T FORGET TO RESET HIDDEN FILES AND FOLDERS.


NEW RESTORE POINT.

The RESTORE POINTS may be infected with the Malware and cannot be used.

HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.

Answer 2

Without knowing what you are infected with, this could be hard to suggest something. Here are some general tips.

Update and run your Anti-Virus program. Don't have one? You can run a free online scan from Trendmicro. When I have tested it it takes some time to run it but it may be time well spent if it can fix any problems.

Download and run http://housecall.trendmicro.com/


Download, update and run Spybot---http://www.safer-networking.org/ . Don't forget to use the Immunize feature.

Download, update and run Adaware---http://www.lavasoftusa.com/software/adaware/products/select_your_product.php

Download SpywareBlaster---http://majorgeeks.com/download2859.html

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.

It's main features include:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially dangerous sites in Internet Explorer.

If the above programs can not fix it (excluding spywareblaster ) try HighjackThis.
Download HijackThis---http://www.spywareinfo.com/~merijn/programs.php#hijackthis. Run and Save a Log. When you log comes up copy and paste the entire log at http://www.hijackthis.de/ . Analyze your results. You will then get a screen that will tell you if you have any nasty stuff in your computer. Follow instructions to deal with any nasties. CAUTION: This is a very powerful tool. Be careful.

Answer 3

There are a number of free anti spyware programs to reverse the changes to your computer. Download and install Spybot Search & Destroy and L:avasoft's Ad Aware. Once you have installed them, update them and run a scan. Be sure to quarantine any suspicious files. You can download both programs at

http://www.filehippo.com/software/antispyware/

Read the following articles for instructions on how to best use both programs.

1. "How to effectively remove Malware using Spybot Search & Destroy" (http://www.malwarehelp.org/how-to-effectively-remove-malware-spybot1.html)

2. "How to effectively remove Malware using Ad-Aware SE Personal" (http://www.malwarehelp.org/how-to-effectively-remove-adaware1.html)

Answer 4

There's a lot of good tools out there that can help removed hijacked web browsers. This is one that I commonly use. Be careful of what you remove but I'm certain that it'll help you out.

http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

Answer 5

Re set in Internet explorer