Has Your Browser Been Hijacked?

Now there are all kinds of annoying problems today being online, such as: having your email identity stolen, being banned by you ISP for spamming, even when you’re not the culprit, but lately for myself and many others, it’s been browser hijacking.

I’m beginning to feel unsafe wherever I go on the internet. A seemingly perfectly innocent looking page that I’ve surfed to has hijacked my browser yet again! Some hijackings are pointing directly to porn, while others point to (a) search engine(s) that I’ve never heard of, nor are they listed in directories of search engines.

Who are these people and who do they think they are? How dare they ‘make’ my browser go where they think I would want to go, when it’s not at all anywhere I’d even consider? I’ve been protecting my computer and personal information from the world, taking every precaution, but all for what? Just to be hijacked time after time. Not only do these hijackings get your browser, but the latest is to use instant messaging programs for the purpose of hijacking browsers! AOL’s AIM instant messenger stand alone software is used by millions, some of their ids are being used by hijackers, who are placing files and/or web URL’s on profiles, an unsuspecting person who thinks they are viewing an actual web URL or file of a ‘friend’, may actually be asking for a hijacking by clicking on the link or downloading the file!

Hijackers can and do leave executables in places that will re-execute the hijack on every reboot, some don’t execute right away, but do after a reboot. These hijackers are smart too, each hijacking is worse than the last, adding different files, executables, and other garbage in various places, including the registry, rendering the last fix for the same hijacking inoperable or incomplete. And what’s next?, will they be attaching viruses to these hijacking executables?

Using programs like Pest Patrol, Ad-Aware, are all helpful, but they fail to find a good deal of the executables that are placed in the Windows and System 32 directories. At which point you would need to go into each directory and check the date and version of each of the executables. The first clue is the same date as the hijacking, second, sometimes there is no version tab. It is all very time consuming and tedious. What a way to spend time!

What has happened to web etiquette? Is all of this because of new spamming laws? All in all I’m guessing that spamming has everything to do with it, if they can’t spam via email, they’ll spam via browser hijacking! Just one hijacking had added all of these files and executables to my system:

These were found in C:\Windows/system32: default.css (found by ), ~tmp332a.exe, ~tmp332b.exe, download.exe, proc32.exe, srch32.exe, sysm32e.exe, sysm32ex.exe, t239472.exe, t239478.exe, tmksrvu.exe. These were found in C:\Windows: Secupd3010.exe, Id.exe. This was found in C:Windows\web, by oslogo.bmp. Additional spyware files were found by Pest Patrol. Too much to have to go looking for every time a browser is hijacked and who knows, most likely the next time the hijackers will have added or changed something making it harder to remedy.

I’ve found something that, so far, really seems to work by Javacool Software, which contains BrowserHijackBlaster for Windows XP, both home and pro editions and automatically runs on each reboot, BrowserHijackBlaster alone for all Windows operating systems, the only problem I’ve found with BrowserHijackBlaster, is you have to turn it on manually each time you reboot. Both programs open an alert window asking whether to keep the possible offending file or executable. These programs are freeware/donationware, meaning that you may download and use them as long as you want or need them, but the author requests donations if you find the program useful and are able to make a donation. A very fair trade off I’d say. If you’ve been hijacked only once or many times, haven’t been hijacked at all, I’d recommend installing one of these programs, you’ll be saving yourself a lot of aggravation and a tedious fix.