Browser hijacked - how to fix and prevent?

1. What are the security risks of this hijack?

If it is a simple browser redirect the risks maybe limited. Their business model may simply be to infect widely and make money from directing you to advertising sites. Not to unnecessarily alarm you but the danger is that the standard modus operandi these days is to compromise a machine and then download a cocktail of malware (Trojans, key-loggers etc) as well as using the machine in a bot-net

2. How do I remove it completely?

Only way to be absolutely sure is to do a complete format your drive and restore from backup (use the OS re-install media to format the drive). Update all patches and install updated AV from another computer prior to re-connecting to the Internet. Still may not save you if there is a hidden root-kit that is making a part of the drive unwritable which may need a new hard drive or BIOS update at worst case. As @Rory-Alsop said contact the AV vendors for your particular strain to determine optimal removal procedures. I have found Hijack this particularly good in the past (http://free.antivirus.com/hijackthis/). It is not an automated program but lets you manually go through and examine things like browser hooks which is usually how redirect type malware works.

3. How does it get on my computer? (drive-by download,embedded in email attachment, etc)

No way to know for sure. Could have been a website even a legitimate one, email as you say, even infected USB drive.

4. How can I prevent it from happening again?

Take care. Key steps:

  • Use and keep an Anti-virus uptodate. Free ones are Clam AV, Microsoft security essentials
  • Patch everything regularly - use software that has auto update
  • Minimize software with big attack surfaces like Adobe Flash, Acrobat, MS Office, Java. There are good open source alternatives like Open Office, PDF Creator. Millions of people have iOS devices without Flash - you don't need it.
  • Use simple browser extensions like HTTPS Everywhere and No Script
  • Install and maintain a personal firewall. Windows has one and so do most AV packages
  • Do not use vendor-supplied or simple passwords. Use a password manager. Consider changing at least your important passwords
  • Most importantly: practice good Internet hygiene; not clicking on any links from senders you do not recognize, not opening email from senders you do not recognize. Avoid sites that maybe bad for your computers health and your marriage!

The answers so far have been spot on but I don't think a full reformat is in order yet. It honestly sounds like you have a TDSS variant. Try running the Kaspersky TDSS removal tool. You can find it here: http://support.kaspersky.com/downloads/utils/tdsskiller.zip Let us know what that turns up.

Also some basic checks should be performed. Have you checked the proxy settings in your browser? Have you checked the DNS settings on your NIC? Have you checked your HOSTS file for unknown entries? These are all common targets for redirectors.

I haven't seen a virus that cannot be removed with enough time and patience. Usually reformatting and reconfiguring everything ends up being faster, but it shouldn't be required in every situation.

Tags:

Malware

Web Browser

Recent Posts