Browser HiJacker Removal Procedure

This procedure is intended for those who are infected with browser hijacker that redirects internet search and browser to the following sites: Yahoopolicycentre.com, hotproductz.com, teen-virgin.net, Auut.com, bbwtales.net, lovesmoon.net, contact2424.com, WBR4.com, Qwerti.com, HostUnavailable.com, Erosman.com, Websheart.com, Only-sexpics.com, Girl-virgin.com, boobs-porn.com, My-Finder.net, Daplaces.com, quean.com, casinocaesar.com, q-find.com and hrena.com

Author:
Webmaster

Requirements:
1. Internet connection
2. Copy of Ad-Aware 2007

Operating System:
Windows 2000/XP

Threat Symptoms:
These sites has similar layout and Hosting provider.

HOW TO REMOVE BROWSER HIJACKER:

Modify Registry Entries:
1. This procedure requires to modify registry entries. You must backup your registry. How to BackUp Registry
2. Go to Start>Run>Regedit
3. Navigate to the following entries and remove the value if present:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer= (leave blank)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer= (leave blank)

Modify TCP-IP Settings:
4. Go to Start>Control Panel>Network Connections and double-click to open.
5. Right-click then click on Properties
6. Go to Internet Protocol (TCP-IP)
7. Click on Obtain DNS server address automatically if there was an assigned unknown DNS

Use Lavasoft Ad-Aware:
8. Download Adware 2007 Free
9. Install and update Definition File
10: Reboot computer in SafeMode

  • Restart your computer
  • Just before the computer begins to startup and before loading Windows press F8
  • A selection menu should appear
  • Select the line that says “Safe Mode”
  • At logon prompt, log in as the usual user.
  • During Windows Start process it will prompt you if you would like to continue running in SafeMode, press Yes
  • You should now see your Desktop but in a low resolution display.

11. Run Ad-Aware and fully scan your computer.
12. Clean/delete all infected files.

Run On-Line Virus Scan:
13. Go to http://www.ewido.net/en/
14. On the left side click Scan Now to scan your computer. It will download some files on your computer.
15. After scanning is done, click Remove Infections to delete all infected files. Close the browser and restart your computer.

6 Responses

  1. Ron says:

    Thank you for this explanation. It’s very helpfull and works fine!

  2. mike says:

    Hey guys – the solution it didn’t work for me, but luckily I recognised the problem in time to restore the registry to a point before things started going pear shaped. Try: Start > Run> %SystemRoot%\System32\Restore\Rstrui.exe

    On the welcome to system restore page click “restore my computer to an earlier time” and then find the furtherest date back you can go.

    Your could be lucky like me. Ok, so you may have to bear the pain of losing software installations since that date, but most data files remain intact.

    Cheers

  3. Dave says:

    well many thanks to your regedit did you know also that these sites are affiliated with some bunk search site called search(at)hand? AND the misdirected ip address contained in the malware keeps one from obtaining windows updates from the microsoft update website for future reference the microsoft update page would not display and gave a microsoft error code that microsoft support was clueless about

  4. Vanessa says:

    Fantastic, after reading quite a lot of advise and trying them out my problem with Windows Update(8007000B) is finally solved. As I have Windows XP and the problem was Vista related it took quite some reading to get to this solution. I encounter an internetconnection problem afterwards but the nextday this was also solved. A definite add-on for my favourites incase of more trouble in the future. I will recomend your site on all the other forums I’ve been on.

  5. tiru says:

    good suggestions….
    but, it is not working.
    I have tried
    Anyways , u r good…

  6. Patrick says:

    Good info thanks… worked for me.
    Also worth checking Startup Folder and also the RUN key in registry (Local Machine > Software > Microsoft > Windows > Current Version > Run) to ensure no unrecognised programs are working.
    Also good point about using System Restore (this is an underutilsed Microsoft gem)… may have to boot into Safe Mode to run it though.
    All of the above info is on the assumption that the virus you’ve got will let you into Registry and System Restore as some viruses will block access to all these avenues!

Leave a Reply

Your email address will not be published. Required fields are marked *