Browser HiJacker Removal Procedure

This procedure is intended for those who are infected with browser hijacker that redirects internet search and browser to the following sites:,,,,,,,,,,,,,,,,,,, and


1. Internet connection
2. Copy of Ad-Aware 2007

Operating System:
Windows 2000/XP

Threat Symptoms:
These sites has similar layout and Hosting provider.


Modify Registry Entries:
1. This procedure requires to modify registry entries. You must backup your registry. How to BackUp Registry
2. Go to Start>Run>Regedit
3. Navigate to the following entries and remove the value if present:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer= (leave blank)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer= (leave blank)

Modify TCP-IP Settings:
4. Go to Start>Control Panel>Network Connections and double-click to open.
5. Right-click then click on Properties
6. Go to Internet Protocol (TCP-IP)
7. Click on Obtain DNS server address automatically if there was an assigned unknown DNS

Use Lavasoft Ad-Aware:
8. Download Adware 2007 Free
9. Install and update Definition File
10: Reboot computer in SafeMode

  • Restart your computer
  • Just before the computer begins to startup and before loading Windows press F8
  • A selection menu should appear
  • Select the line that says “Safe Mode”
  • At logon prompt, log in as the usual user.
  • During Windows Start process it will prompt you if you would like to continue running in SafeMode, press Yes
  • You should now see your Desktop but in a low resolution display.

11. Run Ad-Aware and fully scan your computer.
12. Clean/delete all infected files.

Run On-Line Virus Scan:
13. Go to
14. On the left side click Scan Now to scan your computer. It will download some files on your computer.
15. After scanning is done, click Remove Infections to delete all infected files. Close the browser and restart your computer.

You might find these helpful: