Quick Links|Home|Worldwide
Search Microsoft.com for:

Browser hijacking: How to help avoid it and undo damage

Published: September 23, 2006 | Updated: February 22, 2007
Regain control over your online experience

"Browser hijacking" is a common type of online attack in which hackers take control of your computer's Internet browser and change how and what it displays when you're surfing the Web.

If you keep your computer updated with the latest security software and updates, and practice safe Internet browsing, you're already doing a lot to keep the hijackers away.

But if your browser has already been "hijacked," there are several ways you can free it from the hackers and restore its settings.

How do I know if my browser has been hijacked?

The following are indicators:

Home page or other settings change on your computer. Links are added that point to Web sites that you'd usually avoid.

You can't navigate to certain Web pages, such as antispyware and other security software sites.

A seemingly endless barrage of ads pops up on your screen.

New toolbars or Favorites are installed that give you icons and links to Web pages that you don't want.

Your computer runs sluggishly. Malicious software can slow down your computer.

Preventing browser hijacks

You can take a few basic precautions to help keep your browser running normally:

Avoid disreputable Web sites

You should always use good judgement about visiting sites that might be involved in illegal activities. These sites are often more likely to practice browser hijacking.

If you have children who use your computer, encourage open communication about what Web sites they are allowed to visit. Windows Vista and Windows Live OneCare both include parental control software.

Be very careful what you download and install onto your computer

A warning like the one in the following graphic might appear when you are about to download new software onto your computer.

Consider this warning seriously. Disreputable online games and media services can attach spyware and other malicious software to the "free" software they require to use their services. Unless you are certain that a program or piece of software is completely trustworthy, do not download or install it on your computer.

Further, if you see a pop-up window that asks for your permission to install software, click No unless you are absolutely sure you want this new software on your computer.

A warning like the one in the following graphic will appear whenever you are about to download new software onto your computer

Download and install defensive software

Install automatic updates. If you use Windows 2000, Windows XP, or Windows Vista you can have security and other high-priority updates installed automatically on your computer. If you want to do this manually, visit Microsoft Update and install any service packs and updates for Windows.

Be sure you're using the latest version of your Internet browser. If you use Internet Explorer, download and install Internet Explorer 7.

Use up-to-date antivirus software. Windows Live OneCare can help detect and remove some hijacking programs.

Use antispyware software. Windows Defender can help you recover control of your browser and system if your browser is hijacked.

Use the Trusted sites zone

Some Web sites that you know and trust (especially those that interact heavily with your computer) may require you to change the security settings of Internet Explorer (and provide the site greater access to your computer) in order for them to function correctly. Instead of changing the security settings for all Web sites, you can add specific sites that you trust to the Trusted sites zone.

Add a site to the Trusted sites zone


On the Tools menu, click Internet Options, and then click the Security.


Click the Trusted sites icon, type the Web address (URL) for the Web site that you want to add to this zone, and then click Add.

Restoring a hijacked browser

The following six tips can help restore your browser's settings:

1. Stop cascading pop-up windows.

If a seemingly endless number of pop-up windows appear on your screen, you'll probably want to stop the deluge first. To do this in Microsoft Windows Vista, Windows XP, or Windows 2000 while using Internet Explorer:


Press CTRL+ALT+DEL, click Task Manager, and then click the Processes tab.


Click IEXPLORE.EXE, and then click the End Process button.

This closes all instances of Internet Explorer. Then you can re-open the program to continue browsing as usual. To help prevent future attacks, you should also have a pop-up blocker turned on. To turn on the pop-up blocker in Internet Explorer 7:


Click Tools menu, click Internet Options, and then click the Privacy tab.


In the Pop-up Blocker box, select the Block pop-ups check box. Click OK.

If you still experience the other effects of a hijacked Web browser, try the following:

2. Install preventive software such as the kinds mentioned in the preceding Preventing browser hijacks section. Many browser hijacking programs can be identified and removed by downloading, installing, and running these programs.

3. Run the malicious software removal tool. This can catch some, but not all, kinds of hijacking software.

4. Reset Internet Explorer settings. If you're using Internet Explorer and your home page has been changed, you can often reset it yourself.

Close any Internet Explorer or Windows Explorer windows that are currently open.

Click Tools, and then click Internet Options.

Click the Advanced tab, and then click Reset.

In the Reset Internet Explorer Settings dialog box, click Reset.

When Internet Explorer finishes restoring the settings, click Close, and then click OK.

Close Internet Explorer.

Your changes will take effect the next time you open Internet Explorer.

5. Disable add-ons. Many browser hijackings come from add-ons, also known as ActiveX controls, browser extensions, browser helper objects, or toolbars. These items can improve your experience on a Web site by providing multimedia or interactive content, such as animations. However, some add-ons can cause your computer to stop responding or display content that you don't want, such as pop-up ads.

To learn how to disable add-ons in Windows Vista or Windows XP Service Pack 2 (SP2), read How do browser add-ons affect my computer?

6. Removing unwanted programs with the Add/Remove feature

If you're ready to try some advanced removal methods, the Microsoft Help and Support article Unexplained computer behavior may be caused by deceptive software provides additional steps you can take, including how to use the Add/Remove feature, the built-in program remover, and the program finder in Windows Explorer.

7. Empty the Recycle Bin when you've finished these steps, especially if you've removed an unwanted program. Then restart your computer.


Was This Information Useful?

© 2007 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement