Computer Help forum

General discussion

8/4/06 Give me back my browser's home page!

Question:

Hello, everyone! About three weeks ago, on my brand-new Dell, the Internet Explorer home page was hijacked, and I do not know how to get control back. Any suggestions? I have run a number of antispyware utilities (Ad-aware, SpyBot, Ewido, Spyware Doctor, and Highjackthis) with no luck. I called my ISP provider for help, but so far no luck. Also, with having my computer home page hijacked, if I go online to conduct some banking, am I at risk? I run ZoneAlarm and AVG, all my patches and security updates run every day, and I don"t surf dangerous sites. Any help that you can send my way will be most appreciated! Thank you very much!

Submitted by: Maureen M. of Victoria, British Columbia, Canada

***********************************************************************

Answer:


Dear Maureen, setting the home page on your browser is quite easy. Regaining control of a browser hijacking can be trickier, depending on the nature of changes made to your computer. But let's start with the basic, simpler approach.

(It's possible that you've already attempted some of the things I am about to discuss. If so, please bear with me. I am including them for the benefit of readers unfamiliar with the process, and because it is impossible for me to know the exact troubleshooting steps you have undertaken. Even if you have previously done so, let's reset your home page once more. Please restart your computer when you are done.)

To set your browser home page:

1. On your Internet Explorer's Menu bar, click Tools and select Internet Options from the drop-down menu to open IE's Options window.
2. Click the General tab if not already on the forefront. You should see a Home Page box listing your current home page.
3. If the Home Page box is not displayed, or if it has been "grayed out" and the radio buttons are inaccessible, you are dealing with a browser hijacking that involves significant changes to your Windows registry. These will have to be addressed before you can restore your home page. I'll discuss this at a later point.
4. Type a website address in this box (e.g., http://www.cnet.com/), click OK, and the website in question becomes your home page. Alternatively, you can navigate to whatever website you wish to make your home page, open the IE Options window as previously described, then click the Use Current radio button immediately below the home page box.
5. Exit the Internet Options window and close Internet Explorer (IE).
6. Open IE. Your new home page should appear.

(You can learn more about changing your home page by clicking the question mark (?) on the upper right corner of the IE Options window and choosing How Do I Set My Home Page? on the Help document that opens.)

If your home page has been hijacked by malware or a malicious website, either one of the aforementioned methods will allow you to reset your home page. However, if the problem reappears every time you boot your computer and open IE, it is likely that the folks responsible for the hijacking also made changes to the Windows registry to ensure your browser always opens to the page(s) they want you to see.

You mentioned that you "ran" a number of antispyware utilities, among them Spybot Search & Destroy (Spybot S&D) and HijackThis. While these utilities probably identified and removed spyware present in your computer, scanning in itself might not remove the registry values in question or reset your home page. It's also possible that some malware components remained behind after cleaning.

Let's try the following:

1. Start your copy of Spybot Search & Destroy. Make sure it opens in Advanced Mode. The Advanced Mode displays the Settings, Tools, and Info & License options on the left hand panel in addition to the default Spybot S&D entry. If you only the the latter, click Mode on the menu bar and select Advanced.
2. On the left hand panel, click on Tools and scroll down to Browser Pages. Clicking this entry will list all of the websites registered as search and start or "home" pages. Check the list for suspicious entries and/or those websites that have been replacing your preferred home page. If you find entries that shouldn't be there, click on them and then on Change to delete them. Follow the software's instructions carefully. If at any time you have any questions, please click the Help button for more information.
3. Open IE and reset your home page as previously described.
4. Close IE and reopen it to verify that your preferred home page has not been changed. If this is the case, go back to Spybot S&D and select IE Tweaks from the Tools menu on the left panel.
5. Make sure there are check marks on the first two boxes under Miscellaneous Locks. These changes will enhance protection against hijackings and unauthorized changes to your home page. (Note: The aforementioned Home Page box in the Internet Options window will appear grayed out after making these changes. If you wish to change your home page at a later time, simply open Spybot S&D and remove the check marks under the Miscellaneous Locks section. You can then reset your home page from the Internet Options window.)
6. Close Spybot S&D.
7. Restart your computer.
Hopefully this took care of the issue and your browser will open to the website of your choice. If this is indeed the case, the next step is to create a new Restore Point. Why? Because you'll need to delete all previous ones lest a future restore operation also restores the registry value(s) that altered your home page.

You can access the System Restore utility by clicking:

Start/All Programs/Accessories/System Tools/System Restore

If you are unfamiliar with System Restore, please check the following article:

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx


If the advanced tools in Spybot S&D were unable to solve the issue and you are comfortable using HijackThis, you might want to give this utility another shot.

I am assuming that you are familiar with what HijackThis can and cannot do, and understand that running it yields a log of entries without actually changing anything in your system. It is up to the user to analyze the logs and remove troublesome or suspicious items. Simply running HijackThis without analyzing and acting on the results is like running Spybot S&D but failing to fix the problems it identifies. For more information on this subject, please visit:

http://www.merijn.org/htlogtutorial.html

Understand, there is a good reason why HijackThis doesn't remove entries automatically: Editing your computer's registry can have serious consequences if you accidentally delete the wrong thing. For this very reason, I am reluctant - and unable - to give you step-by-step instructions on editing the registry, especially since I have no idea what the actual culprit is and thus what would need to be removed.

If you previously acted on suspicious entries found on the HijackThis log, it's possible that something was left behind. If you remember what you found/removed, do a Google (http://www.google.com/) search to see if you can find information on the nature of the threat as well as changes it usually makes to the registry. With this information in hand, you can run HijackThis once more and see if you missed anything.

If that still doesn't solve the problem, consider doing a Google search using "Internet Explorer Home Page Hijack" as your query. You will find plenty of advice on how to fix a hijacked browser, and perhaps one of the discussions will address your specific issue. Before attempting any of the fixes prescribed on any of those websites, back up your registry. The following website will show you how to back up (and restore) your registry:

http://www.theeldergeek.com/windows_xp_registry.htm

Before performing either of the Google searches, I suggest you install McAfee SiteAdvisor (http://www.siteadvisor.com/), a free utility that assigns a relative safety rating to both websites you visit as well as search results.

In fact, SiteAdvisor will even prevent you from navigating to particularly troublesome sites until you acknowledge the risks and possible consequences of moving forward. In your case, you can use this feature to your advantage: Chances are once you open your home page, SiteAdvisor will warn you about problems with the website in question, and the site details might even provide information that could prove useful in solving your issue once and for all.

It is also possible that changes to your operating system's Hosts files are redirecting traffic to websites commonly used as home pages to malicious ones. You will need to rule out this possibility as well.

http://www.mvps.org/winhelp2002/hosts.htm

However, at this juncture you might be better served by performing a repair-reinstallation of Windows XP.

http://support.microsoft.com/kb/315341

Doing so will be significantly safer than messing with your registry or relying on anonymous online advice, and should resolve any registry (and Hosts files) issues resulting from the browser hijacking. Even though a repair-reinstallation of Windows is relatively time consuming (45-60 minutes), that is nothing compared to what incorrectly editing your registry might cost you in time, frustration and money!

(A repair-reinstallation will NOT erase or reformat your hard disk. It is extremely unlikely that you will lose files in your My Documents folder or elsewhere, nor will other installed programs be modified or removed.)

Once you get things back to normal, read the following document to learn more about browser hijacking and what you can do to safeguard your computer.

http://www.microsoft.com/athome/security/online/browser_hijacking.mspx

Realize that while you might not navigate to "dangerous sites," it is possible that anyone else using your computer does. And if you share your PC with children - especially adolescents - the probability of their stumbling upon unhealthy websites or of downloading software bundled with parasites is somewhere in the neighborhood of 5000000%. SiteAdvisor will help you identify potentially dangerous sites. And, trust me, you will be surprised at the changes many seemingly "safe" websites have been documented to attempt on visitors' computers.

I also encourage you to install Windows Defender (Beta 2). In its previous incarnation as Microsoft AntiSpyware, this software monitored and blocked browser hijacking attempts. While this functionality is not explicitly listed in the Windows Defender options menu, it seems like the hijacking protection is still there buried as part of the utility's software explorers.

http://www.microsoft.com/athome/security/spyware/software/default.mspx

As far as the risk of conducting financial and other sensitive online transactions, the sensible approach is to assume that while your home page remains hijacked, there is a significant risk of personal information falling on the wrong hands. The fact that you have ZoneAlarm installed is encouraging and probably has prevented sensitive data from leaving your computer. However, security software is never perfect, so we must remain proactive. If your version of ZoneAlarm offers identity protection, you might want to take advantage of the Vault feature to store personal and financial information, even after fixing the browser issue. Better safe than sorry!

Hope this helps!

Best wishes.

Submitted by: Miquel K. of Columbus, Ohio
Discussion is locked
You are posting a reply to: 8/4/06 Give me back my browser's home page!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 8/4/06 Give me back my browser's home page!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Honorable mentions

In reply to: 8/4/06 Give me back my browser's home page!

Warning: Some answers this week suggest the task of editing your Windows registry. MAKE SURE you back up your registry in case you do something wrong, and be sure that you are familiar with files you are planning to delete. You don't want to delete a file that is critical to your system; that can really wreak havoc on your computer. So be cautious and know what you are deleting before proceeding! Delete files and edit the Windows registry at your own risk. Thank you.

Answer:


Maureen, this happens all the time, often by installing trusted software from major companies who seem to think we 'want their homepage', without being asked...

First thing to try is click the TOOLS in the top bar, then INTERNET OPTIONS. It should open to the GENERAL tab, where you have the option to edit the homepage. The offensive homepage link should be displayed there, often with your old, original homepage link. Click the desired homepage link, or type in (on a line of it's own) the homepage link. Then click USE CURRENT. Click OK to close the tools, and REBOOT. Open IE and see if your desired homepage is displayed...

IF your desired homepage comes up, you probably cured the problem. If the homepage resets to the page you wanted to get rid of, then you truely have been hijacked.

I've gotten rid of all references to a hijack by using REGEDIT. This is not for the timid, however! Regedit can 'destroy' your operating system making it impossible to start XP without doing a new install. You can 'safely' browse the registry, however. Just be sure you do NOT change anything if you are browsing. Repeat: IF YOU DO NOT CHANGE ANYTHING!

To start REGEDIT, click the START button, then RUN. Type 'regedit.exe', hit Enter key. Click EDIT, FIND and in the box, type the 'exact' URL for the malicious homepage (it should be displayed in the tools/internet options/general tab). Then hit the F3 key to start the search. There will probably be many 'hits' during this search, and it can take a long time to finish, since it stops each time it finds a match while it waits for you to do something. Keep hitting F3 to search for the next occurrence. Now, for the adventurous, you can DELETE each and every occurrence during the search, which usually eliminates the malicious homepage. To close (and save changes, if any) simply click the red X box.

Now, if you are going to even think about playing with REGEDIT, make a backup copy FIRST! If you are not comfortable with this step, or don't know how to reboot/restore the original regedit file, you shouldn't be trying this... And yes, I am being cryptic by not giving examples, since there are too many variations in hardware configurations to give 'step-by-step' instructions.

Regedit is very powerful, but dangerous in the wrong hands. But, if you ONLY delete the offending URL at each step, it should work without hurting your XP installation.

--DO NOT REBOOT yet...

Now, click START button, SEARCH, ALL FILES AND FOLDERS and again type in the exact URL you want to get rid of. Click SEARCH. Delete any files matching this malicious homepage, if any. Next, repeat this step, only type in the name of the HOMEPAGE you want to delete. Delete it.

Now reboot, and try your desired homepage again... If the malicious homepage is still there, you can still search the internet. Try keywords such as homepage hijack. There are freeware, shareware and purchased programs that will reset your homepage. If you are not comfortable using regedit, this is your SAFE bet, although it may cost you some money. These programs act as a front-end to edit the registry for you.

And no, a hijacked homepage is irritating, but if you are running good antivirus, spyware and trojan software and using a firewall, and none of them report problems, it is unlikely that you are at risk.

How do these hijackings occur? Because most people are so 'politically correct', they simply accept default installation options when installing new software. Be sure you read each and every step in the pre-install stages. If you don't want an option, un-select it. If you don't know what the feature is, un-select it. Secondly, if a site wants to install an Active-X control (and this is where MOST hijacks occur!), don't allow it unless you understand what the Active-X control is going to do, and why you need it.

If nothing seems to work, this is where you do a full backup of all your DATA files (not the program files, since you can re-install your applications, and this may be where the hijack is hiding...), and reinstall XP, and start over.

Some people have claimed to have had success by deleting the cookies and files folders, but I've never had any success doing this. A homepage hijack that can not be reset by using the TOOLS option is malicious, and it usually takes a 'nuke to kill a fly' approach. These companies can be very inventive in hiding their code...

I hope this helps.

Submitted by: Dave S. of Medford, Wisconsin

***********************************************************************

Answer:


Welcome to the club. The hijack virus you have got, is one of the most insidious, frustrating and annoying computer viruses around and is almost impossible to remove. Even though I have a diploma in IT, I also contacted the same virus in February, earlier this year.

In order to come to a solution and preparing for future avoidance, it is best served if you understand what this virus is, where it comes from and how it can be removed.

Your home page, when hijacked, can display a blank page with About:Blank listed as your homepage instead of your normally installed homepage. There are also other names that can be used by the hijacker, but all have the same effect.

The About:Blank or other homepage hijacker is a variation of a more advanced CoolWebSearch hijacker or morphing spyware. There are several variants of this program and all of them are almost impossible to remove manually.

The publishers and affiliates of About:Blank earn income from the paid advertisements displayed on the infected PC. Whenever you click on the links on its directory and search results pages, you are earning money for them Browser hijackers often pilfer paid search listings from syndicated search engines or display advertising from affiliated networks. This means reputable businesses are getting their paid advertisements displayed by browser hijackers without their knowledge and earning income for the makers and affiliates of those hijackers.

As well as experiencing your homepage gone missing, there are several other mysterious things that can also happen to your computer.

? Replaces your home page with a new title such as ?About:Blank? or something similar
? Installs a browser Helper Object into Internet Explorer. This BHO consumes system resources and slows down your internet connection speed
? Restores itself after its file directory has been deleted
? Restores its registry settings once they have been deleted
? Almost impossible to remove from memory
? Starts with the operating system
? Stores executable code in your temporary Internet Explorer files
? Every 5-10 minutes, an advertising popup will appear on your computer monitor, with software programs that will remove the spyware hijacker. Your popup settins have also been hijacked and cannot prevent these popups from occurring.

Removal or Attempted Removal of Hijack program.

As stated in the original request, such anti spyware programs as Ad-Aware, Spybot and Hijack this are totally useless. I can first handedly verify this as I tried all these programs in attempt to remove the spyware hijack. Also I also found that ZoneAlarm and AVG also failed to detect any spyware problem on the computer. It was only when I tried a trial version of one of the popup advertisements, that I found where the culprit lay. These trial programs show you where the problem is, but you have to then pay for the program to finally remove it. I personally use Trend Micro PC-cillin as my personal antivirus and firewall, but even this wonderful program failed to prevent my hijack.

As mentioned previously, by going to Tools>>Internet Options>>Home page on your Microsoft Internet Explorer Tool Bar, you can delete the About:Blank hijack name and type in your own home page. Unfortunately, when you next use IE, the About:Blank has again hijacked the startup on your computer.

From using some of the advertised software programs listed in the popups on my computer screen, I tracked down where the culprit lies in the registry. To get into your registry you click on Start>>Run>> and then type in Regedit and click OK. This takes you to your registry Editor. Now follow the following path to get to where the About?Blank program has embedded itself. It is found at:

HKEY_LOCAL_MACHINE\SOFTWARE\WINDOWS NT\Current Version\Windows\Appinit_DLLs

You can actually see the file at the end here and it will delete manually.

UNFORTUNATELY, when you reboot, nothing has changed. Going back into the registry again will show you that the file you have deleted has reappeared and the hijacked front page will start up. The reason for this is that there is another hidden file that you cannot see, in the startup part of the registry. So when you restart, the file regenerates as an execution file and the problem starts all over again.

So it can be seen that the manual removal of this insipid hijack spyware program is virtually impossible to perform.

Final Removal Solution

Firstly let me emphatically state that I am in no way affiliated with any advertising of products in this forum and never will be. All I can say and do is recommend a software program that was 100% guaranteed to me, that I purchased online, and had the virus removed in a matter of minutes.

I searched the Internet extensively for all software programs that professed that they could safely remove the About:Blank virus. I finally decided on a program called Spy Ferret which I apprehensively purchased online and I was so pleased when my computer was rid of this virus and its associated popups every five minutes.

Spy Ferret can be found on the following website and can be downloaded from there:

http://www.spyferret.org/download.htm

This program unfortunately costs $39, but it is a far cheaper alternative than to take it to a repair person and with no guarantee of its removal. This program as stated on the web site, is 100% totally guaranteed and they will fully refund your money if it does not work to your satisfaction.

On downloading this Spy Ferret program for free, you can run a free trial and you will clearly see all the infected files causing your problem. All you have to do then is click on the contact button and pay the money online and they will issue you with a password immediately for immediate use.

It seems highly suspicious to me that a spyware hijack program like this can infiltrate IE so easily, even with all their so called service packs and weekly patches. If CooWebSearch can write an antidote to this program to make them very wealthy, then why can?t Microsoft issue another patch to put these criminals out of business. I will leave any cynical conclusions to your own imagination as I do not want myself or CNET to face any legal prosecutions.

This method does work and I hope your problems are soon solved.

Submitted by: Mervyn G.

***********************************************************************

Answer:


Maureen,

This is generally NOT a good thing. I'm going to guess you've tried regaining control of your home page by going to the Internet Options item in the Tools menu and selecting something other than the page that you've been redirected to without success. This, of course, is the first stop.

SOME bits of spyware/adware are pretty persistent and don't always show up on the various antispyware scans.

The first thing to do would be to get a "second opinion" - that is, get yourself an online AV scan from Panda (www.pandasoftware.com) or Trend Micro (housecall.trendmicro.com). Scan your hard drives to see if there are any spyware or adware items floating around on the hard drive. Unfortunately, neither Panda nor Trend disinfect spyware/adware automatically unless you sign up for and pay for their premium online scanning services. You can, of course, opt to do so, but each one will generate a report of any and all spy/adware it couldn't get rid of - complete with the path to the file in question. Save the report file to your desktop.

Now then... Here comes the "fun" part. Restart your computer into Safe Mode. Why? Because a LOT of things (usually including spyware) don't always get loaded. Once you're in safe mode, you can either launch Windows Explorer and go to each folder listed in the report and manually delete the files it found. Don't worry so much about cookie files stored in the Temp Internet Files folder. These generally don't do much just store information that the host web site retrieves whenever you visit a site that caters to the spyware company.

What we're looking for are executables - things like EXE or DLL files. Find the files and delete them.

Once you've managed to get rid of any bits of spyware lurking on your system, we're onto the truly ugly part...

The ugly part consists of visiting the Regedit program to manually find any reference(s) to the home page you've been hijacked to. Click on Start | Run and launch regedit.exe. Once it's open, press Ctrl-F to open the find box. Type in the URL for the hijack page and click on Find Next. After a bit of searching, you should see a registry entry for that URL. Depending on the key, it's generally safer to delete the value (i.e. http://www.myhijackerspage.com) or replacing it with a value you'd rather see - like the home page of your choice. Once that's done, press F3 to find the next incarnation of the bogus URL. Delete/replace each instance of the bogus URL until you've got to the end of the registry. Even ONE instance left behind can undo everything you've done thus far by sending you back to the page in question where there may be a mechanism in place to install/replace the files you've deleted and you're back to square one.

Once you've finished searching the registry, there are a couple more things to check out. Go to HKey_Current_User | Software | Microsoft | Windows | Current Version | Run. Under that category, you will see a list of applications, utilities and such that start automatically. Now comes a tricky part. You'll need to look at the items listed and see if any of them are truly suspicious. I don't mean normal startup items - like your antivirus, firewall, etc... I mean stuff that looks fishy to begin with. If you have any doubts, you can (if you have a second computer available) google the name of the file and check to see if it's legit or if it's bogus. If you find a bogus entry - delete it.

Next, you'll want to visit Hkey_Local_Machine | Software | Microsoft | Windows | Current Version | Run and repeat the process. Remove any suspicious entries.

Once you've done that, close out regedit and restart the computer in normal mode and all should be good.

Submitted by: Pete Z.

***********************************************************************

Answer:


Without knowing the URL of your new homepage or the contents of your HijackThis file, it's really hard to say what has taken over and how to get rid of it. Many "free" programs come with malware included, at no cost to you. Peer to Peer software is notorious for spawning spyware/malware infestations. Lyrics sites, sites with illegal cracks for legitimate programs, free games sites, and some MySpace widget sites are other likely suspects. What might look like a very cool widget or game could be very hazardous to your PC's health. When at all possible, use reputable software and shareware and pay for the privilege.

I will say that your ISP isn't likely to be of any help with this issue. It's not likely Dell will be much help either. Using freeware as your AV and anti-spyware rules out much help from that end too. But that's not necessarily a bad thing. Often the very best sources of information on things like this are specialized forums on the net. Three forums that I trust for good information and guidance are http://forums.spywareinfo.com , http://www.bleepingcomputer.com/ , and http://www.security-forums.com.

Right now, without knowing what it is that has taken over your homepage, it would seem that you have two choices with a possible third.

The first option would be to continue to research the problem and keep trying new things to fix it. This may wind up taking hours more time, but in doing so, you will likely find out the exact cause and learn how to prevent it from happening again. Again, without knowing the site that's taken over or seeing the contents of your HijackThis file, it's impossible to tell you what your first step should be. But a visit to one or more of the three sites I listed above will get you started on your way to detection and removal.

Your second choice, one that is probably the time-saver, especially since your machine is only a few weeks in service, is to wipe the drive and reinstall your system software. By choosing this, you don't learn what happened to your machine or how to prevent it in the future, but you do get a spanking new install with no problems in the shortest amount of time. Just back up any new data you have on this machine, make a note of your ISP settings if you need to, insert the System Restoration CD, and follow the prompts. There isn't a need to rewrite the file allocation table, if you're asked for that. A quick format should do the trick. You'll have a clean machine in about an hour; depending on how fast your drive formats.

A third possible option, if more than a few days haven't gone by since this started, it's possible that a simple restore of your registry AFTER a backup of new data and full scrubs of your system by your fully-updated anti-spyware and malware software would get you back to happy surfing. But since you cite banking as one of the uses for your computer, you may not feel 100% comfortable with this option.

If you'd like to try it, here are the steps:

. Go to Start| All Programs| Accessories| System Tools| System Restore.
. The Welcome to System Restore page will appear. Click "Restore my computer to an earlier time" and Next.
. On the Select a Restore Point page, click the most recent date that is PRIOR to the problem you're experiencing now. Click Next and follow the prompts.
This might or might not work for you. If you try this method, please be prepared to exercise the format and reload option if it is unsuccessful.

Either one of the first two options will get you back up and running. It's up to you how much time and effort you put into the project.

Best wishes and (eventually) Happy Surfing.

Submitted by: Michelle H. of Casselberry, Florida

***********************************************************************

Answer:


Maureen,

You do have options, some more pleasant than others. It sounds as though you have done some pretty extensive repair work on your computer. Its too bad that none of this has helped. Your solution may be easier than you think. Since your system is new, I would advise calling Dell. They have a very capable staff of tech support people who can lead you to your solution. If waiting "on hold" to get through is not for you, here are some things that you can try:

1) Open your existing home page. At the top should be a toolbar. Open "Tools," then "Internet Options." The first area at the top of the window that opens up(which happens to be called Home Page) is your concern. Here you can set your home page to be whatever you need it to be. Delete the existing entry and enter the address of your desired home page (i.e. www.anywhere.com, etc.) and make sure to click on Apply before closing this window. This should fix the problem. If there is no toolbar, then . . .

2) Got to your Control Panel, Find Internet Options (which is exactly where option 1 should have taken you.) Now try to change your homepage entry as described in option 1. If this doesn't help, then . . .

3) Click on Start, hover over All Programs, go up to Accessories, over and down to System Tools, and then System Restore. Open this and choose a day to restore to that was before your problems started. Follow all the instructions. This should take care of the problem, but if not, then . . .

4) You will need to re-install the operating system. Retrieve your system disk, reboot to it, and follow all the instructions. This will, of course, wipe away anything you have done and will lay down a new version of Windows, but at this point, I see no other viable option. This will be time consuming but worthwhile. Get any program disks together that you have already installed (games, printer drivers, etc.) before reformatting so that you can save time trying to remember what you had previously installed. Doing option 4 will eliminate anything that might have changed in your registry that might have been hidden, which is why everything you have tried up to now hasn't been able to repair the problem.

Good luck, Maureen. I am sure there are other solutions that might be just as good or even better than mine so be sure to read all of the posts before deciding on a course of action.

Submitted by: Mike

***********************************************************************

Answer:


Home Page Hijackers are a pain in the butt. I've been a victim twice.

The first time I was running Windows 98 and was ready to upgrade to XP anyway. I backed up all relevant data, created a boot disk, rebooted the computer with the boot disk, and then reformated my hard drive(all partitions). Then I installed Windows XP. I would consider this a last resort, especially since you are running a fairly new computer.

The second time was actually quite recent. This was a nasty little hijacker, in that it also had a key stroke logging spyware program attached. I researched my problem by putting in the hijack web site name and the word hijack into Yahoo and Google search engines. I quickly discovered that I was not the only one infected with this particular Hijacker. The other important piece of information I found out was that Webroot SpySweeper could clean up the infection. Fortunately, I have WebRoot SpySweeper installed on my computer. It is the purchased version and is automatically updated with new releases. I had ran a SpySweeper scan but it didn't fix my problem. For the second scan I booted my PC up in Safe Mode. Under Windows Safe Mode, Spy Sweeper was able to clean the necessary files that are normally "locked down" by the Windows operating system.

To bring up your PC in Safe Mode, reboot the PC and right after it goes through the memory check, hold down you <F8> key. Now run a complete scan with your SpyWare and Anti-Virus software. This may clean up your problem.

I must also state at this time that I had temporarily turned-off SpySweeper, which allowed the hijacking to occur. If SpySweeper had been running I am pretty confident it would have stopped or at least warned me of the impending infection.

You could also try some free versions of other Spy-Ware and Anit-Virus software. Do a little research on the Web and you may find a solution,

Another possibility is to examine your computer registries and look for any homepage anomalies. To get into your computer registries, click on your Start button, click on the Run button. Now type REGEDIT and press Enter, this will bring up a window showing your system registries. Now go through the registries looking for anything that pertains to Internet Explorer and/or Home Page. See if you can find the name of the Hijack site in any of these settings. If you?re able to find the offending home page, change it to your desired home page. This can be a time consuming endeavor and you must be careful not to "goof up" any other registry settings.

Hope this helps, Good Luck!

Submitted by: Kevin J. in Dayton, Ohio

***********************************************************************

Answer:


There Are Many Answers To this Question And I Dare say That 83 % of Them Will be Right. But the Question is, Will You Follow The Advice That Is Given on here?

First Of all Having been A L2 Tech For Dell and Knowing Things That The Public isn't Aware Of I Might Be able To Lead You in The right Direction.

#1 Go To Your Tools Tab on IE . Click on Internet Options Clear Your History

#2 Click on The Setting Tab, Click on View Files. in the Next Window Click on Edit, Click on SLECT ALL in the drop down window. Click on File and Then Click on Delete. Close The Window

#3 You Should See Your Settings Window in front of you. Click on View Objects. You Will Be In Your Active X Control Window. If You See The Following Controls ( MUWebControl Class / ( Microsoft Up Dates) YInstStarter Class/ ( For Yahoo If You Use it) You Can Leave Them. Any thing Else, You should Right click on Them , click on Properties And Check Who The Code Base Is. And Who it is Dependent On. If It Isn't Some Thing On Your Computer Then Delete it.

Don't Worry If It is Some thing You Need It Will Re install it's self The Next Time You go To The web Site. Before You close This Window, Look At The size Of Your Temporary internet File. Depending on the size Of Your Hard Drive and How Much Memory You Have You Can Make this File Bigger. Safe Rule Of Thumb is 2 Times The Size That is in The Window Now. This Will Allow Your Web Pages To Load Quicker And Cut Down On Your Chances Of Being Page High Jacked ( Meaning that a Different Page Loads Then The One You Wanted To go To) Close This Window.

Your settings Window Should Be in front of you again. Click on OK To Close this Window.

#4 You Should see Your Internet Options Window in front of you again. Click on the Privacy Tab, Then on Advanced. Make sure That There isn't any dot or Check Marks in this window. Click on OK To Close. On The Bottom Of The Options Window You Will see Red Circle With a Line in it ( Only if You Have Windows Service Pack 2 Installed.) Click on Settings You Will Have 3 Choices. Not Knowing What Your Surfing Habits are, I would Say That you Should Check ( YOUR CHOICE) 1 or 2.

#5 Go to the Advance Tab At the Top. Go Down the List And Make Sure The Following Are NOT Checked

Enable install On Demand ( Internet Explorer)

Enable install On Demand ( Other)

There Are Other things I would uncheck But Those Are the 2 Main Ones

I Am Assuming That you are Running Win XP On The Dell Computer

#6 With Your Internet Explorer Window Open, Click on Tools and Then, MANAGE ADD-ON'S. This Window Will Show You What Is Running on Your IE 6 If You See Some Thing That You Don't Know What it is Then Disable it. Say this With a Little Reservation, But I See That You Downloaded a Lot Of Tools to Solve Your Problems, So I'm Going to Assume That You Know Tour Way Around On a Computer. There is a Drop Down Window Arrow That Will tell you What Else That IE 6 Has used in the Past You Can Take a Snap Shot Of Your Desk Top Of Both Screen And Print them Out and Compare Them To See If You Can Find an Extension That Was Added On To Internet Explore And If You do Then Disable it. Close All Windows And Re boot Your Computer

#7 Try To Get On the Internet. If You Can Then Close Your Internet Connection, Your Far From Being Done., Do A Disk .Defrag . But First Do the Disk Clean Up. When The Window Pops Up, Check All The Boxes. Then Click The Tab At the top Of the Window That says MORE OPTIONS, Then down To The Tab That Says SYSTEM RESTORE Then click on Clean Up. Say Yes. Yes Again .Open Run, And Type in CHKDSK. Click OK. Then Run Your Error Checking On Your Drive, BUT YOU MUST Check Both Boxes You see There. It Will Tell you That You Will Have to Reboot Your Computer. Do So and Let it Run Through All 5 Stages

I'm Sure Your Computer Came With Norton Anti Virus On It, But do you Have a Fire Wall ? If Not Then Turn On Windows Firewall. See if You Can Get to The Windows Update Page, If You can Then Have It Scan Your Computer For The Latest Updates . It Will Ask You If You Want to Do it EXPRESS or CUSTOM. For this One Click On Custom And When it Finds The Updates You Need Then Go Down The List Until You Find Windows Defender Anti Spy Ware Download it and Install It. Then Update The Definition Files. With That done, Run a Full Scan. Go Back To The Windows Update Site and Click on Express This Time And Follow Directions

I use Panda Platinum 2005 With Tru Prevent As My Anti Virus and Firewall and it Catches Most any Spyware If You set it Up Right. With Panda A Defender Installed, I Dare say You Won't ever Have this Problem again.

Warning: If You Do Decide To Get Panda, You Will Have to Download it From The Internet. It Isn't sold In Stores. You Will have to Email Panda, or call them For the Tool To Un install Norton. IF YOU DON"T Do THIS You Will BLUE SCREEN YOUR COMPUTER. SO Please Call Them Or Email Them. First And they Will Talk you Through it

Norton Does Not UN Install Clean From Your Registry, And I Don't want to tell You How To Remove These Files From it, because You Could Lose Your Whole Computer.

But The Obvious Question is :Did You Run a System Restore ?

Good Luck.

Submitted by: Russ

***********************************************************************

Answer:


Hi Maureen,

It sounds like you have all the protection running that you need, so I'd say this is most likely the result of a 3rd party application locking you out due to a crash then a virus or spyware. Although some web sites can contain hidden java script code which changes the home page, then locks you out by preventing you from changing it in the registry.

First though, since you didn't mention it in your message, I'm assuming you've tried changing it from within IE. To do this, go to tools, Internet Options, and under the first tab "Homepage" is your current homepage.

That said, you can also try editing it in your registry (as always, backing up your registry before changing it is a good idea), assuming some code hasn't locked you out. The setting is located under HKEY_Current_User/Software/Microsoft/Internet Explorer/Main and is called "Start Page".

You also may also want to run a system restore point. Furthermore, you can try disabling/reinstalling any 3rd party toolbars that might have crashed. Recently, a lady at work was unable to change her homepage due to a crashed Yahoo! Toolbar. I reinstalled the toolbar and everything worked normally again.

Finally, switch browsers. There are many free alternatives to IE available on the web. If you do succeed in restoring your home page,
there is some great advice on this site:

http://www.mvps.org/winhelp2002/ietips.htm

under "Protecting Your Internet Explorer" to help prevent any websites from jacking your homepage in the future.

Good Luck.

Submitted by: Jason D.

***********************************************************************

Answer:


With the profusion of malware, spywares, and virus about in the world, it's impossible to tell you how to clean out the hijacking without knowing the specific .exe or what-may-have-you that is causing it.

All that can be done is to take a chance on options available.

When I get something sticky like that, I use the on-line Symantec Security Response virus scan. Though it won't automatically remove an infected file or a malware/spyware, it will provide a list of these files...Write them all down, their full name and locations. Reboot in safe mode using the f8 key on boot up.....Be sure not to use Safe mode with networking, as I've seen a few of these buggers that will still try to call out to the net if you do.

Once started up, using the search function under the windows menu, look up each of the files listed from the on-line scan and delete them. Be sure that their locations match the list from Security Response though, because often times, a malicious code string will create a copy in a different location of a system file hoping to hide itself.

After that is done, rerun Ad-Aware and any other programs you wish to. Running these programs under safe mode allows them to function more smoothly to remove harmful things.

Lastly, under your control panel, open your internet properties and manually set your home page to whatever you'd like it to be.

Reboot the pc in normal mode and see if it's fixed or not. If it's not, you'll have the great fun of manually searching for .exe files on your pc that you don't recognize. Look them up on the net and delete any malicious ones you find and reset your home page again.

Good luck, as these things can be major pains to get rid of.

Submitted by: Jason J. of Pleasant Hill, Ohio

***********************************************************************

Answer:


I have encountered this problem several times on computers on my network. A program is called to run in the registry every time that the computer starts. It resets the home and takes over IE. Run Regedit to get to
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run

At this point, you will need to find the offending program. The "data" field will give you the name and location of each program. Go to google and check out each program that you do not know. (If you can look at a second computer, it will be easier than going through the hijacked IE.) When you find the known offenders, you can do two things. First for caution in case you err on the program, Export the whole Run key so that you can recapture it if you make a mistake. Second, rename or delete the program. I often rename it until I am sure that everything works. Finally, delete the singular subkey containing the program. If you are successful, you can reboot the computer and find that you have "unhijacked" IE. Please check everything. It has been my experience that when there is one such program, there are usually others also in the run section.

You should also check the "RunOnce" key. that follows.

Submitted by: Randal G.
Collapse -
Re: Give Me Back...

In reply to: Honorable mentions

This is my 2nd post on the same topic. I am amazed at all the folks that took time to share their knowledge with Maureen M. about her dilemma!
I'm abit red-faced also for posting before I read on...but what can I say!
A newbie shines like a red nose! I think I'll come on back to the CNET forum. I just might learn a thing or two! [*smiles* wink*]
Bonita P. Ontario, Canada

Collapse -
Other advice from our members

In reply to: 8/4/06 Give me back my browser's home page!

Answer:

Hi Maureen,

This sounds to me like one of the following:

-your computer has been hacked into.
-you have the sasser worm or some other malicious code running on your computer.
-your computer is infected with a trojan or equivelant.
-if you are on a network you may be remote desktopped and not know it.

If your computer has been hacked into then you need to get a firewall running to prevent a computer hacker from gaining access to your computer.

My recomendation would be sygate as i have used this for 3 years now without a hitch. If it is the second problem then you need to download the microsoft malicious code detector. I do realise that your internet is not working so try to get a friends help. If it is the last option than it is probably a good idea to do a fresh install of windows making sure to format the hard drive to remove any unwanted files being kept in the installation. A highly unlikely but still possible aspect could be that your computer has/is being remote desktopped, if this is the problem you need to disable remote desktopping and get a good firewall. Please note if your computer is connected to a network than remote desktopping may be a possibility.

Cheers.

Submitted by: Joel B.

***********************************************************************

Answer:


Hello Maureen,

When your computer has been hi-jacked as you described, there is a very technical and pain-staking process needed to completely 'clean' and 'purge' your system. Being a computer technician, I would never recommend an inexperienced operator to attempt this eradication by themselves, because some of these "nasties" can be very difficult to remove. [ Please do not think that I am trying to belittle you, as I myself would never attempt this sort of thing myself!!]

Without attempting to give any "advertising plugs", I would highly recommend that you seek the expert advice from the trained analysts at a forum called "TechSupport Forum". They have a specific forum that deals with only the problems that you have detailed; and believe it or not, all the advice from these trained analysts is FREE!! Their website address is:

http://www.techsupportforum.com

and I can speak with authority, as they assisted me with a similar problem in the past. To access support, you will need to 'register', which is FREE also, and only requires a valid email address. The particular forum at Techsupportforum that deals with these issues is called the "HiJack This Forum".

As a matter of interest, this forum is dedicated to helping people with computer problems, and they do not entertain counterfeit software or 'cracks', and the people there are very competent indeed.

Until you get your system 'cleaned an purged' I personally would not advise you to do anything on the Internet that requires you to give out any personal information, as usually these types of Hi-Jackers are out to get any or all of your personal information including; passwords; banking details, etc., etc.

Submitted by: David

***********************************************************************

Answer:


Browser Hijacks are a problem at times. It can be caused by some web sites running code that exploits a vulnerability in Internet Explorer. What I would advise is a visit to http://www.trendmicro.com (the PC-cillin people - so it's a trusted site). On the left of the screen, just over half way down, Browser Hijacking, download CWShredder.exe and run it.

After that, go back to TrendMicro and run their Free Virus Scan which find EVERYTHING... including lack of updates (so make sure to visit Windows Updates as well if you haven't already patched all the vulnerabilities). TrendMicros's scanner runs on Java so, if you are not up-to-date on Java, it will do it for you.

Once the problem is solved, download the free version of Winpatrol (http://www.winpatrol.com/download.html) and install it. It really is a 'must have' piece of software and well worth the 'one off' fee to upgrade to Winpatrol Plus. It will block attempts to change the Home Page and asks you if you want it changed - plus it does a whole lot more, check it out, it's got a brilliant reputation.

Submitted by: Mike

***********************************************************************

Answer:


Dear Maureen,

No, I do not think it would be safe to conduct banking on your computer in its current state. You should make sure you have anti-virus/anti-malware protection running and that it has the latest definitions/updates. Better-known examples would include products by Symantec, Norton Anti-Virus, etc., but I run ESET's NOD 32 (http://www.eset.com) anti-virus/anti-malware product on my home computer and it seems to be very effective so far at scanning incoming and outgoing emails, monitoring internet activity and it has a manual scanner that checks the entire computer on demand. It also updates itself automatically on a near daily basis, so I always have an up-to-date tool against viruses, trojans, hijackers, bots, spyware, adware, etc.

As for your current problem, using one of the free on-line scanners would probably be effective too. I have found Trend Micro's "Housecall" to be easy to use and effective (http://housecall.trendmicro.com/). Instructions are easy to follow and it will find, list and delete any harmful software on your computer.

Best wishes!

Submitted by: Dan D.

***********************************************************************

Answer:


Since this is a brand new Dell, I presume it is Win XP of some flavor. Presuming that, I have found any number of things get "lost" or revert. You didn't mention what the new home page is. If it's back to Microsoft, it's an XP problem, probably. I have all the same "helper" software on my XP system and found out that video driver conflicts can cause things to "revert". Turns out my video driver and my NIC shared the same IRQ. Find out from Dell if there is an update or how to change the IRQ of the NIC.

If the home page is MS, just go to your regular home page and click on Tools and then Options and in the Home Page section, click to make the current page your home page. Then see if it stays or gets changed again.

Just as an aside, try using Mozilla, Firefox or Netscape and see if it happens. My bet is on the imbedded Internet Explorer and XP is doing the hijacking.

More information on what page would be helpful, but hope this helps.

Submitted by: Niki H. of Woodbridge, Virginia

***********************************************************************

Answer:


First of all, my condolences for your problems! I'm very aware of how frustrating it can be to try to eliminate all of the loose ends a hijacking experience can be.

Secondly, as I've had this happen even on Firefox (though only twice and to a much lesser degree), I have found that the recommendations/advice given on http://www.majorgeeks.com has done the best for me.

Once on the site, you need to navigate to their support forums and then once in the forums, you need to choose "Malware Removal" under the Help & Technical forums. Once you're in there, do yourself a favor and read the post titled: "READ AND RUN ME FIRST" as well as taking a look at the post "NO HIJACK THIS FILES BEFORE READING THIS".

As I said above, I've used this twice and both times I managed to get rid of all of my issues by following their instructions. And you'll notice that in addition to the general fix, they also provide info on specific malware types under separate posts -- which is helpful when you know exactly what you have that's causing your problem.

Good luck!

Submitted by: Maggie B.

***********************************************************************

Answer:


Get this software : Anti_Hijacker. It's great!

http://www.dummysoftware.com

Submitted by: DufusDad1

***********************************************************************

Answer:


First, run Windows Update for your computer and install all updates. This will prevent the hijacker or some other malicious code from re-installing itself by exploiting some flaw in your operating system. As you mentioned, you probably already did this so go ahead and skip that step, but visit this link and read this bulletin to ensure you have the proper fix:

http://www.microsoft.com/technet/security/bulletin/ms99-032.mspx

Since Spybot and the other utilities did not find the problem, you have to manually remove the code that is causing the hijack. There are a few different kinds of hijackers out there, so start by searching your computer for any *.hta files and remove them if they look suspicious. You may rename them first to *.hta1 and then change your browser to test if this fixes the problem - then delete when you're sure.

There are two other types of hijackers out there, one is called a Gohip which is an executable file disguised as a "browser helper". If you can't find this under Add/Remove Programs, click here to try to remove it:

http://www.pchell.com/support/gohip.shtml

Finally, if none of these solutions helped there may be a shortcut in the Windows Startup folder or Registry Run key that starts regedit and tells it to add a hidden file containing the hijacker's homepage to the Registry every time upon startup. Example: C:\windows\temp\abc123.tmp. Look for this problem as well.

Submitted by: B. S.

***********************************************************************

Answer:


Hi,

I have recently had my home page hijacked twice in a matter of about three weeks. I found that if I went to the tools tab, and the first page that comes up offers you a choice of home page. I simply typed in the URL for my home page and the highjack was over. I did a complete scan using Windows Defender and a couple of other spyware and AV programs. I can't say that I actually found the culprit that did the highjack, but those scans did something because even after the second time my home page was highjacked, I also used the MS Malicious software removal tool in addition to repeating the original exercises I described earlier and after almost two months now, I have not had any further attempts. I would suggest that if you are using XP as an operating system, try following some of the program settings and repair methods offered right in XP and you might be well surprised at what you find you can do to protect yourself. I am and have always been an ABM (anything but Microsoft), however we are all in the same bind with Bill and his bandits, so we might as well bite the bullet and explore reasonable options to what they have to offer...but don't write them off totally when you are having major problems. I also use a site called Windows Annoyances (Annoyances.org) and they are indeed very helpful with their forums.

Good luck.

Submitted by: Roger

***********************************************************************

Answer:


Maureen, Two years ago I was a new computer owner and knew nada. I've learned a whole lot since then, and consider myself and expert (at least on my computer) on security.

From the sound of your submission I get the impression that you are going the 'free' route as much as possible. This is a mistake. All that money for your new Dell and to save a few bucks you are Not adequately protected. It's not that expensive to do it right and there are some good free programs.

This is what I run, and this is after a lot of experimentation, I gotta tell you that if you do it this way it will cost you about $150 max and your home page will never ever get hijacked again. The 'free' programs you mentioned are nice, but they aren't good enough to rely on.

1. Spy Sweeper (they have a 30 day full function trial), and it is simply the best out there.

2. Ewido (WITH the active monitor, they also have a 30 day full function trial and if you are running the old version you can download the new one and get another 30 days) A lot of people use up the free trial and let the active scanner go and think they have the same protection. Not true! It's excellent, but you need the active scan.

3. All in one Secretmaker. This is a free program that has taken charge of my security setup. My two active scanners (Ewido and Spysweeper) don't seem to have much to do. It has all kinds of modules for different security functions and great cleanup options.

4. Bit Defender Pro 9. This is a suite of security stuff, and while the firewall and a few other functions are not rated first in function, their Antivirus is. The firewall in my opinion is just fine, nothing's gotten through it.

5. Registry First Aid. Though not strictly a security program, I consider it an important part of my "mean, clean machine" approach. Malware leaves traces and things that need to be cleaned out after you've cleaned up.

6. Tune Up Utilities 2006. I know, lots of programs. This one is the best, in my opinion, for a number of tasks necessary to keep things running smoothly. Another registry cleaner to double check Registry First Aid, a registry defragger which is really useful, a process manager, startup manager, as well as a bunch of other 'optimizers' for memory, performance and more.

That's a lot, but I got it all for about $150 and nothing gets past it. Those programs also keep my Dell clean and fast. Most people I know rely on inferior software and wonder why their computers run so slow and lockup so much. I'm tired of telling them, and maybe you know a lot more than I do and don't need this advice, but I have found that I rely on all of the above programs to keep my computer running like it did the day I got it.

Submitted by: Peter J.

***********************************************************************

Answer:


Your HOSTS file may have been modified. Your HOSTS file can be used to redirect any webpage to any other IP address on the internet. It could be set to route www.google.com to the IP address for a porn website; so everytime you try to go to google, you end up at a site you don't want to be at, but can't seem to control.

The HOSTS file is located in "C:\windows\system32\drivers\etc". When you double-click on it, choose a program to open the file with, and use notepad (which is included with Windows). A default HOSTS file will look like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


Anything not prefixed with an octothorpe (#) is a reroute of a site that is active. If you know that you've never intended on rerouting any website and you see something else beyond "localhost", then that just might be your problem.

You can copy and past what I have included in this answer into your HOSTS file and save it. When you save the file, make sure no browser windows or other programs that use an internet connection are running. When saving, there is a drop-down menu below where you input the name; change the file type to "all files" and make sure the name of the file is "HOSTS" without any extension, such as ".txt". Now open up a browser window and see how things work!

To protect this file from unwanted changes in the future, right-click on the HOSTS file and click on PROPERTIES. At the bottom, at ATTRIBUTES, put a checkmark in "read-only" and click OK in the window. This sets the file to only be read, not written to or modified unless the attribute property is changed.

Submitted by: Jonathan B.

***********************************************************************

Answer:


Hi Maureen,

Wow, 3 weeks old and these problems already? Sorry to read that!

Do you know the name of whatever it was that hijacked your homepage? You should be able to find something in your registry with that name. Of course, if you're not comfortable with going into the registry, don't. Run a Spybot scan and save, then run a HijackThis scan and save, post on the Spybot Netintetgration forum with the problem. They will tell you if they need you to get that HijackThis scan sent to them and how to do it.

Alternatively, and what I'd do is disconnect from the internet and reboot into safe mode. While in safe mode run all your scans, including HijackThis. See if anything comes up in your a/v or spyware scans. Also look at everything in your HijackThis scan.

If, after either running deep scans in safe mode and/or posting on the Spybot forum you still can't get rid of this pest you've caught, my only other suggestion is to use your recovery disc and reinstall/reformat. I know, that's a pain, but hopefully after only 3 weeks you don't have alot of "stuff" on the computer and you've got backups of anything important.

Once you know your computer's clean, don't connect to the internet until you've installed ZA and AVG at least. Save the .exe to disc and install them from the disc. Another anti-spyware program I use is spywareblaster. It's not a scanner, what that does is put alot of bad sites/cookies into the restricted sites section of your IE tools. It's not perfect, but it sure is a help.

Lastly, consider using a different browser - Firefox or Opera if you're using Windows. Those are safer. That doesn't mean you don't need your firewall, etc. It just means you are a little less likely to catch another "bug".

Good luck and hope all works out for you!

Submitted by: Anonymous

***********************************************************************

Answer:


I've lived the problem you described for a few years now and could never solv it until I read the following article from PC World. It worked for me and it was simple to do. Good luck. Mark

Re registering Your DLLs

You can remedy some common Windows woes by reloading system files; a free tool to maximize shutdown options.


Scott Dunn
From the August 2006 issue of PC World magazine
Posted Monday, June 19, 2006

Windows XP and 2000 store information about many of their functions in files known as dynamic link libraries, or DLLs. Information about the DLLs is stored in the Windows Registry. When a DLL file's Registry entry is corrupted, the OS may balk when opening files or Web pages, or otherwise misbehave. Fortunately, as tipster Dick Waller of Dayton, Ohio, points out, Windows' own regsvr32.exe tool lets you add DLL data back into the Registry.

Even if you aren't sure what DLL information is missing or corrupted, it doesn't hurt to re-register a DLL that was installed with Windows. Here are fixes for several common problems that are often caused by corrupt DLL Registry entries.

Put on a happy interface: Many problems can be fixed simply by
re-registering Shell32.dll, which stores information about Windows'
interface and is used to open files and Web pages. For example,
re-installing this DLL will restore JPEG or GIF image previews under the Desktop tab of the Display Properties dialog box (right-click the desktop and choose Properties to see this dialog). It can also repair the ability to launch the Create Shortcut Wizard (right-click the desktop and choose New, Shortcut), as well as the double-click behavior of folder icons, which is easily corrupted (see the August 2005 Windows Tips for more on this glitch).

To restore this DLL, choose Start, Run, type regsvr32 /i shell32.dll, and press <Enter> (see FIGURE 1). (The /i switch stands for "install.") A message tells you if the command worked. (You may need to restart Windows to see the effect.)

Restore the Windows Picture and Fax Viewer (XP only): If you can't view
photos or faxes by double-clicking their file icons, re-register the
viewer's DLL: Choose Start, Run, type regsvr32 /i shimgvw.dll, and press <Enter>. Again, a message will pop up indicating whether the DLL reloading fixed the problem (see FIGURE 2).

Resuscitate the Add Network Places Wizard (XP only): Sometimes restoring a broken function requires that you run the regsvr32 /i command several times, once for each DLL whose data needs restoring. For example, if you click Add a network place in the left pane of the My Network Places folder window and nothing happens, you may be able to revive the Add Network Place Wizard by running three commands, one after the other, in Windows' Run box: Choose Start, Run, type regsvr32 /i netplwiz.dll, and press <Enter>. Now follow the same steps, but this time change the command line to regsvr32 /i mshtml.dll. Finally, run the command line regsvr32 /i shell32.dll.

Restore Quick Launch: If you right-click on your taskbar and choose
Toolbars, Quick Launch, only to receive an error message telling you that the toolbar can't be created, you may be missing the Quick Launch folder, vital Registry entries, or some other important file. The Quick Launch folder should be in C:\Documents and Settings\profile name\Application Data\Microsoft\Internet Explorer (where profile name is the account you are logged into). If it's not there, you can either create it manually (click File, New, Folder inside the above-referenced folder and name it Quick Launch), or have Windows do it for you. For the latter option, choose Start, Run, type ie4uinit.exe, and press <Enter>. Now try displaying the Quick Launch toolbar again.

If it's still a no-go, choose Start, Run, type regsvr32 /i shell32.dll, and press <Enter>. Next, click Start, Run, type regsvr32 /i browseui.dll, and press <Enter>.

Submitted by: Mark L.

***********************************************************************

Answer:


First, although the tools you used are great security tools. They're first line of defense for spyware, adware and other pests, but they're not intended for IE hijack recovery.

CA (Computer Associates) has an excellent browser hijack recovery article in their PestPatrol knowledge base : "How to Clear a Hijack" (http://research.pestpatrol.com/HowTo/How_To_Clear_a_Hijack.asp)

Once you've done all that this articles suggests, restart IE to see if it is still hijaaked. If so then download and run one of the many browser hijack recovery tools available out on the web ... among them are tools such as IE Protector, Browser Hijack Recover, Browser Hijaak Retaliator and so on. On an ongoing basis, many of these tools guarantee in realtime that your copy of IE won't be hijacked.

If all those efforts leave you with an IE that still is misbehaving, then consider this next step: make sure that IE is not damaged. To repair IE, I would suggest the excellent article titled "Understanding and Troubleshooting Unrecoverable Errors (Faults) in Internet Explorer" (http://support.microsoft.com/Default.aspx?kbid=276393) on support.microsoft.com. Among its many tips, this article shows how to disable third-party IE plugins, and you should consider doing that, since you can then reenable those plugins, one by one, to identify whether one of your plugins is at least partly responsible for your IE surprises.

In general, it is a wise practice to :

- frequently update your system by clicking on the Tools > Windows Update link on your copy of IE to discover and apply all security- and browser-related updates from Microsoft
- install antivirus software, a software firewall and realtime spyware detection software like eTrust PestPatrol, SpyBot, AdAware, etc. that automatically starts up with your system and that watches browser activity in realtime

Submitted by: Larry Y.

***********************************************************************

Answer:


I had a very similar problem: homepage hijacked. Even after running several free programs (Ad Aware, Spybot, CW Shredder, Hijack This, etc.), the problem persisted. I soon found myself looking at the dreaded ?about:blank? in my address window. After doing some online research, I decided to try Webroot Spy Sweeper, based on some of the success stories I read. So I got the credit card out, paid the download fee (it was on sale for $25.00 at the time, and they threw in a free download of their program Window Washer). Spy Sweeper fixed the problem.

Submitted by: Daniel N.

***********************************************************************

Answer:


Hi Maureen,

While it is sometimes annoying, I think you will find your home page was simply changed to something else - not really "hijacked".

Websites can add coding to change the page your browser starts up on.
Developers of web applications are not supposed to have this happen unless you actually click a link requesting the change, but of course we have some unscrupulous developers out there that do not care about following certain standards.

All you should have to do is this :

1. Open MSIE

2. Go to a website that you like, or want to startup on all the time

3. Select TOOLS - INTERNET OPTIONS from your browser menubar

4. On the General tab, in the Home page section, press USE CURRENT (you could also set it to DEFAULT or BLANK, but most people have a favorite site they like)

5. Click APPLY

6. Close the Internet Options window.

Close your browser and then open a new one - it should now start up on your preferred website.

If you cannot make any changes to the Home Page settings, then you have a little bit of an issue, because that means a software patch for MSIE was installed that took away the abilities to make changes. This should not have happened w/o your knowledge, since installing software on any up-to-date computer has to be confirmed, especially if it came from a web source.

I suspect that it was actually switched by simple web coding, and in that case, no - you're really not at risk of anything, especially if nothing that scanned your system found anything funky. You were just the victim of bad web developers, or you may have accidentally clicked a link to change it.


BTW: Congrats on the security installments ... I run across so many people today that do not even have AV installed!

Submitted by: Glen P. of Winnipeg, Manitoba, Canada

***********************************************************************

Answer:


Maureen,

With the circumstances you describe, the best thing you can do is to run Hijackthis and submit the log to the good folks on the Wilder Security forums. The link below will bring you to the hijacked webpage forum.

http://www.wilderssecurity.com/forumdisplay.php?f=26

Submitted by: Larry M.
Collapse -
To Maureen

In reply to: Other advice from our members

Sorry to hear of your browser's nome page address being hijacked, I have had this myself a couple of times, and though I have adequate protection - all my spyware/malware detectors and anti-virus is kept up-to date and used on aa regular basis - this still happened.

Look on this link http://reviews.cnet.com/5208-6142-0.html?forumID=5&threadID=124775&messageID=1412967, as I contacted CNET forums to try to get help with the problem, and eventually I did manage to get it sorted out.

Collapse -
In fact Mauren

In reply to: To Maureen

You may end up with the final - and rather drastic - solution I used, be that as it may, I have NOT had any problems with the home page setting as before.

Collapse -
(NT) May I suggest another program to use?

In reply to: In fact Mauren

I know that being hijacked isn't one of the many happy moments that happens when you get a spyware, but there is another catch: There may be more than one spywares running on your computer that the spyware programs are not able to detect (It happened to me -_-).

When I first had my computer, it had no protection whatsoever. So i bought an Anti-Spyware program called "Spysweeper". It has features capable of blocking communication on EI (Internet Explorer) as well as hijacking protection, but it was unable to stop the viruses. So I downloaded numerous Anti-Virus programs but only McAfee was the only program capable of finding more viruses (but I doubt it can stop the virus from the source).

As time progresses, I had gotten a program called "Protection Center", which, although may be a bit powerful for some computers, can be capable of detecting more spywares and viruses when scaned (but the downside is that if you have more than one log-on window on Windows XP Home or Professional, then the spywares can "hide" themselves from the scan since it needs to run certain program in oreder to activate. Scan each log-on window in order to keep it safe). Protection Center is capable of scanning the first few files from Master Boot Record to Cookies, Registry, Memory, Compressed files, and so on, but as it scans some computers may lag at this point, after that it picks up the spywares being run.

Although, this is another suggestion from me, but trust me, I ran most of the programs that you said before and they dont help. If you want maximum protection, I suggest 2 programs, Protection Center and Spysweeper. It has done a great deal of protection for me and kept my computer safe.

I hope this may help you with your troubles with not only spywares, but viruses too! Silly

Collapse -
Counterspy

In reply to: (NT) May I suggest another program to use?

Here's another program I use which works better than anything else I've tried. Counterspy by Sunbelt, I use it along with McAfee and I get nothing, no attacks, highjacks, and the rest of the bull out there. It also gives me info on who did the attempt, and what I can do about it. Personally, I'd love to drive over to their office and punch 'em in the nose but it doesn't give me THAT much info. To me, these people are the same as thieves and should be dealt with the same way. If I ever meet somebody who admits to me they hijack PCs, I'm gonna beat the hell out of 'em, call the cops and press charges.
Sorry, I get worked up about this.

Collapse -
(NT) May I suggest another program to use?

In reply to: In fact Mauren

I know that being hijacked isn't one of the many happy moments that happens when you get a spyware, but there is another catch: There may be more than one spywares running on your computer that the spyware programs are not able to detect (It happened to me -_-).

When I first had my computer, it had no protection whatsoever. So i bought an Anti-Spyware program called "Spysweeper". It has features capable of blocking communication on EI (Internet Explorer) as well as hijacking protection, but it was unable to stop the viruses. So I downloaded numerous Anti-Virus programs but only McAfee was the only program capable of finding more viruses (but I doubt it can stop the virus from the source).

As time progresses, I had gotten a program called "Protection Center", which, although may be a bit powerful for some computers, can be capable of detecting more spywares and viruses when scaned and has a firewall to go with it too!(but the downside is that if you have more than one log-on window on Windows XP Home or Professional, then the spywares can "hide" themselves from the scan since it needs to run certain program in oreder to activate. Scan each log-on window in order to keep it safe). Protection Center is capable of scanning the first few files from Master Boot Record to Cookies, Registry, Memory, Compressed files, and so on, but as it scans some computers may lag at this point, after that it picks up the spywares being run.

Although, this is another suggestion from me, but trust me, I ran most of the programs that you said before and they dont help. If you want maximum protection, I suggest 2 programs, Protection Center and Spysweeper. It has done a great deal of protection for me and kept my computer safe. To block communication between a malicious host and you, and a 3-in-1 Prtection Center!

I hope this may help you with your troubles with not only spywares, but viruses too! Silly

Collapse -
Hijacking Browser

In reply to: 8/4/06 Give me back my browser's home page!

I used Webroot Spy Sweeper 5.0 and it took care of the problem right away. I use all the ones you mentioned and this worked fine.

Collapse -
ZoneAlarm 6.5.X bug may be responsible

In reply to: 8/4/06 Give me back my browser's home page!

ZoneAlarm versions 6.5.700, 6.5.714, 6.5.722 (etc.) have a bug -- they lock the Internet Explorer Home Page. The only way to change the Home Page is to reboot into Safe Mode. The bug was fixed in version 6.5.731. Maureen should check her version of ZoneAlarm and update if necessary.

Confirmation of this problem from the ZoneAlarms user forum can be found here:
http://forum.zonelabs.org/zonelabs/board/message?board.id=inst&message.id=54209

This link will also work: http://tinyurl.com/s42n4

regards, Andy

P.S.: an excellent tool for analyzing startup programs can be found at this site: http://www.silentrunners.org/

Collapse -
This was the answer to my problem

In reply to: ZoneAlarm 6.5.X bug may be responsible

After going through all of the other suggestions in this string I finally went to the Zone Labs forum and found this topic. Soon after, Zone Alarm updated itself and it fixed the problem which had suddenly appeared on several computers, most of which operated in much different environments.

Collapse -
Another suggestion... and preventative measures...

In reply to: 8/4/06 Give me back my browser's home page!

Everyone has sound soultions for the problem... After you've tried a system restore, and IF it DOESN'T work, you may have to turn off your system restore and give the previously mentioned soultions a try again.
***Some spyware/malware imbeds itself into your system restore to re-install itself after a sucessful removal.* So, even though it has been removed, it MAY come back upon next reboot.
To turn off system restore, right click 'My Computer', 'Properties', System Restore', 'Turn off system restore on all drives' REMEMBER, only do this if system restore does not work to resolve the problem!

AFTER you manage to get it out, I might suggest going to Microsoft Downloads and getting IE7 Beta 3. Though Beta software, it IS from Microsoft and it has some really cool safety enhancements... a phishing filter, enhanced security measures, and a more indepth settings control for your internet security settings.
Again, Running the removal tools mentioned previously in Safe Mode is a VERY good idea...and once again, if system restore DOESN'T work, then turn it off prior to starting in safe mode to run the removal tools. This will eliminate the possibility of the problem from re-installing itself from another possible route.
I'm no expert, merely passing on information I learned the HARD way myself.
Hope this helps...
scootertrashtx

Collapse -
Browser Home Page.

In reply to: 8/4/06 Give me back my browser's home page!

If you installed Internet Explorer 7 in the "Beta" phase, I contacted Microsoft and found out that IE 7 "Beta" was just a program that could be uninstalled by "Add & Remove Programs". Worked for me.

Collapse -
abouth this hacker thing.

In reply to: 8/4/06 Give me back my browser's home page!

hi m8,
when you still have internet access then look in google for a little program that called unhackme,
this program looks if you'r Hard drive has more then 1
root. (the access track for you'r hd)

when you have more then 1 root track,
then you have been hackt, and this program deletes then one that the hacker have created.

hope this helps m8.....Happy

Collapse -
Paid for solution

In reply to: 8/4/06 Give me back my browser's home page!

Browser hijackers can be evil little sods to get rid of.
I bought SpyDoctor a few months ago, it found and deleted so much stuff that I had no idea was on my PC, including a hijack prog'. I consider it

Collapse -
Answer

In reply to: 8/4/06 Give me back my browser's home page!

Hello Maureen

I know how frustrating the whole situation must have been for you. A couple of days ago I experienced a similar problem and spent hours trying to fix it. I even downloaded well-know programmes to rid my computer of the problem but they too failed. I came across a programme named 'prevx' which once installed not only identified the offending programme, blocked its capability to work,and shifted to 'jail' from where I deleted it. Prevx worked for me. It can be located at http://www.prevx.com/

Regards

David

Collapse -
homepage hyjack

In reply to: 8/4/06 Give me back my browser's home page!

My solution to this hyjacking...is not to use internet explorer...i changed to firefox and have had no problems since. Besides, i think firefo]]x is much better to use anyway.
Hope this helps,
kenn29

Collapse -
one more item to add

In reply to: 8/4/06 Give me back my browser's home page!

there is a program called secret maker that will scramble any info that someone may attempt in highjacking...plus there are actually 27 programs with secret maker that will help mask/block/stop these attempts in the future. has anyone else had problems with this program and/or good luck. i believe i found it on the downloads at cnet.com

Collapse -
sorry but

In reply to: 8/4/06 Give me back my browser's home page!

I don't have this problem. I keep three live cd's for emergencies and have my disk dual partitioned with one being able to access the other.

Collapse -
Just down load stopzilla for free...

In reply to: 8/4/06 Give me back my browser's home page!

It will fix all that with zero effort.

Collapse -
netzero homepage - not really hijacking but an annoyance

In reply to: 8/4/06 Give me back my browser's home page!

I have all the usual safeguards in place on my desktop and laptop and have only encountered one or two problems in more years of computing than most of you have been alive. BUT: this summer in my somewhat remote summer residence I subscribed to NetZero for the dial-up connection I needed there for the month. I've used Earthlink and AOL for this yearly ritual before, but have gotten annoyed at all the problems of getting disentangled from them when i return home.

The NetZero start-up program insisted on my homepage being their own. My homepage in options was set to my choice (my google/gmail) and if I clicked on the "home" icon it went to it, but startup always was to the netzero account.

Because it WAS a short-term dilemma, because I could get around it, and because exploring the solutions on discussion forums on the 'net was painful using dial-up, I didn't pursue it further. But I felt imposed upon and probably won't use them again.

Collapse -
give me back my browser's home page.

In reply to: 8/4/06 Give me back my browser's home page!

I had a similar problem with bt yahoo browser taking over I got in touch with BT and aske how to get rid of it and they replied with these instructions.
I understand from your e-mail that you want to un-install BT Yahoo! Browser. I apologise the inconvenience caused. I can assist you.

I would like to inform you that if you want to un-install BT Yahoo! Browser, you can un-install it by following the steps mentioned below:

1. Go to 'Start' and then 'Control Panel' (You may need to go to 'Start', 'Settings' then 'Control Panel' depending on your configuration).
2. Open 'Add or Remove Programs' and locate the 'BT Yahoo! Applications'.
3. Click 'Change/Remove' (Depending on your version of Windows, this may be labelled as 'Change' or 'Add/Remove').
4. Put a check mark in the box labelled 'BT Yahoo! Browser' and click 'Uninstall'.

If you wish to install, you can install it by following the link given below:

http://bt.software.yahoo.com

If the problem persists, please contact us with the above reference number. In future, if you need nay further information, please click on the link given below:

http://btybb.custhelp.com

Thank you for using BT Total Broadband.


If this is not the solution you are looking for it help others who had the problem as I did.
G.Coltman.

Collapse -
The netzero connection had yahoo too

In reply to: give me back my browser's home page.

but I just checked - removing the yahoo toolbar which had gotten to the list of programs did not change the home page.

But I think we may be on to something here. Has anyone else had the problem where the opening page is one chosen by your ISP and you can't CHANGE it to be your homepage? That may be what's happened here.

How does one fix this? PLEASE no one say go to the menu bar (that's the thing up at the top) etc. I'm not talking about "malicious" hijacking here.

Collapse -
Another option

In reply to: 8/4/06 Give me back my browser's home page!

After having your computer cleaned of any malware/hijackers, you could also look into using Mozilla Firefox, Mozilla Suite, or Opera. I have used all of these and have never had a problem with hijacking. It helps that there is no direct relations between the Operating system, and the Web browser. Also, look into Pest Patrol as another option for malware removal, My copy came from the army but I believe it's about 20 dollars. That along with the other programs you have mentioned have left me spyware and malware free since I have installed them in early 2005.

Collapse -
adware away

In reply to: Another option

Afew years ago, I got hijacked. Tried all the popular well know programs with no results. Finally found Adwareaway. Downloaded their software, ran a test, sent them the analysis, they sent me back a file to run, and VIOLA, cleaned everything up. Highly recommend.

Collapse -
Can Bufferzone to prevent this???

In reply to: 8/4/06 Give me back my browser's home page!

Has anyone tried a product called bufferzone, which supposedly sandboxes your browser so your system can't be altered...

Collapse -
I use the following software for such problems,,,,,

In reply to: 8/4/06 Give me back my browser's home page!

I use a ?cocktail? method for my computer to deal with problems. Even when I had dial-up I would have problems but not as much.

1. For Popups, Adware, Spyware: I use Stopzilla.I?ve been using there program for almost two years and I find it to be excellent, especially for popups. With Stopzilla, I have ZERO popups. That?s right, ZERO. This is not an excaggeration. If there is someone out there trying to really dig into my PC, a notice will come up and a screen of theirs will pop up to show all the registry infections. It will then proceed to clean and fix. I bought a lifelone licence for $42.00.

2. For Anti-virus and Firewall: I used Panda Plantium. It works great but as with all firewalls, it asks me for permission to view things on occasion which can be annoying at times. It has done a great job with warning me about all web site that have tried to hi-jack my home page. I merely tell it NO, and it does the job. Expensive but you can find legitimate and legal deals on E-Bay.

3. For defragging memory, defragging HDD, fixing registry problems, permanently deleting ?previously deleted stuff?, and just a source for maintaining my computer?s integrity, I use System Mechanic Pro 6. My gripe with SMP6 is this; sometimes it seems to cause some slight functional problems such as ?slowing down my PC and causing my computer to take a while to initially load-up?. Once in a while the screen of SMP6, while working, freezes but this happens rarely for me. This also tends to be a problem when I have first loaded the program for the first time. I have gone through several HDD changes for my laptop and desktop so this is why I know this point.
4. Your first use of SMP6 is tedious and long and it may take a while for it to clean you PC but after your first time, everything is just ?maintaining?. You can schedule your PC to do a maintenance clean-up but that can be a pain when you?re doing something because it takes up speed and MEM, but it works great and maintains a fast PC for you. Defragging the MEM is new to me, but it works great. It also ?restores? the MEM being taken through regular use. It fixes registry problems also and I think this is why sometimes my PC ?slows? down because my PC needs to ?fix itself? after the changes, but slowdowns are never permanent. Expensive but you can find legitimate and legal deals on E-Bay. NOTE: SMP6 gives you the options of what individual items of the program you want to use before opening up and downloading. I do not choose the anti-virus and firewall because I use these two with Panda Plantium. From my experience, you cannot use two anti-virus and two firewalls at the same time. You must choose which program that is going to use these two options if you have two programs that give the same options. I like Panda?s better so that is what I chose to use.

5. For my fourth program, I used ErrorKiller. This program does an equally good job in killing adware, spyware, and fixing registry problems that the above do not catch, and there is always something that is not caught by the others. Cost me $42.00. ErrorKiller gave me some free downloadable programs to help with the above issues also. I can?t say that they do a great job because I use them in conjunction with everything I have, but maybe this step is a good option for those who don?t have a lot of money. You can buy a limited version of ErrorKiller, but you won?t get the free downloads. For $20.00 more, it was worth it to me.

6. I use SPYBOT also. It?s good but not as good as SMP6, Stopzilla, and ErrorKiller.

It may seem overkill to many of you, but c?est le vie. In today?s world, it takes an army to fight these guys. The cost outweighs the problems, and the issues that I read and hear from others needn?t be a problem. To honest, some of the problems that I read about can be guarded against if you choose to do so but you have to do some research and try some programs to find out what you like. But one program doesn?t do it all, and never will.

Collapse -
My Problem is Similar But Differs in That There is No ......

In reply to: 8/4/06 Give me back my browser's home page!

My problem is similar but differs in that there is no evidence of a security problem or hijacking, at least not that I can see. I bought a new HP about a month ago and the browser (IE) homepage is set to an HP site. I'd rather it was the search engine I use most, Google, but it won't change. I've gone to Tools, Internet Options, Use Current radio button, Apply but it just keeps going back to the HP site. Not a big problem, just mildly inconvenient, but any ideas on how to fix?

Collapse -
Setting Homepage

In reply to: My Problem is Similar But Differs in That There is No ......

One question: Are you actually at the google site when you try this? If you have your browser open and it is at the HP site, and you type in the google site and then hit ''use current'' it will go back to the page you are on in the browser. Try opening the browser, type the google address in the address bar and after you are at the google search page, then go to ''tools'' and to change the homepage click ''use current'', ''apply''. Close the "internet options" window, close the browser and re-open. It should go to google.

Collapse -
It should, But It Doesn't

In reply to: Setting Homepage

Yes, I was in Google. Yes, it should then go to Google. It doesn't.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.