BOOT CAMP ARCHIVE 2002

  

 

BOOT CAMP 232 (02/07/02)

 

HOME PAGE HIJACKING

 

What began as a relatively obscure nuisance is now turning into a real problem for many PC owners. It’s called ‘homepage hijacking’ and it can happen to anyone, even if you never knowingly visit web sites of dubious intent.

 

The first most users know about is when they open their Internet browser and go online, only to be confronted with a different start or home page to the one they’ve chosen. At best it will be a web site advertising a product or service and a few clicks later everything is back to normal. At worst it could be a site displaying hardcore pornography, and even if you change back to your usual home page, the offending site reappears the next time you boot up your PC. Clearly it is an intrusion and a major concern, especially if the PC is shared by other members of the family.

 

There are several ways your homepage can be changed without your knowledge or permission. Most exploit vulnerabilities and loopholes in Internet Explorer but other browsers are also affected. Merely visiting some web sites it all that it takes, and even if you’re careful about where you go it can still occur. In the past it has happened following the installation of software and misplacing one letter in a web address could take you a hijacking site with a URL that’s deliberately close to that of a popular legitimate site.

 

Clicking on pop-up advertisements is another common method and a lot of people get caught by inadvertently clicking OK on ‘official’ looking dialogue boxes that pop up, purporting to contain some sort of enhancement or update. The latter can contain commands or scripts that not only change the home page but make alterations to the computer’s Registry, which prevent the user from changing their home page. These can be very difficult to undo and it’s not unknown for frustrated users to resort to reformatting their hard disc drive to rid themselves of the intrusion.

 

If it hasn’t happened to you yet you’ve had a charmed life but you are living on borrowed time. There’s plenty you can do to make sure that your luck holds, though, and the first thing is to make sure your browser’s security features are up to date. If you are using Windows 9x or NT4 you should definitely download the ‘Scriptlet/Eyedog’ patch which is available from Microsoft at:

http://www.microsoft.com/msdownload/

iebuild/scriptlet/en/scriptlet.htm. Visit the Microsoft Update web site (http://windowsupdate.microsoft.com/) regularly to make sure that your browser is in tip-top shape and upgrading to version 6 of Internet Explorer is also a good idea. It’s available from the Microsoft web site and is regularly featured on PC magazine cover-mount CD-ROMs.

 

If you’re a believer in the belt and braces approach you might also like to download a little freeware utility called Start Page Guard. This effectively ‘locks’ your browser’s home page and won’t allow it to be changed, unless you give permission. It’s only around 640kb and can be downloaded from http://www.pjwalczak.com/spguard/index.php. We mustn’t forget out old friend

AdAware, which, if regularly updated, keeps your PC free of several types of nasties – the download can be found at: http://www.lsfileserv.com/ and it’s also worth considering a sophisticated web monitoring program called ‘Spyblocker’, a 15-day trial is available from: http://personal.atl.bellsouth.net/mia/k/r/kryp/.

 

If you do get stung you may be lucky and the change will be easy to undo. If you are using Internet Explorer (version 5 and above) the simplest method is to ignore what’s on the screen, type in the address of your preferred home page, wait for it to load then go to Internet Options on the View menu, make sure the General tab is selected then click the ‘Use Current’ button. Exit IE and reboot your PC and hopefully all will be well once again. If the page returns you’re dealing with a potentially nasty infection and you’ll have to do a little detective work.

 

Check first for any new or unfamiliar entries in your Startup program group (Start > Programs), if that’s clear open Notepad (Start > Programs > Accessories), and use it to open a file called ‘win.ini’ which you will find in the Windows folder. Alternatively if you are using Windows 98 or higher you can access win.ini by typing ‘msconfig’ in Run on the Start menu. In both cases you are looking for any additions after the commands ‘run=’ and ‘load=’. The msconfig utility will also let you check for nasties in other Windows systems files (config.sys and autoexec.bat), and all of the programs that start with Windows (Startup), that do not appear in the Startup folder.

 

If the hijacker has got into the Registry you should seek professional help as you could easily end up doing more harm than good. However, if you’re reasonably familiar with this critical part of Windows, you might be able to spot the culprit using Regedit. After making a backup of the Registry press F3 to open Find and type in ‘RunServices’. This should take you to a number of folders (RunOnce, Run, RunServices, etc.), which is where you will find the ‘keys’ for most of the programs and applications that run at start up, and the most likely hiding place for a hijacking program. Double click the folders to display their contents and check through the names in the right hand pane for any suspicious entries. Run the names of any executable programs (ending with *.exe) or URLs that you are not familiar with through a Google search (www.google.co.uk) and you can decide whether to delete them or not.

 

Next week – Top Tips for Window XP

 

JARGON FILTER

 

PATCH

A program or file intended to fix or work around a problem in a software application

 

REGISTRY

A large, constantly changing file in Windows containing details of how your PC is set up and configuration information for all the programs on the hard disc

 

URL

Uniform Resource Locator – a standard Internet address

 

TOP TIP

Send To is a potentially very useful feature in Windows Explorer (right click on a file or folder) but the default locations are a bit limited. Send To Toys is an invaluable little utility that lets you add to (and remove) items on the Send To list with a single click. It’s freeware and compatible with all flavours of Windows 9x, 2000 and XP and the download is only 400kb. The link to the download can be found at: http://www.gabrieleponti.com/software/

Search PCTopTips 


Web

PCTopTips

Boot Camp Index

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

 

Top Tips Index

Windows XP

Windows Vista

Internet & Email

Microsoft Word

Folders & Files

Desktop Mouse & Keyboard

Crash Bang Wallop!

Privacy & Security

Imaging Scanning & Printing

Power, Safety & Comfort

Tools & Utilities

Sound Advice

Display & screen

Fun & Games

Windows 95/98/SE/ME

 

 

 

 

 

 Copyright 2006-2009 PCTOPTIPS UK.

All information on this web site is provided as-is without warranty of any kind. Neither PCTOPTIPS nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use any of the information contained herein.