3 Steps to Repair your Hijacked Browser
Have a Hijacked Browser or lost your Internet Connectivity?
A Hijacked Browser usually will either not be able to surf the web or you may try to do a Google search and are redirected.
Another possibility is that you installed some software with low quality code and it damaged a system file.
There are several actions we can take to fix this.
3 steps to Fix Browser Redirects and a Hijacked Browser
Search Engine Redirect:
If you try and do a Google search and the results page is NOT from Google or what you asked for you likely have an infection.
The file that is in question is atapi.sys
This file by itself is needed for Windows to load from your Hard Drive.
However, there is a Rootkit that has infected and altered this file.
As of this writing Combofix can remove this infection automatically.
If you would rather repair this manually, you can copy this file from your Windows CD or download the file "atapi.sys" and place it within the "c:\Windows\system32\drivers" folder.
A more extreme option is to un-install the latest Windows Service Pack, then download it and re-install the service pack.
That may repair infected system files by simply re-installing clean versions.
Lastly, goto the "atapi.sys" file and right click. Select "Properties" then under the "Attributes" heading, check the "Read Only" box and click "Apply".
This prevents future issues with browser redirects via the atapi.sys file, but it has also been said to provide a temporary fix to this issue while you locate a clean version of this file.
We need to check the HOSTS file and make sure it hasn't been tampered with.
You can either run a windows search for "hosts"
You can use Windows Explorer and goto c:\Windows\system\drivers\etc
Open the file using notepad
You should see something that looks like the image below:
If your hosts file has text that is not the standard 127.0.0.1 localhost you may have Malware
To know for sure read
Malware Removal Guide
If your hosts file looks like the text shown in the image move to Step 3.
If you have more or different items remove those items and make sure that your hosts file includes:
After you have made the changes you may go ahead and save the file.
Reset the Layered Service Provider
Sometimes the LSP or Winsock can be altered or damaged when a file sharing program is installed or possibly damaged by Malware.
To reset the LSP to its normal settings follow these steps:
- If using Windows XP SP2 or higher goto Run then type cmd
- When the DOS box comes up type netsh winsock reset
Another option is to download a free program called WinsockXPfix
This program has been around a long time and has a great reputation for fixing internet connectivity issues.