3 Steps to Repair your Hijacked Browser



Have a Hijacked Browser or lost your Internet Connectivity?

A Hijacked Browser usually will either not be able to surf the web or you may try to do a Google search and are redirected.

Another possibility is that you installed some software with low quality code and it damaged a system file.

There are several actions we can take to fix this.

3 steps to Fix Browser Redirects and a Hijacked Browser

Step 1

Search Engine Redirect:

If you try and do a Google search and the results page is NOT from Google or what you asked for you likely have an infection.

The file that is in question is atapi.sys

This file by itself is needed for Windows to load from your Hard Drive.

However, there is a Rootkit that has infected and altered this file.

As of this writing Combofix can remove this infection automatically.

If you would rather repair this manually, you can copy this file from your Windows CD or download the file "atapi.sys" and place it within the "c:\Windows\system32\drivers" folder.

A more extreme option is to un-install the latest Windows Service Pack, then download it and re-install the service pack.

That may repair infected system files by simply re-installing clean versions.

Lastly, goto the "atapi.sys" file and right click. Select "Properties" then under the "Attributes" heading, check the "Read Only" box and click "Apply".

This prevents future issues with browser redirects via the atapi.sys file, but it has also been said to provide a temporary fix to this issue while you locate a clean version of this file.

Step 2

We need to check the HOSTS file and make sure it hasn't been tampered with.

You can either run a windows search for "hosts"

or

You can use Windows Explorer and goto c:\Windows\system\drivers\etc

Open the file using notepad

You should see something that looks like the image below:

Normal Windows hosts file

If your hosts file has text that is not the standard 127.0.0.1 localhost you may have Malware

To know for sure read Malware Removal Guide If your hosts file looks like the text shown in the image move to Step 3.

If you have more or different items remove those items and make sure that your hosts file includes:

127.0.0.1 localhost

After you have made the changes you may go ahead and save the file.


Step 3

Reset the Layered Service Provider

Sometimes the LSP or Winsock can be altered or damaged when a file sharing program is installed or possibly damaged by Malware.

To reset the LSP to its normal settings follow these steps:

  • If using Windows XP SP2 or higher goto Run then type cmd
  • When the DOS box comes up type netsh winsock reset

winsock reset

Another option is to download a free program called WinsockXPfix

This program has been around a long time and has a great reputation for fixing internet connectivity issues.




I sincerely hope this helps you now and in the future to regain the proper operation of your PC.

Stop-Malware Home

Top of Hijacked Browser Page

Learn to remove pesky fake anti-virus malware and download free anti-virus tools too!