When I startup my computer my
homepage switches to a site that I don't want. No matter what I do I can't
make this problem go away. What can I do?
Answer: Uh oh, your browser has been
hijacked. Someone out there has put a little program on your
computer that switches your homepage every time you either restart your
browser or your computer. Not nice.
The good news is there are ways to fix the
First here's the normal way of changing
your browser's homepage. At the top of Internet Explorer, click Tools then
Internet Options then change the Home page address and click ok. In Netscape
7, click Edit then Preferences and then change the homepage address in the
box that appears.
If you've been hijacked this won't work for
long, because the rogue programming on your computer will soon change it
back. So how did this happen?
Well from a programming perspective here's
The most common scheme used by homepage
hijackers is to put a reference to their site in your Startup folder or
Registry Run key, so that it runs every time the computer is started and
changes your settings. If you try to change any of these back, the
programming they put on your computer changes everything so you end up with
their site in your browser.
The only way to fix this is to find the
hijacking software and remove it.
"But I didn't download anything to allow this happen!" you might say. Well,
if you don't regularly update your browser or use Windows Update to install
security fixes, then you did. Several of these hijackers exploit an Internet
Explorer/Outlook Express bug that let's them secretly install a program
(called an ActiveX control) on your system just by viewing their Web page.
Hijackers exploiting this bug will insert one or several .hta files on your
hard drive which run when you start up Windows.
The easiest way to fix a problem like this
is to scan your computer for what's called spyware - programs like this that
have been secretly installed by concealed downloads or programs you
We've identified and
tested dozens of Spyware Removers and come up with a short list of
the best that will scan your PC for free (for non commercial use) and remove
all spyware / adware / malware in minutes.
We recommend the following
Spyware removal & defense tools:
Spybot Search & Destroy (Spyware Removal Tool)
(Spyware Removal Tool)
Spyware Blaster (Spyware Prevention Tool)
I have links to these and many
other security software programs, most of them free (for non-commercial use), on
this site, just click
All our office
computers have AVG Internet Security
installed with includes spyware protection and we are very happy with the
fix manually, search your
computer for *.hta files. Click Start and Search or Find and then Files or
Folders and type in *.hta. If you find them rename them so that they can't
be found. For example, change file.hta to file.hta1 or move the files to
another folder on your computer. Then switch your homepage back to one you
like. If your computer doesn't do weird things after this permanently delete
them. If it does, you might want to put them back one by one until you find
the offender and then delete it.
ensure that you have the Microsoft
patch which fixes the browser hole that allows the hijacker to work this
little piece of dark magic. Just click here,
go to Microsoft Patches and Critical Updates, and install any patches marked
"Critical". This step should be repeated periodically, at least monthly, to
ensure your operating system is fully protected against known exploits.
Some hijackers, like Gohip, install an
executable program (ending in .exe, something like hijack.exe) on your your
computer. Since .EXE programs can't be
automatically downloaded in the secure browsers (with all the latest
security fixes installed), you usually get this by downloading a program
from the web.
Hijackers sometimes mark these program as
"browser updates" or "browser enhancements" or some other trickery. The
hijacker typically offers you all kinds of incentives (freebies, special
deals and stuff like that) to install the evil program.
To remove Gohip, use this program:
http://www.pchell.com/support/gohip.shtml. Or to remove other spyware,
so its called, go to this page:
Finally, there's another hijacking method.
Some sites will find a way to put a shortcut in the Windows Startup folder
or Registry Run key that starts the Registry Editor (regedit), then tells it
to add the contents of a hidden file (e.g. C:\windows\temp\abcdefg.tmp) that
contains the necessary information to set the hijacker's homepage to the
Registry on every startup.
Learn more about spyware in our
If you have a question not dealt with