Site hosted by Build your free website today!

Home Page Hijacking

You will occasionally come across a site that pops up a window and asks you if you want to make that site your home page. This means that site will be automatically loaded each time you start your browser, as well as every time you open a new window. That method at least is open about what it is about to do if you click 'Yes'.

A tactic used by the lowest of the truly desperate of webmaster spammers is to obscure the question "Do you want to make this your home page?" in the dialog box with paragraphs of legalese-style text to the effect of "Adult content. Are you over 18?", to which most people obviously will click 'Yes' or 'OK'. Only later do they realize they have just had their browser's home page changed to a spammer's page, which usually earns the dick a penny for redirects or exit traps for every new browser window you open. The spammers also take advantage of the fact that some surfers aren't aware of how to change it back and so just leave it set to the spammer's page. Should you find your home page hijacked, and aren't sure how to change it back, follow this procedure (for Microsoft Internet Explorer):

1/ Click Tools -> Internet Options  (see 'Update 2' below if you get a warning which prevents access to these options)

2/ If you just want a blank page (my preferred option) click Use Blank

3/ If you prefer a particular website to load whenever you open a browser window then first go to that site, then follow step 1 again and click
Use Current

4/ Click

Some webmaster spammers also use the '"Are you over 18?" method described above to secretly insert their page into your favorites list. Disabling Java scripting will prevent both these tricks. See the section 'A simple way to protect yourself' at the main menu for details on how to do this.


Update 1

A far more sinister method

If you use versions 4.0 to 5.5 of Internet Explorer you are vulnerable to a devious method, discovered and published by George Guninski, of having your home (start) and search pages hijacked, as well the possibility of having any number of junk bookmarks added to your Favorites list. Depending on your security settings, this can happen entirely without your permission and without any prior warning.

If you have both Javascript and ActiveX enabled, the malicious website can cause your browser to load a Java applet which, by accessing an ActiveX control, modifies your home/search page settings
directly  in the registry. This means even if you change them back to their previous settings through Explorer, the spammer's settings will be restored when you reboot or restart.

Disabling Javascript and ActiveX will prevent this particular scam.

If you find your home/search page preferences changed each time you reboot, then you are likely to have had your registry hacked by this method. To undo the rogue website's actions, follow this procedure:

Note - follow this procedure very carefully, as editing the wrong settings can cause problems!

1/ Click
Start -> Run

2/ Type in c:\windows\regedit (assuming your Windows is installed in C: drive) and click OK

3/ Click Edit -> Find

4/ Type in the name of the website that has hijacked your settings e.g. or and click OK. A "Searching Registry" dialog box should appear.

5/ Double-click an entry that contains the website name you entered if it appears at the right-hand side of one of these names:

Start Page
Search Page
Search Bar
Search URL

6/ In the Value Data field of the Edit String dialog box, type the name of the website you prefer for search or home pages (or simply leave blank and change later through Explorer)

7/ Repeat steps 5 to 6 as necessary.

8/ Click OK and exit Regedit. Go back to Explorer and check that the new settings have been accepted and are correct.

Update 2

If you receive the message

This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator.

when you select 'Internet Options', then start Regedit, in the manner described above, and search for

hkey_current_user/software/policies/microsoft/internet explorer/restrictions

Once found, delete a value called 'NoBrowserOptions'.

Related links

Microsoft patch: