A Menagerie of Outspoken Opinions on Science, World Politics, and Geek Culture

Friday, June 18, 2004

Marshall Sandor vs. The Cool Web Search Gang

I hate advertising. I mean I loathe it. I keep 12 radio stations preset in my truck so that I can switch the very instant any of them go to commercial. I’ll listen to the Wham! marathon being played by the local 80’s station before I’ll listen to ads about cellular phone service or the big car sale going on this weekend over at Fast Eddie’s Lemon Yard. I’m the same way with TV; the few shows I watch I try to Tivo so I can fast forward through the commercials. If I must watch something live I try to find a couple other stations showing something interesting enough to flip over to during breaks. With the exception of a couple "Snickers" commercials, I’ve never met an ad I didn’t hate.

So you can imagine how annoying, how infuriating, how murder-spree inducingly enraging I find homepage highjackers. I mean it forces you to view advertising every time you open your web browser! Grrrargh! When I get one – and I have taken great pains to see that I don’t – my aura goes black as midnight in a coal mine. The dogs slink out of the study and my roommates hide all of our sharp gardening tools. My computer, sensing immanent mortal peril, suddenly starts running smoother than it did on the day I bought it and decides that this might not be the best time to ask if I’d like to download the newest MSN Messenger update. Its high noon in PC Gulch and Marshall Sandor is gunning for the Cool Web Search Gang.

And today I’m going to deputize you loyal readers so that you too can blow those no-good, yellow-bellied homepage rustlers right out of their boots if they ever ride into your town.

First of all, what exactly is a homepage highjacker? Well, those of you who’ve had or have one know exactly what they do even if you don’t know how they do it. One day you’re innocently surfing the web and Zap! – you hit a page that starts opening pop-ups like mad and redirecting your browser to web sites that would make Larry Flint blush with shame. This most often occurs in the web’s red-light district (sites about gambling, porn, or DNC investments in Air America) but it can really happen anywhere; just because someone gets highjacked it doesn’t necessarily mean they’ve been losing the rent money on internet poker or ogling virtual boobies while their roommates are out walking the dogs. Anyway, after you close all of the pop-ups and return your browser to the civilized internet you suddenly discover that your home page is no longer your home page. It is now something like Cool Web Search, Home Search, or even a web site that could potentially land you in divorce court.

At this point bright computer users will go to Tools - Internet Options and delete their cookies, temporary internet files, and history, and then click Use Default. This might work and is the first thing you should try. But more often than not you’ll find that your default page has been reset to the highjacker page, and worse yet will always reset itself to the highjacker page when you reboot. As I said: Grrrargh!

What has happened is that a program has inserted hooks into your registry that automatically call up functions on reboot (or sometimes when you start certain software) which, in turn, reset your homepage. So you can delete all of the cookies and empty your temporary files all you like; setting your homepage back to where you want it will only last until the next time you reboot (at best – the newer highjackers set the default back to their own page every time you open your browser).

Good gracious, Marshall Sandor, what shall we do?

Well, fine townspeople, what you’re going to do is load up a six shooter with the ammunition listed below and then blast those highjacking varmints right to internet hell:

Chamber One: I’ve already loaded it for you. Go to Tools - Internet Options. Delete your cookies, temporary internet files (all offline content), and history. Click Use Default. If you have a wimpy highjacker, this first shot might do him in.

Chamber Two: Spyware Blaster (SB). Go here and download it – it’s free. It’s very simple to use but you might want to read some of the Help File anyway. When you feel you have a handle on how to run it, do so but check for updates first. I cannot stress this enough; check for and download the updates before running SB. New spyware is being created all the time and it does you no good to hunt only for the old stuff. When you run SB it will search for (and, with your permission, destroy) all sorts of nasty crap you’ve probably picked up on the internet. Most people are amazed at the amount of spyware on their system the first time they do this. Afterwards, click Immunize to prevent all of it from coming back. SB might get rid of tougher hijackers, but I recommend that you put another round into that bastard anyway:

Chamber Three: Ad Aware (AA). AA is similar to SB in form and function. Download it, get comfortable with the controls (once again, they’re relatively straightforward), get the latest update, and run it. In conjunction with SB, AA can solve most spyware / adware / homepage highjacker problems.

Even if you don’t have a highjacker it’s still a good idea to run SB and AA every once in awhile. Spyware and adware are diseases you should keep your system free of; no one needs to know about your internet habits but you, and anyone trying to sneak a peak is violating your privacy.

Chamber Four: He’s still a-comin’, huh? Some of these banditos are fairly resilient. If the Spyware Blaster / Ad Aware combination doesn’t solve your problem, you’ve got a highjacker with its hooks in your registry. One possible solution is CW Shredder. Shredder was specifically designed to handle the Cool Web Search highjackers and is pretty powerful stuff; chamber four is loaded with a Teflon-coated man-stopper. Download and use it like you used Spyware Blaster and Ad Aware ... it’s even easier to run than they are. About 90% of highjackers can’t survive SB, AA, and Shredder.

Chamber Five: Jeez, where the hell have you been web surfing? Really? Me too! I had no idea people could do such things with a live weasel and six feet of garden hose.

You’ve got one tough hombre` here, partner. I’ll give you the fifth bullet, but it comes with a warning: This one has a flaming magnesium casing, spews red-hot rocket exhaust, and releases a troop of poisonous monkeys when you fire it. You can very easily hurt yourself as badly as the highjacker by using it, so be careful. Comprende`?

Hijack This will scan your registry and display any out-of-place objects it finds hiding there. You can select and delete them as you like, but some are almost certainly things that you want – even things you purposely customized your browser with. Unless you are familiar with poking around in this part of your computer I highly recommend you follow the advice that Highjack This gives you: Instead of deleting anything, just create a log file of the registry values HT finds and show it to someone who knows what they’re doing. If you don’t have a buddy who’s big into IT you can lurk around the HT web page and try to get one of their big brains to help you out. Do not just randomly delete things; you’re likely to make things worse instead of better.

Chamber Six: I don’t have a bullet for chamber six, but someone else might. I can’t imagine what kind of highjacker could get past a Hijack This scan-and-delete done by a knowledgeable user, but web bandits can be creative. If your problem can’t be solved by anything I’ve outlined here, you need to write down the exact page title you’re being highjacked to (and as much other information as you can get) and do a Google search on it. Chances are excellent that someone, somewhere is working on or has found a solution. Don’t give up just because your highjacker turned out to be some kind of freakishly strong werewolf version of the breed; the silver bullet you need to waste him is out there, or will be. Keep looking.

The Stove Lid Under Your Poncho: There is a fairly simple, straightforward defense against homepage highjackers and other spyware. No, it isn’t "stay out of the web’s red-light district"; Marshall Sandor ambles over to the saloon - or to Miss Kitty’s Cat House, for that matter – whenever it suits him, highjacking homepage rustlers be damned. Limiting your movement to the safe, boring, vanilla parts of the ‘net is no guarantee anyway … I know people who’ve gotten highjacked looking at china patterns.

What you can do is stop your system from running Active X controls without your okay. Highjackers almost always need Active X controls to run in order to download their hooks into your system, so if you stop those controls you stop the download. If you go to Tools - Internet Options - Security tab - Custom Level and scroll down a bit you should see an option marked Run Active X Controls and Plug-Ins. I’ve switched mine from Yes to Prompt. Now my system asks me if I want to allow such controls to run anytime a web page tries to run them. If I am anywhere I don’t completely trust the content I click No. No Active X control, no highjacking. It does get a little annoying having to click Yes or No on half the web pages you visit, but I despise spyware enough to do it. It’s a minor hassle that you get used to, trust me.

So, there you have it – Marshall Sandor’s guide to wrangling those lily-livered homepage highjackers. Now go load up your peacemaker and clean up your town. I have a sunset to ride off into.