Years ago when we thought about computer viruses we regarded them as simply mean-spirited email scripts written and distributed by punk hackers that got picked on in school and lashed out at the world the only way they knew how. Today many of these hackers are wearing a shirt and tie to work and are writing even nastier scripts for companies that specialize in forced advertising. As if we don't have enough to worry about with all the phishing scams and identity thefts, now we have to be aware of a growing threat to our online security in the form of software retailers that infect their customers computers in order to force the purchase of their product as the only option for removing the infection. Kinda like slipping someone poison then selling him the antidote, or more accurately, a sci-fi version of what thugs and business owners used to call "protection".

Sometimes these infections are payloaded via the "free trial version" of a product, which is usually an anti-spyware program, or transmitted via a third party company that uses ad injector viruses and sells piggy-back time on these injectors as they backdoor their way into thousands of browsers 24 hours a day. The ad injectors are distributed in other "shareware" downloads like screensavers, warez, or porn, and can even install themselves on the users PC just by opening their web page.

Ironically, even if you give up and pay for the removal product, by then your computer is infected with a whole host of other viruses that the product cannot remove. WinAntiSpy is perhaps the most widespread of these predators. PLEASE take a minute to read these warnings about them HERE, and a much better explanation and detailed accessment HERE

Now, are these types of business practices illegal? Probably. It used to be you could get away with such things by burying usage stipulations far enough in the install EULAs that no one took the time to "read the fine print". Self downloaders and popups disguised as warning messages cross the line, though, and at best are deceptive business tactics. However, these days our various law enforcement agencies have bigger fish to fry. They are more worried about terrorists blowing up things and people smoking cigarettes in public, and not much in between. So the internet is more in a state of anarchy than at any previous time in its short but significant existence, and personally I am glad for the lack of intervention, because as our civil liberties diminish, freedom of information becomes even more important. Yahoo China is a good preview of things to come.

So....we need to fend for ourselves aginst the hackers, phishers, scammers, vandals and now also against the "browser mobsters" that seek to kidnap our hard earned bandwidth for their own greedy agendas. Throughout this website there is a lot of information pertaining to internet security. This page will focus on browser hijacking and the available removal tools I have stumbled upon and wish to consolidate and share. As always, feel free to email me with any questions or comments.            jw.

for a fascinating look at how these scams work, check out this 2-page article by Joe Stewart:
Rogue Antivirus Dissected

First of all, before tackling any infections make sure you have at the very least the following 3 applications. The first 2 are spyware removers from Lavasoft and Safer Networking Ltd, companies both worthy of a Nobel Prize as pioneers in antispyware software that provide their product free of charge with no strings attached. Even if you have a purchased product like SpySweeper or Xoft these are still a must-have:
  • AD-AWARE
  • SPYBOT


    The third application is a startup detection script by Merijn/TrendMicro that lists all Windows startup items and IE browser helper objects. This list can have a dozen to a hundred entries and be quite intimidating to analyze. These lists can be copy-pasted and posted to any number of forums like CastleCops or Annoyances.org where someone will be glad to read them for you, but I recommend learning how to read them yourself. Once you know what's supposed to be there and what isn't it really is not as difficult as it seems at first.
  • HIJACK THIS


    These links are to apps that I personally like. Whether they are more efficient than the above programs is a moot point because they all catch things that their counterparts don't, so running all of them is not necessarily redundant:
  • SUPER ANTISPYWARE
  • MALWAREBYTES
  • AVG ANTIVIRUS
  • AVIRA ANTIVIRUS


    The following are just a few viruses of the hundreds out there that are distributed by seemingly legitimate companies that in reality only want to hijack your browser. As always, it's best to clear out your cookies and cache files and turn off System Restore, which purges your restore points, but they will be infected anyway. These removal tools are not "magic fixes" and need to be followed up on with virus and spyware scanners and any clean up tools you may have. A decent free app to clean up the blood 'n guts from www.cleanup.stevengould.org can be downloaded HERE:

    Name: Zlob
    Description: Trojan-Downloader-Zlob is a common downloader that may download other threats onto your computer.
    Removal tool from www.gdata.pl: ZLOB REMOVER

    Name: Perfect Keylogger
    Description: Perfect Keylogger is a monitoring tool that records all visited web sites, keystrokes and mouse clicks.
    Removal instructions (if SPYBOT fails): PERFECT KEYLOGGER REMOVAL

    Name: HotBar
    Description: HotBar is a toolbar that comes in two versions: a free version that is adware-supported and displays pop-up advertisements and a paid version. The paid version does not include adware or display pop-up advertisements.
    Removal tool from www.emco.is: HOTBAR REMOVER

    Name: SmitFraud
    Description: Smitfraud is a Trojan / Spyware program that gains access to user's computers. Once the people behind Smitfraud have access to your machine it can be used for all sorts of purposes . The reinstallers for this program can be especially difficult to get rid of.
    Removal tool: SMITFRAUD REMOVER
    Another Removal tool: SMITFRAUD FIX

    Name: Look2Me
    Description: Look2Me is adware that serves pop-up advertisements. It has a guardian implementation to prevent detection and removal.
    Removal tool from www.f-secure.com: LOOK2ME REMOVER

    Name: SpyAxe
    Description: SpyAxe/SpywareStrike installer trojan. The trojan shows a security warning message from the system tray and repetitively installs SpyAxe or SpywareStrike.
    Removal tool from www.f-secure.com: SPYAXE REMOVER

    Name: Matcash
    Description: Trojan Downloader Matcash is a downloader created by MaxiFiles.com that may download other threats on your computer.
    It appears that SpySweeper is the only program that can remove this. Not sure if their trial version is fully functional, and it's $29.95 to buy. I could not find a removal tool or instructions: BUY SPYSWEEPER

    Name: Virtumonde or Vundo
    Description: Virtumonde displays advertisements on your computer. Can hide itself from HijackThis. Renaming HijackThis.exe to hjt.exe (or any other name) will fool its stealth capability.
    Removal tool from www.atribune.org: VUNDO REMOVER

    Name: ISTbar
    Description: ISTbar is a toolbar that may be used for searching pornographic web sites, which display pornographic pop-ups and hijack user homepages and Internet searches.
    Removal tool: ISTbar REMOVER

    Name: SurfSideKick
    Description: SurfSideKick displays pop-up advertisements on your computer. Used by DeluxeCommunications.
    Removal instructions (if SPYBOT fails): SIDEKICK REMOVAL

    Name: Virut (W32 / Virut)
    Description: "Virut" is a family of polymorphic memory-resident appending file infectors that have Entry Point Obscuring (EPO) capabilities. Viruses belonging to this family infect files with .EXE and .SCR extensions. All viruses belonging to the Virut family also contain an IRC-based backdoor that provides unauthorized access to infected computers.
    Removal tool: VIRUT REMOVAL (safe mode only)

    Name: Tanatos (BugBear variant)
    Description: Similar to Virut in that it rewrites exe files, can jump drives, and infect servers. VERY destructive.
    Removal tool: TANATOS REMOVAL TOOL

    Name: Sasser Worm
    Description: Sasser is an Internet worm spreading through the MS04-011 (LSASS) vulnerability causing system crashes and making the machine unbootable.
    Removal tool: SASSER REMOVAL TOOL

    Name: DirectRevenue-Abetterinternet
    Description: DirectRevenue-ABetterInternet, commonly known as VX2 or Transponder, is an adware program that displays pop-up advertisements on your computer.
    Removal tool from www.symantec.com: BINET REMOVER


    Tons more free specialized removal tools from Kaspersky Lab: KASPERSKY VIRUS TOOLS


    The following is a partial list of companies that use one or more of the above viruses to force the purchase of their product :

    1-Click Spy Clean
    #1 Spyware Killer
    Ad Armor
    ADS
    AdDriller
    Ad-Eliminator
    Advanced Spyware Remover
    Adware Deluxe
    Adware Delete
    Adware Bazooka
    Adware Cops
    Adware Hitman
    Adware Hunter
    Adware Nuker
    Adware Patrol
    Adware Pro
    Adware Punisher
    Adware Remover
    Adware Safe
    Adware Safety
    Adware Sheriff
    Adware Striker
    Adware Tools
    Adware X
    Adware X Eliminator
    A Guard Dog
    Alert Spy
    Alfa Cleaner
    Amaena
    AntiSpyware Soldier
    AntiSpyware Master
    AntiSpy Zone
    Anti Vermins
    AntiVirus Gold
    AntiVirus Pro
    AntiVirus Protector
    AntiVirus Solution
    ArmorWall
    AV System Care
    Awola
    Best Guard Platinum
    BPS
    Brave Sentry
    Clean X
    Cure PC Solution
    Cyber Defender
    DIARemover
    Elimiware
    Errorsafe
    Expert AntiVirus
    Fixer AntiSpyware
    Freeze AntiSpyware
    GreenAV
    Internet AntiSpy
    Internet Security 2010
    Internet Shield
    I-Spy Killer
    KillAllSpyware
    KillSpy
    Malware Alarm
    Malware Wiper
    MyNet Protector
    NeoSpace
    NoSpyX
    PAL Spyware Remover
    PC Health Plan
    Perfect Cleaner
    PestBot
    Pest Capture
    Pest Protector
    Pest Trap
    Pest Wiper
    Privacy Champion
    Privacy Defender
    Privacy Tools
    PSGuard
    PurityScan
    PuritySweep
    RazeSpyware
    Real Adware Remover Gold
    RegFreeze
    Scan Spyware
    Scumware-Remover
    Security i-Guard
    Secure MyPC
    SlimShield
    Smart Security
    SpyAssault
    SpyAxe
    SpyBan
    SpyBlast
    SpyBlocs
    Spy Cleaner
    Spy-Control
    Spy Crush
    Spy Dawn
    SpyDeleter
    Spy Falcon
    SpyFighter
    SpyFirewall
    SpyKiller
    Spy Killer Pro
    SpySheriff
    SpyShield
    Spy Soldier
    Spy Trooper
    SpyShredder
    SpySpotter
    Spyware Annihilator
    Spyware Assassin
    SpywareBeGone
    Spyware Bomber
    Spyware Cleaner
    Spyware C.O.P.
    Spyware Hound
    Spyware Killa
    Spyware Knight
    SpywareNo!
    Spyware Quake
    Spyware Slayer
    Spyware Stormer
    Spyware Strike
    Spyware Wizard
    SpyWiper
    StopGuard
    System Stable
    The SpyGuard
    Titan Shield
    Trust Cleaner
    U-Cleaner
    Ultimate Cleaner
    Virtual Bouncer
    Virus Blaster
    Virus Burst
    Virus Rescue
    Ware-Out
    WinAntiSpy
    WinAntiVirus
    WinAntiVirus Pro 2007
    WinHound
    World Antispy
    ZoneProtect AntiSpyware



    I will be adding more to this page as time permits and info becomes available.         jw.


    • USE YOUR BROWSER'S   BACK   BUTTON TO RETURN :