Counterattack for browser hijacking

You’re surfing the web for info (nothing naughty) and get stuck in one of those BS ‘hijack’ pages. The kind that tells you “ERROR!!, call US to avoid data loss”, blah blah – it’s a scam. You can’t close the ****er. Or can you?

Yes you can.

1. First take note of the domain that the bad page is loading, it’s the first part of the address.  So ‘www.badguys.com/scams/adpages/something‘, the domain is www.badguys.com.
2. Click Start, Run and then enter – c:\Windows\System32\drivers\etc\ and press ENTER.
3. Once you do, a Windows Explorer window will appear and list the files of that folder.  Among them is “hosts”.
4. Click on “hosts” and choose notepad (or your favorite text editor, like notepad++)

You should see something like this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost

5. Go to the bottom and add the following, changing ‘nameof.domain.com’ to whatever domain you took note of back at the beginning of this process.

0.0.0.0 nameof.domain.com

6. Save the file and try to escape that #^$&* page again.

This time, your OS will redirect the page request to 0.0.0.0 – a dead-end loop.  The browser window will be blank and their malicious code WON’T be loaded so now you can close the window.

Of course there are many different types of these hijackings.  The ones where you think you are visiting an innocent site and suddenly there’s a new window or tab telling you how there’s some fatal error that only “they” can save you from may not be that webmasters fault.  Though you might want to politely let them know it’s happening – maybe they’ll sever ties with that advertising service for serving such filth.

On the other hand true MALWARE installed on your own system may be to blame as well – for which there are many tutorials out there on the web.  Malware Bytes works well, as to others – tho step with caution as some of those “helpful” programs will simply add more malware to your system.

It’s a dangerous world out there kids, DON’T PANIC and Surf On!

Further Reading – http://www.acma.gov.au/Citizen/Stay-protected/My-online-world/Staying-safe-online/anatomy-of-a-scam-i-acma