Causes of Browser Hijackers
The root cause of a browser hijacker on Windows will likely be one of these:
Remove programs causing Browser Hijackers
Some example Browser Hijacker programs include:
Browser Hijackers are usually obtained by installing extensions within web browsers or as part of programs. A seemingly useful search toolbar, or an extension that helps with a web task can in some cases turn out to take unwarranted control of a web browser.
These aren't normally viruses or malware. Browser Hijackers are 'unwanted software' as their objective is to serve ads as opposed to be covert and do something malicious. The problem is, they usually arrive by tricking users into downloading something that seems legitimate - so we sometimes find that users have ignored Scanguard warnings, believing the program they are downloading to be okay. Sometimes, they simply go under the radar as the code they use is not malware or virus like in nature.
Within this article you will learn:
Here are some of the common signs that you have been effected by Browser Hijackers
If you feel that you have been effected by Browser Hijackers, please follow these steps to remove them.
The root cause of a browser hijacker on Windows will likely be one of these:
Some example Browser Hijacker programs include:
The root cause of a browser hijacker on macOS® will likely be one of these:
Some example Browser Hijacker program names include:
Next, it is important to search other locations on the Mac for Applications.
In the top right of the finder window, search for .app
Remove suspicious apps
Make sure you are viewing finder with regular icons as it makes suspicious apps easier to spot. See the screenshot below where a file called macautofixer.app is highlighted, the icon itself is the missing-image icon, this is a telltale sign this app is suspicious combined with its strange name.
Repeat the steps above for each of the folder locations below:
Systematically type in each of the 6 folder paths shown above, and check the files in these locations - the names should indicate if they relate to a legitimate application, or by double-clicking them, the wording in the file should suggest if it relates to a decent application or one which you've removed as part of the previous steps. Again, online search the names of these files to check the legitimacy of them. Any spurious Plist files in any of these locations can be dragged to the trash. Be sure to empty the trash after following these steps.
If it shows 'Managed by Organization' or similar and you aren't logged into a GSuite work account this may be the cause of the Hijacker and will also need to be resolved.
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName
Restart Chrome
After removing extensions, the best way forward is to reset your browser completely - but consider that saved passwords and bookmarks may disappear if you haven't created a sync account within your browser.
If not, clear cookies and cache.