How to Recover From a Browser Hijacking Attack
One day you boot up your computer and find that nothing is as you left it. Your search results don’t end up in Google, and your homepage is a site you’ve never heard of. Maybe it’s Privatesearches.org or a bunch of other scam search websites trying to get you to click on sponsored links (or worse). If this is happening to you, don’t worry, you are not alone. These are browser hijackers, a form of malware that should be taken seriously.
Browser hijackers usually get onto your computer from a malicious application or a fake browser extension. The Privatesearches.org hijacker, for example, infiltrates PCs as a fake Google Docs extension for Chrome. Once you install them on your computer and give the extension the necessary permission, the malware will continue to work and change the search engine, home page, start page, and more.
Here’s the good news: you can completely get rid of them and restore your browser to the way it should be.
Use Malwarebytes to scan and remove the capture tool
Our first task is to find exactly where the malware resides and remove it. The easiest way to do this is to use the free trial of Malwarebytes antivirus software, which can search and destroy browser hijackers. Install the free app, scan your computer and follow the instructions to remove the culprit from your device.
How to manually remove a browser hacking app
Sometimes Malwarebytes cannot identify malware; if this happens, you may need to dig in the good old fashioned way. To get started, take a look at the page your browser is redirecting you to, open Google in a new tab, find the page, and add “malware” to the end of the search.
You are sure to find Reddit posts about the hijacker and guides dedicated to explaining what the hijacking tool is and how to get rid of it. Continuing our Privatesearches.org example, we came across this guide from PCRISk , which explains what it is and gives detailed instructions on how to get rid of the app.
Once you know the name of the app and where it came from (the name of the app it was installed with will probably be different), you’re ready to go. Now follow the steps below to get rid of the malicious application.
In Windows, right-click the Start button, select Apps and Features . In the Settings window, find the app you want to uninstall. Once you find it, click on the three vertical dots and select Delete .
On a Mac, open the Finder app, navigate to the Applications folder, find the app, and drag it to the Trash icon. Then right-click on the Trash icon and select the Empty Trash option to get rid of the application completely. As an alternative, we suggest that you use an application such as AppCleaner to remove the hijacker application and all files associated with it (even if they are hidden in the Library folder).
Finally, don’t forget to reset your browser settings to default.
Now let’s take care of things on the browser side. You can start by removing the extension from your browser. In Chrome, press the Menu button and select More Tools > Extensions . Here, find the offender and click “Delete” . The steps will be the same for Chromium based browsers like Microsoft Edge and Brave.
For Firefox, go to Menu > Add-ons & Themes > Extensions . Find the extension, click on the three dots and select Uninstall .
If you’re using Safari, go to Settings > Extensions , select the extension, and click Remove .
After the extension is gone, we need to take care of the default search engine, home page, and the default page that opens when the browser is first launched. Again, given that you have encountered malware here, we suggest that you reset your browser settings to their default values, which will also reset the above settings.
In Chrome go to Menu > Settings > Reset and confirm with Reset .
In Microsoft Edge, select Menu > Settings > Reset Settings > Restore Settings to Default > Reset .
Firefox users can go to Menu > Help > Troubleshooting Information > Update Firefox > Update Firefox to restart the browser.
In Safari, you only need to clear your history and related data. Go to Safari > Clear History , select All History from the dropdown, then select Clear History .
Now that your browser has been reset, we suggest that you download extensions only after you have verified that they are from the correct source (for example, that the Google Docs extension is actually obtained from Google and that it has been verified).