One way to fix Internet Explorer hijackings is with a freeware utility called HijackThis. This utility scans the Windows registry and hard drive for Internet Explorer settings that have been modified. If modifications are found, each modification is listed, and you may then choose which modifications to keep and which to remove.

Once HijackThis is open, click the Scan button to start a new scan. Once the scan is complete, a list of modifications will be displayed.

When the scan is complete, you can select the suspicious entries and either click the Fix Checked button to remove them or click the Info On Selected Item button to learn more about each one—you will need to highlight each entry individually.

StartupList: Another handy HijackThis tool Integrated into HijackThis. StartupList generates a list of every application that starts automatically when Windows boots. This list is more in-depth than the one provided by Msconfig, but does not provide a Graphical User Interface (GUI) or a means to control whether programs start or not.

To run StartupList, click the Config button from the HijackThis main window. Then click the Misc Tools button. Click the Generate StartupList log button, then click Yes. The list is saved as a text file with the name startuplist.txt in the directory where HijackThis is located. HijackThis automatically opens the text file with Notepad.

Preventing reinfection

If all goes well, by now you have been able to reclaim your Web browser. If not, you may have to reinstall Windows. Simply reinstalling Internet Explorer or upgrading it to a newer version does not usually get rid of the problem. Once you do get Internet Explorer back under your control, there are several basic steps that you can take toward preventing this problem from occurring in the future.

If you are using an always-on connection, such as through a DSL or cable modem, use a good personal firewall. Use reputable anti-virus software and keep it current. Do not run, save, or download programs that you do not trust.

Regularly delete all temporary Internet files and cookies from your browser’s cache. It is possible that Internet Explorer cached the malicious code, so you will want to make certain that it is gone for good from your system. Make sure that you have all of the latest security patches in place, especially for Windows, Internet Explorer, and Outlook.

If you have altered the security settings in Internet Explorer, you should reset them to the Default Level. Open the Internet Options window and click the Security tab. Select the Internet icon and click Default Level. Also, make sure that the Enable Protected Mode options is selected.