Browser Hijack

enable silverlight in internet explorer

Comodo Hijack Cleaner is a lightweight scanner that identifies and eliminates all vulnerabilities in your internet browser. These vulnerabilities include malicious addons, hostile poisoning, fake search engine, unsafe home pages, and untrusted DNS provider.

This application guarantees:

  • All browser extensions can be used safely
  • A legitimate search engine is used by your browser
  • Your home page and your new blank page do not link to malware
  • Your host file is not contaminated
  • The browser you choose to open via your desktop shortcuts is the real one, not a fake one
  • A trusted DNS provider is used by your browser

CHC is a portable program that does not need to be installed. To clean your computer, simply open the executable.

To jump to the explanation, click the links below

  • Download the application
  • Run a scan
  • Remove identified dangers
  • Configure Comodo Hijack Cleaner

Download the application

  • Comodo Hijack Cleaner can be downloaded from https://download.comodo.com/chc/download/setups/chc.zip
  • Save the file by extracting it and saving it to your computer

Run a scan

  • Open chc.exe
  • Accept the End User License Agreement
  • Comodo can receive anonymous program usage statistics – Comodo gathers usage data to allow us to analyze how users interact with CHC. These real-world data allow us to make product improvements that reflect our users’ needs.
  • Because anonymization is used, your privacy is not compromised. If you do not wish to provide usage information to Comodo, this option can be disabled.
  • Click “I agree” to read the license agreement.
  • The main interface will be open:
  • Choose the areas that you wish to scan
  • Browsers — Scans the following items from Chrome, Firefox, Internet Explorer, and Comodo Dragon/Ice Dragon
  • Home page – This page will check if the page you have set as your homepage hosts malware or links to it.
  • New Tab – Searches malware on the page you’ve set as your new tab. CHC inspects all linked pages, if your tab displays thumbnails of a ‘favorite’ or’recently viewed’ site.
  • Extensions – This checks whether an extension that is enabled or disabled is malware or links to malware.
  • Search Engines – Checks for legitimacy of the default browser search engine. The default search engine is used for searching for search terms entered in the address bar. If you visit unsuitable websites, your default search engine could be changed without your consent. Illegitimate search engines could lead to dangerous websites that can host malware or compromise privacy.
  • DNS Setting – This checks that your Domain Name System provider (DNS provider) is trusted and that your host file doesn’t redirect to malicious websites.
Background Note:

  • Domain name servers convert domain names from your browser to machine-readable IP addresses. A DNS server is a telephone directory. A telephone directory “pairs” a phone number with a person’s name. A DNS server also pairs an IP address with a domain name.
  • If you ask for a connection to www.comodo.com your browser will first contact the DNS server to determine www.comodo.com’s IP address. Your browser will receive a reply from the DNS server with the correct IP address. In this example, it is 91.199.212.176. Although your browser will connect to 91.199.212.176 in real-time, it will show this connection as’www.comodo.com” in the browser address bar.
  • An attacker could change your DNS provider and send you to IP addresses that contain malicious content instead of the domain requested.

CHC scans your computer for the following DNS and internet settings:

  • DNS Provider Checks that your DNS server is listed on a legitimate DNS provider list. CHC can change your DNS server to Google’s public DNS servers if it isn’t recognized. For more information, see DNS Provider in Clean Threats.
  • Hosts file– CHC verifies that your local host file is not contaminated. This file can be modified by attackers to redirect you to dangerous websites.
  • The host file includes a list of host name and IP address pairs. This file informs internet browsers that a particular domain name is located at a certain IP address.
  • Web-developers often use the host file to point a domain at an internal IP address to test their code. Instead of calling a public DNS server, your browser will use information from the host file.
  • The web-dev may ask you to connect to an address of 192.168.0.0 by typing ‘example.com” into your browser. This is an example of the IP address that hosts the test content at example.com.
  • Your hosts file can be found at ‘c:/windows/system32/drivers/etc/hosts‘. Your host file does not need to contain additional IP/domain pairs if you are a home user. Any IP/domain pairings you see below the “#” content are worth looking into.
  • Browser Shortcuts CHC scans browser shortcuts to ensure they do not open an hacked or another application.
  • Click “SCAN NOW”

The application will download the latest domain whitelist/blacklist first and then start scanning the locations.

The results of the scanning will be displayed after they are complete.

Remove identified dangers

The scan results screen displays threats and allows you to:

  • Clear threats
  • False positives for exclusion
  • Submit false positives to Comodo to be included in the whitelist

Clear threats

  • Click the “Clean” button and select the item you wish to delete.

You can re-configure items you clean as follows:

Browser Home Page– Your home page is set to Google

New tab Malicious pages and links are removed

Extensions The extension(s), is not installed

Search Engine — Your search engine has been set to Google

DNS Provider Your DNS provider will now be set to Google DNS. This change must be approved by you. The confirmation dialog looks like this:

  • To change your DNS settings to Google DNS, click ‘Yes’ in a confirmation dialog
  • If you wish to manually reconfigure DNS settings, click ‘No.

Hosts file – All malicious host file entries have been removed.

Browser Shortcuts The Shortcut(s), will be reconfigured to point at the authentic browser.

False positives for exclusion

  • If you don’t want an item to be flagged in future scans, add it to exclusions.
  • Right-click the item in the results screen, and select ‘Exclude’

This item will be added as exclusion and removed from future scans. Exclusions can be managed from the screen ‘Settings. See ‘Configure Comodo Hijack Cleaner’ for more details.

Submit false positives to Comodo to be included in the whitelist

Comodo can test an item that has been identified as a threat if you are certain it is safe. The item will be added to the global white-list if it is confirmed false-positive.

  • Right-click the item in the results screen, and select ‘Report as False Negative’

The file will then be uploaded to Comodo Servers.

Configure Comodo Hijack Cleaner

The Settings screen lets you configure the update settings and manage exclusions.

To manage exclusions and configure CHC

  • Click “Settings” at the top of the interface
  • Automatically apply program upgrades – CHC will automatically check for and install any updates whenever you start the application.
  • You can deactivate this option to see an alert when a new version becomes available.
  • Comodo can receive anonymous program usage statistics – Comodo gathers usage data to allow us to analyze how users interact with CHC. These real-world data allow us to make product improvements that reflect our users’ needs. The anonymization of the data does not affect your privacy.
  • Exclusions – A list that you have given CHC to ignore in a scan.
  • If you don’t want the item to be skipped, select it and click “Remove Selected”.
  • If the item has not been white-listed, it will be identified in the next scan as a threat.
  • To make your settings take effect, click ‘OK’
Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.