Applies to: Sophos Home Premium and Free (Mac/Windows)
What is a browser hijacker/redirector
Browser hijackers are usually installed by Potentially Unwanted Applications (PUAs); they can also be found inside legitimate applications/websites. They typically change the default homepage and search engine of your web browsers, making it difficult to change them back. They may also include unwanted pop-ups and advertisements to show up in the browsers.
Sophos Home will block applications categorized as PUA by Sophos Labs, as well as malicious websites. However, Sophos Home cannot revert changes that have been made to the system by said PUAs.
if you believe that an application was not detected and needs to be re-categorized, please submit a sample to Sophos Labs so that they can review it: Sophos - Submit a sample
What to do
- Uninstall strange/unknown programs from the computer
-
Reset affected web browsers
Resetting Chrome
- Change Site Permissions *This is needed when a URL is sending you popups, you can find them here and revoke permissions to stop them from popping messages.
Note for macOS: The steps to reset browser and homepage may need to be performed in Safe Mode or using the Terminal if unable to perform the above listed.
Removal via Terminal (Advanced - use if all else fails)
- Ensure Google Chrome is closed.
- Open Terminal, enter each one of these commands in Terminal:
defaults write com.google.Chrome HomepageIsNewTabPage -bool false
defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
defaults delete com.google.Chrome DefaultSearchProviderSearchURL
defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
defaults delete com.google.Chrome DefaultSearchProviderName - Restart the computer and retest.
Resetting Firefox
- Refresh Firefox - reset add-ons and settings
- Revoke websites push permissions*This is needed when a URL is sending you popups, you can find them here and revoke permissions to stop them from popping messages.
- Reset Firefox preferences to troubleshoot and fix problems
Resetting Edge
- What to do if Microsoft Edge isn't working (See section "Clear all browsing data")
- Manage website notifications in Microsoft Edge *This is needed when a URL is sending you popups, you can find them here and revoke permissions to stop them from popping messages.
Resetting Safari
- Clear Safari's browsing history
- Customize website notifications in Safari on Mac This is needed when a URL is sending you popups, you can find them here and revoke permissions to stop them from popping messages.
- Change Safari's homepage
- Turn off Safari extensions
- Review accounts linked to the browser (such as Google accounts) that may be syncing unwanted changes, to avoid reverting changes
-
Remove startup applications
macOS
- Unwanted startup applications can be found under:
- /Users/<REPLACEWITHYOURUSERNAME>/Library/LaunchAgents/
- /Library/LaunchAgents/
- /Library/LaunchDaemons/
- Once located, remove the unwanted apps to stop them from making changes to your mac
Windows 8, 10, and 11
- Windows 8, 10, and 11:
- Open Task Manager
- Click to the Startup tab
- Disable any unwanted applications from starting up
Windows 7
- Windows 7:
- Press Windows+R
- Type "msconfig" and hit enter
- Click to the Startup tab
- After having removed all the related files and applications, and having reset the web-browsers, we recommend to run a FULL system scan with Sophos Home to ensure no threats are found.
-
Additional Steps - macOS Only
Please see Apple recommended steps to handle hijackers.
Some hijackers may install unwanted Device Profiles:
- On your Mac, choose Apple menu > System Preferences, then click Profiles.
- If you haven’t installed any configuration profiles, Profiles preferences isn’t available.
- Select a profile in the Profiles list, then click the Remove button -.
An online search for the hijacker name will help you find additional steps for each one.
There is a third party tool called Knock-Knock that may help finding traces of the above mentioned. Here's the support video regarding how to download and use it: https://www.youtube.com/watch?v=8hZPfuY4PaE&feature=youtu.be
Related information