none
My MSIE has been hijacked ! How can I control the default search engine? RRS feed

  • Question

  • Hello

    Something has (without my permission) changed all my home pages to this URL:

     

    http://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_19&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FzyzzyE0B0B0EtD0FtCtN0D0Tzu0StCtBtBtAtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCzz0DyCyCzy0DtGtD0BtAzztGzz0EyCtAtG0DyCtB0FtGyB0AtByEtCyEtD0B0F0A0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0E0DtA0CtA0C0DtGyBtDtByBtGyEtBtBzztGzzyB0AzztGyBtBtCzy0DyEtAzytCzz0C0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByEzz%26cr%3D1021354084%26a%3Dwncy_frg01_15_19%26os%3DWindows%208.1U g

     

    I have managed to manually change them back to my own home page. BUT in MSIE (v11 on Win8.1) it has changed to default search engine to something similar: For example if I enter "test" (without quotes) into the URL field, it comes back with this URL on Yahoo.com:

     

    http://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_19&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FzyzzyE0B0B0EtD0FtCtN0D0Tzu0StCtBtBtAtN1L2XzutAtFtCtDtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCzz0DyCyCzy0DtGtD0BtAzztGzz0EyCtAtG0DyCtB0FtGyB0AtByEtCyEtD0B0F0A0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0E0DtA0CtA0C0DtGyBtDtByBtGyEtBtBzztGzzyB0AzztGyBtBtCzy0DyEtAzytCzz0C0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyByEzz%26cr%3D1021354084%26a%3Dwncy_frg01_15_19%26os%3DWindows 8.1&p=test&conversationid=

     

    My questions are

    A) How (the heck) can I change the default URL back to www.google.co.uk ?

    B) Is there any way by looking at these URLs that we can work out who the Evil organisation is that attacked/hijacked my MSIE's search engine and home page?

    Many thanks

    J






    • Edited by ship691 Saturday, May 9, 2015 1:17 PM
    Friday, May 8, 2015 7:42 PM

Answers

  • Hi,

    To find the culprit of your problem, you can try to use anti-virus software scan your system, generally speaking, it could find the malware or virus.

    On the other hand, you can check Installed programs in Control Panel if there is any unknown software was installed recently.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 11, 2015 9:11 AM
    Moderator

All replies

  • I found a way in the end. But I would still like to know what application/website modified all my browers. Extremely disconcerting.  Is there any way to tell from the URL it used?

    Sunday, May 10, 2015 9:30 PM
  • Hi,

    To find the culprit of your problem, you can try to use anti-virus software scan your system, generally speaking, it could find the malware or virus.

    On the other hand, you can check Installed programs in Control Panel if there is any unknown software was installed recently.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 11, 2015 9:11 AM
    Moderator
  • I have the same issue and every browser company seems stupid as to how it happened.  I didn't install any new software and know to watch out for the Yahoo add ons.  Yet between this morning and this evening I had a new search engine.

    Mine was a little different.  http://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_22&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BtDzztA0F0EyCyBtAtBzyzy0FyEyD0DtN0D0Tzu0StCtByEtCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0F0EtBzztB0ByBtG0DzytC0
    DtG0F0B0EzytG0C0D0FzytGyDyD0D0B0EyCyE0CyD0C0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyCtA0Ezyzzzz0EtG0Fzz0B0EtGyEtB0F0DtG0BtB0AtDtGtAzytB0B0D0F0FtDtCzz0EyC2Qt
    N0A0LzuyE%26cr%3D543901544%26a%3Dwncy_frg01_15_22%26os%3DWindows%207%20Professional

    My question is how did you get rid of it.  I went into my regedit and in the key HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ADF09BAC-8958-F714-E4C0-D2FCC0A82E64} I found the "wncy_frg" and deleted that entry.  I don't know if it was the right thing to do but I couldn't find any other way.  I have Win7 pro with microsoft security essentials installed and ran that and a couple of malware programs in safe mode with no results.

    I noticed the mods from MS had no answers, but then I guess that is not a big surprise.  They really don't seem to want to be bothered.

    Saturday, June 6, 2015 5:48 AM