Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I keep my browser from being hijacked?


Hi, Leo. I was leading our computer club’s “Internet & More” special interest group last night. One of our attendees wanted to share how to record audio to the hard drive from YouTube content. He used Audacity’s free program in the past and proceeded to show us how to find and download it. We were using Windows 7 and Firefox. We downloaded the program and started to try out some of the sound editing features. We wanted to search for a YouTube example and open up a new tab to Google. Google wasn’t there. search engine was there and we couldn’t get back to Google.

We tried IE10 on the same computer – no luck. When we downloaded the Audacity free program, there was no option to do a custom install and unselect the extras. The only reason we had any idea what Trovi was that another of our attendees recounted his recent experience of this happening after he installed an Adobe update. He had to take his laptop to the Microsoft store. They finally got it off his computer but it took them a couple of hours.

Many people in our club are older and likely would have to ask for assistance in getting rid of this monster. I prefer to educate them on prevention. They all have real-time anti-virus software and have learned to do malwarebytes scans. We teach our users to do image backups (thank you for hounding me until I did my first one). Other than restoring my computer to an earlier time, how can we protect ourselves?

What you’ve experienced is something that’s happening more and more these days. It’s actually kind of frightening, and it’s frustrating because a large part of it comes from what I would call otherwise reputable companies just trying to make an extra buck or two.

Become a Patron of Ask Leo! and go ad-free!

Where it comes from

I’ll start with the most common thing downloaded accidentally: malware in general.

I won’t say a lot about it since I think you’ve got that well in hand. Basically, it’s what I call the litany of internet safety: keep your security software running and up to date, be behind a firewall, don’t open email attachments that you’re not 100% certain of, and don’t believe everything you read.

What’s happening lately is that companies are offering additional software along with their own – meaning you might download and install program A only to find that after installing it, you also have toolbar B, and your search engine has been changed, and your browser doesn’t behave the same.

Notice that I said these companies are “offering” additional software. The offer is often hidden – sometimes very well hidden. And of course, the offer is set up such that unless you find it and say “no”, you’re effectively saying “yes”.

We call this ride-along software foistware, or PUPs – Potentially Unwanted Programs.

Preventing it

So here’s what you need to do every single time.

One, make absolutely sure that you’re getting the program from the correct place. That means avoiding download sites when possible.

Personally, I don’t believe Audacity itself is offering this foistware. I believe, perhaps, what happened was Audacity was downloaded from somewhere other than the official site. And some of these download sites will often wrap a download up with additional software that they then make some money from.

Heck No!Second, whenever you run a program’s setup program, never, ever, choose default options, even when they are so-called “recommended”. Just don’t.

Instead, always choose custom or advanced or whatever they call it that isn’t the default or the recommended path. Then carefully examine every choice.

Sometimes you’ll even have to scroll up and down within the dialog to see all the choices. I actually had that happen to me once. There was a dialog that looked like it didn’t have anything special on it, and then I noticed there was a scroll bar. Sure enough, when I scrolled down, I found that if I had just blindly clicked on “next”, I would have been accepting additional software that I didn’t want.

Always be watchful

Basically, keep an eye out for anything that looks like it’s offering software that is unrelated to whatever it is you’re downloading. When you see stuff like that, uncheck it. There’s a toolbar – uncheck it. Changing your search settings – uncheck them. Basically do everything you can to look for and opt out of the additional software that might be offered.

Now, this doesn’t apply only to free software. I also recently had the experience of purchasing a utility only to find out that it too was full of these so-called “recommended special offers”. (They’re not recommended and they’re certainly not special!)

So, the bottom line is exercise extreme caution and take your time installing anything, no matter where it comes from.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

12 comments on “How do I keep my browser from being hijacked?”

  1. An exception to the only download utilities from the official site rule is the Ninite Installer ( It installs Audacity and about 100 of the most popular freeware programs of your choice. The Ninite Installer specifically removes all PUPs and toolbars for you automatically upon installation. It’s also the fastest way to install those programs when you set up a new computer.

  2. CNET started doing this with its download site and caught me once. I don’t go back there again so these companies may think they are making a quick buck but they are really hurting themselves.

    Adobe is even worse. They have started adding junk to their patches! The last one Adobe wanted to install Chrome and make it my default browser. So, I guess Google is buying into sneaking software onto our computers as well.

    • Whenever I come across a site that installs malware (I equate foist ware with malware), I give that site a negative rating on WOT. If enough people do this WOT users will get a warning about it and the site will probably lose what thy gained with these Pernicious
      Unwanted Programs.

    • I share Ronny’s sentiments regarding CNet. I still use them, BUT, BUT with only a very large measure of caution. I can no longer enthusiastically recommend using CNet’s download site as a completely trustworthy source for shareware, freeware, or trial downloads as may of their installers now include unwanted add-ons that aren’t exactly easy to notice prior to installation.

      A CNet download is the way my system got infected by the SweetPacks adware infection. Technically, SweetPacks may not be a virus. However, it loaded an add-on for all of my installed browsers, changed my home pages, and all new browser tabs were opened by loading their own preferred search engine site. After spending several hours to get all that corrected, I thought all was okay. However, a couple of weeks later, a firewall notification alerted me to an unfamiliar outgoing Internet access attempt. Naturally, I researched this and eventually found that my Windows Registry contained a periodic attempt to contact SweetPacks’ “home base” to update itself or possibly further infect my system. In this particular case, my butt was saved by use of a firewall that also checked outgoing access attempts.

      Using the Internet is fraught with hassles, danger and more. Thanks to Leo, though, he makes things a whole lot safer. As always, thank you, Leo.

  3. What I find particularly annoying is that supposedly legitimate companies are including this *&^% in their installs and using confusing (shows that they know it isn’t wanted except by their accountants) choices.
    Java and Adobe should not be having anything to do with this but have. Good reason to look for alternatives.

  4. This is why I prefer Softpedia for my software needs. Their programs are free of malware and all that nastiness. Disclaimer: I have nothing to do with Softpedia. I just like their site.

  5. About 6 weeks ago, after getting PUP infections regularly, I decided to look at many download sites to see where they were coming from. I downloaded 5 programs from each of 7 sites then before opening them, scanned with MalwareBytes. Each of the 7 sites, except one, had PUP infections in one or more of the downloads this included Major Geeks Kip N! The site that had no PUPs in the downloads I selected was FileHippo. I will do this experiment again in a couple of weeks.

  6. Tool bars, search engine hijacks and home page changes are now more common than virus infections.Almost all are bundled with other software …cnet download site is NOT trustworthy anymore.
    Anti malware programs usually do NOT prevent this malevolent intrusion.
    Safest way is to use a sandbox protected browser and run any new program in a sandbox {google sandboxie which is free} until proven safe.
    If this is too technical, at least use Win Patrol which is also free and will advise when changes are being made to your computer.

  7. Downloaded a program from Cnet today and my home page changed and for some strange reason it deleted my profile picture on facebook and it added an unwanted system checker. On more downloads from Cnet for me.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.