Debian Browser Hijack Fix

TL;DR

Your web browser on Debian has been hijacked? This guide helps you remove unwanted changes and get your browser back to normal. We’ll cover checking extensions, resetting settings, scanning for malware, and ensuring your system is up-to-date.

Steps to Fix a Hijacked Browser

1. Identify the Affected Browser: Which browser (Chrome, Firefox, Edge, etc.) is showing unwanted behaviour? Knowing this helps tailor the fix.
2. Check for Unwanted Extensions/Add-ons: Many hijackers install themselves as extensions.
   • Chrome: Type chrome://extensions in the address bar and press Enter. Disable or remove any suspicious extensions you don’t recognise.
   • Firefox: Type about:addons in the address bar and press Enter. Go to ‘Extensions’, disable or remove anything unfamiliar.
   • Edge: Type edge://extensions in the address bar and press Enter. Disable or remove suspicious extensions.
3. Reset Browser Settings: This reverts your browser to its default state.
   • Chrome: Go to chrome://settings/reset and click ‘Restore settings to their original defaults’.
   • Firefox: Type about:support in the address bar. Click ‘Refresh Firefox…’. This will create a new profile, so back up important data first (bookmarks etc.).
   • Edge: Go to edge://settings/resetProfileSettings and click ‘Restore settings to their original defaults’.
4. Scan for Malware with ClamAV: A malware scan can detect and remove hijackers.
   • Install ClamAV: Open a terminal and run sudo apt update followed by sudo apt install clamav clamav-daemon.
   • Update Virus Definitions: Run sudo freshclam to get the latest virus definitions.
   • Scan Your Home Directory: Run clamscan -r /home/$USER (replace $USER with your username if needed). This will scan all files in your home directory.
5. Check for Suspicious Startup Programs: Hijackers can run automatically at startup.
   • Open a terminal and type systemd-analyze blame to see a list of services sorted by startup time. Look for anything unusual.
   • If you find something suspicious, investigate further using commands like ps aux | grep <program_name> to understand what it does. Be careful before stopping or removing any service!
6. Examine Your Hosts File: Some hijackers modify the hosts file to redirect you to malicious websites.
   • Open a terminal and use sudo nano /etc/hosts.
   • Look for any entries that aren’t standard localhost (127.0.0.1) or network comments. Remove any suspicious lines. Save the file (Ctrl+X, Y, Enter).
7. Update Your System: Keeping your system updated patches security vulnerabilities.

   sudo apt update && sudo apt upgrade

8. Consider a Different DNS Server: Using a public DNS server like Cloudflare (1.1.1.1) or Google Public DNS (8.8.8.8 and 8.8.4.4) can prevent redirection.
   • Edit your network settings to use these DNS servers. The method varies depending on your desktop environment (GNOME, KDE, XFCE etc.).

If the problem persists after following these steps, consider reinstalling your browser or seeking help from a cyber security professional.