The Case of the Hijacked Internet Explorer (IE) Default Browser Message

I recently had a case of a hijacked Default Browser message (the one that asks you to set the browser as default) in Internet Explorer (IE) 11 on a Windows 8.1 machine. Now that is not to say that it cannot happen to other versions of Windows, Internet Explorer or even other browsers, but this fix will clear the Internet Explorer issue.

With many of these things, the cause of this is malware, and the user doing or rather installing or running something they shouldn’t be (what they wanted the software for was perfectly OK, its just they got stung by the malware).

Anyway the issue presented like this;

The Hijacked page, remember do not click on any links
The Hijacked page, remember do not click on any links

IMPORTANT NOTE: Now first things first. DO NOT click on any of the links in the page. It is also important to note that even if Internet Explorer is the default browser, or you have told it not to bother you, it will still appear.

Now the first step in this is understanding what has happened, which in this case is that the iframe.dll file has be hijacked, either through modification or replacement (which indicates that the program would have had to have gone through UAC and the user OK’ing the change), specifically it seems that the page is being redirected, but I cannot confirm this as it was more important to fix the issue than it was to find out the technical reasons why

None the less the first step is to run a malware cleaner, specifically I use Malwarebytes, and I did a cleanup of the system with CCleaner for good measure, but it is important to note that this is just to clean up other things that the malware may have left behind, it is not to fix this problem.

As this problem resides in what is a reasonably well protected file, the best way to fix the issue is with Microsoft’s built-in System File Checker (SFC) tool.

It is actually rather simple to fix this error;

Open a Command Prompt window as Administrator

Open an Administrative Command Prompt
Open an Administrative Command Prompt

Once you are in the command prompt type;

sfc /scannow

Type sfc /scannow
Type sfc /scannow

This tool will now run and verify the files Microsoft has put into the system to validate they are the correct files, if they are not and have been replaced or otherwise modified, it will replace them with the original file. This process may take some time depending on the hardware you are running it on

SFC Running - This may take a while
SFC Running – This may take a while

Once complete, you need to restart the PC, and the SFC tool tells you as much

SFC has completed it task, now it wants you to reboot your PC
SFC has completed it task, now it wants you to reboot your PC

Restart your PC and the offending window will now be replaced with the default Microsoft one. Now how I said before it seems to override/overwrite the setting telling Internet Explorer not to display the defaultbrowser.htm tab (either because it is default, or you have told it not to check). This continues on here, because that setting was tampered with by the malware it will display the default browser page, to clear this you either simply need to tell it to not display it, or go through the set as default process.



Internet Explorer Cannot Download a File on Server 2012 R2

So you have just set up a new Server 2012 (R2) server, and gone to download that fine you need for the next step, only to be shown a nasty message stating that you cannot do that, as file downloads have been disabled.


Well the good thing to know is that its an easy fix, simply open up “Internet Options” go to the “Security” tab, select the “Internet” zone and Select the “Custom level…” button


This opens up a “Security Settings – Internet Zone” window. In the main section of the windows scroll down to where it says “Downloads”, and the the subsection of “File download” (as of this writing the setting is just above half way down the options list) and simply change it from “Disableto “Enable”. Click ok and drop back to the main screen and retry that download again


If you get a warning, as shown below, simply OK it and continue on


Have fun


Internet Explorer & Other Multi-Tab Group Policy Settings

So visiting a client today and I noticed that the group policy settings for Internet Explorer were not applying correctly, some settings were aplying, some not. After looking at the settings and the RSoP, I decided to take a look at the XML generated for the GPO, and that’s when I saw it… disabled=1, hello. Now the question is where did it come from, I know the GPO is working in other respects, and checking the XML confirms this, so I re-generate the settings, 5 minutes work but still no resolution, its still stating that it is disabled.

What is a IT professional to do, woe is me… Looking further into the situation I came across something I had long forgotten, and filed under “I will never need that”. What was happening or rather not happening was  I was not enabling the fields, specifically in a multi-tabbed setting you will see a red dashed line or a red “No” symbol (the same red border and line that you see everywhere something is prohibited, no smoking sign for example). As shown below

stopped symbol   Dashed Line

To enable the settings you need to hit one or more keys depending on how you want to do it, these keys are as outlined below

F5 – Enable all items on the Page/Tab
F6 – Enable Currently Selected item on Page/Tab
F7 – Disable Currently Selected item on Page/Tab
F8 – Disable all items on the Page/Tab

Once you have enabled the items you will get either a solid green line or a green OK symbol as shown below

green line  go symbol

 Once this was done, I simply forced an update of group policy, and viola, everything worked as it should once more

Moral of this story, its the things you think you don’t need, that ultimately you will need

%d bloggers like this: