Thursday, December 10, 2009

DellNet Hijack of my Computer... Resolved!

I recently purchased a Dell Inspiron Zino HD as a gift for my in-laws. Dell fulfilled the order quickly and my initial impressions of the AMD powered brick computer are very positive. It's quite a performer with a host of features all for a very modest price. I would recommend it for anyone with normal email, web browsing, word processing requirements. It's a robust PC in a small, convenient package.

My in-laws are relatively good at using computers, but set-up and configuration can pose confusing options for some people who are not entirely comfortable with information technology, so I took the time to get everything in order before presenting them with the gift. As expected, the Windows 7 Home Premium set-up went along smoothly and in a short time all of their desired software was installed and everything seemed to be in order.

The last thing I wanted to set-up was the default tabs on their web browser. My mother in-law uses Yahoo! Mail, and my father in-law uses MSN Mail, so I thought it would be nice to make and the default tabs when Internet Explorer ("IE") was opened. After making the changes under Internet Options, displayed as expected, but what was the deal with Whenever I entered into the address field, the URL ("Universal Record Locator") would automatically change to What the heck is DellNet?

DellNet was Dell Corporation's Internet Service Provider ("ISP") business. It was introduced in 1999 as a stand-alone ISP option. In 2000, they announced a partnership with the Microsoft Network ("MSN") to provide a customized version of MSN Explorer that included Internet access. It's not entirely clear if DellNet still exists as a service provided by Dell. The service seems to have been absorbed by MSN sometime in the early 2000s. But that is not what this story is about.

The issue here was 1) I did not install or initiate service with DellNet on this brand new installation of Windows 7, and 2) I did not want my attempts to use MSN to be hijacked by Dell. I was very disappointed that Dell would do this. It is nothing less than adware or spyware activity. Even when simply entering into the address field, Dell changed the URL to If I wanted to navigate to, I would have entered it into the address field!

So here's where the fun began. How could I fix this behavior to eliminate the DellNet intrusion? Changing the default pages via IE8's Internet Options had no effect and there were no rogue entries in the HOSTS file. I scoured the Internet looking for a solution. It seems as though there are a lot of bad user and tech support experiences with trying to uninstall the DellNet / MSN service from users' computers. I tried using some of their proposed solutions, such as removing the default registry entries for MSN6 and IE's home page and search service, but those efforts alone had no impact either.

Using Trend Micro's HijackThis seemed like an extreme measure, after all, this was a brand new computer; how could it be infected with adware or spyware already? However, I proceeded to install HijackThis and used it to identify a few additional registry entries that mentioned MSN that I had not found in my previous effort. Still no change... any attempt I made to browse to changed the address to include Dell or DellNet. How frustrating!

Then it dawned on me. On my first use of IE8 with the new Dell Zino, the browser had automatically navigated to This was likely because of a factory-set registry entry. Now I had since removed the registry entry, but the browser continued to use the same hijacked URL. Did the web site install a cookie to redirect the address?

To view the IE8 browser cookies, you use the Internet Options selection from the Tools menu. Then the General tab, Browsing History section, and Settings button. Once you are in the Temporary Internet Files and History Settings dialog, choose the View Files option. A File Explorer window will open where you can view all of the images, scripts and cookies saved by IE8.

I found two cookies had already been installed for, and I deleted them both. After a re-boot to make certain I was starting fresh, the problem was resolved. Visiting or did not revert the URL to or!

Why did this happen in the first place? What is Dell thinking? It's one thing to direct me to the manufacturer's web site on the initial load of the web browser, but hijacking the browser to constantly redirect the URL to their co-branded site is simply adware; it's wrong and not welcome by me.

It's important to note that this issue is only with IE and does not impact access to when using other browsers (i.e. Google Chrome, Firefox, or Safari tested to be okay). However, that does not make it a less serious matter.

So what is the solution to removing the hijack? Based on my experience, I believe that it has multiple steps:
  1. Remove all instances of the default browser homepage in the Windows registry with very careful use of HijackThis or manual editing with RegEdit (the Windows registry editor).
  2. Delete all Internet Explorer cookies associated with for all users.
  3. Add and to the Internet Explorer blocked sites under Privacy Settings to keep the cookies from being reinstalled should you happen to attempt to browse (or be redirected by a link) to one of those sites in the future.
If your computer has been hijacked by Dell, I hope that this information helps you access without being redirected to Dell's adware version of the MSN web site.