Yes, but you don’t know me either. Users with x1000’s posts always assume that someone who has just arrived on a forum is automatically a dummy.

Browser hijacks in general are caused by the user not paying attention when installing what appears to be a ‘free app’ of some kind or another. As I already illustrated in the screenshot I uploaded, users need to be aware of what they’re doing before clicking the “Next” button.

If a TDSS infection is suspected, it’s simple enough to check because that virus installs its own driver and that can be seen in Device Manager under “Non-Plug & Play Drivers” as TDSSserv.sys (unhide hidden devices first).

Not every browser hijack is due to a virus. The most common cause is simply the free app earning commission by redirecting the user to another search engine. Here’s a list of installers which do just that: http://malwarebulletin.com/2011/02/11/calendar-of-updates/installers-hall-of-shame-unwanted-add-on-via-calendar-of-updates/