- Hijacks homepage
- Changes default search engine
Browser hijackers such as Funnysiting.com are among the most commonly encountered infections. We do not consider them as extremely malicious. However, the mere fact that they modify your browser’s settings without your permission and get on your computer without your authorization is enough to label them as malicious. Therefore, it is necessary to remove this and other hijackers that masquerade as legitimate search engines. Truth be told, Funnysiting.com is a new type of browser hijacker from the infamous Elex browser hijacker family. To find out more about it, please read this short description.
Funnysiting.com is a type of browser hijacker that comes bundled with suspicious software bundles. At the time of our research we did not have all of the information about it, so we assume that the installers it comes bundled with allow you to deselect its installation. However, the sample that we have tested was configured to inject this hijacker directly into the web browser. Hence, it does not come with a dedicated browser extension. Testing has shown that this hijacker can affect Mozilla Firefox and Google Chrome. Therefore, it has the potential to infect many computers, but it all comes down to how popular are the bundles and websites they are featured on.
As mentioned in the introduction, Funnysiting.com is part of the Elex browser hijacker family. On that note, we want to inform you that this family also includes the likes of Eversearches.com, Funcionapage.com, Amisites.com, and many others. However, this new hijacker is different in the way it hijacks the browser settings and how it prevents you from changing them. So, not only does it enter your computer without your authorization but also prevents you from rolling back the changes it has made.
Our research has revealed the changes that this hijacker is set to make. Testing has shown that the installers that inject it into the browsers have been configured to modify the homepage address only. Therefore, it will not change the search provider settings and the new tab page address. It sets the homepage address to Funnysiting.com, but all of the entered search queries are redirected to Google.com. However, it appears that this hijacker does not modify Google’s search results to include promotional links, so it is safe in that regard.
Now let us talk about why it is difficult to get rid of Funnysiting.com. When this hijacker infects your computer, it will create batch files in for the installed browsers in the C:\ProgramData folder (the folder is hidden.) In the case of Chrome, it will it will create the C:\ProgramData\Google Chrome.lnk.bat file and if you have Firefox installed it will create C:\ProgramData\Mozilla Firefox.lnk.bat. Furthermore, it will replace the browser shortcuts on your desktop to point at these batch files. The batch files will then open the browser which will load this hijacker's URL.
To get rid of this hijacker, you have to delete the batch and Ink files and delete the modified browser shortcuts found on the desktop. Then, your browser’s homepage will be reset to its default address, but you might have to reenter the URL if the address remains Funnysiting.com. Feel free for the manual removal guide, but if you experience issues, then try using an antimalware application. Even though this hijacker does not show malicious search results, it is a good idea to remove it just to be on the safe side of things.
How to get rid of this browser hijacker