Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine is similar to,,, and other browser hijackers that are popularly known as WMI hijackers. WMI stands for Windows Management Instrumentation, and the hijacker uses it to keep itself installed. If you do not delete the WMI script linked to the hijacker, you will not be able to get rid of it from your browsers, and we are sure that you already know that that is important. Although the hijacker does not look dangerous per se, it is not useful in any manner. While most hijackers at least try to offer seemingly beneficial services, this one has an interface filled with allegedly funny stories and advertisements. Do you find that useful? It is unlikely that you do, and we are sure that you cannot wait to remove from your browsers. Whether it hijacks your Chrome, Firefox, or Internet Explorer browser, we can help you with the elimination. Just continue reading.

The purpose of is very mysterious, and our research team assumes that it was created as an advertising tool. Based on the research we have conducted, it is most likely that this hijacker will enter your operating system bundled with UCBrowser or MaohaWiFi bundle packs. It appears that this threat is mainly targeted at users living in China because it is likely to be packaged with programs created for the Chinese market. We have to warn you that it is also possible that could be downloaded by a silent Trojan. In any case, third-party malware is likely to exist on your operating system, and you need to delete it as soon as possible. Considering that these potentially active threats might be camouflaged or might run without your notice, we suggest employing a legitimate malware scanner to inspect your operating system. Even if other threats are not discovered (unfortunately, that is unlikely to happen), a full system scan will not take a lot of your time, and so you should not skip this step.

The developers of legitimate and reliable sites usually provide users with legal information, such as privacy policies or license agreements. Such information is not provided to the users of, and that is a big red flag. If you cannot check the policies based on which the service is operated, how can you trust it? Unfortunately, some users are likely to ignore this fact; especially if they enjoy the funny short stories shown to them as soon as they launch the corrupted browser. We do not want to focus on these stories because they are not harmful. What worries us the most are the advertisements that are shown alongside. What if these ads are misleading? If that is the case, you might end up visiting malicious sites or, possibly, even downloading malware. On top of that, it is possible that the hijacker has employed data-tracking tools to record every move you make. What if is capable of recording personal information? This is possible, and this is why we suggest removing this hijacker ASAP.

If you have scanned your PC and assessed all infections that are active, you know best what you need to do next. If critically malicious infections are found, and if you are unable to eliminate them yourself, it is smart to consider using automated malware detection and removal software. Even if other threats do not exist, this software can delete in the most efficient manner. If you choose to erase malicious infections manually, you need to research every single one of them to know exactly what to do to get your operating system cleaned fast. Unfortunately, one manual removal method that would fit all threats does not exist. Speaking of manual removal, you must keep in mind that is not a simple infection, and its elimination might require skills and time.

The guide below shows how to delete WMI script, which is not an easy task. Afterward, you will need to fix the Target of all infected browser’s shortcuts, and that might take some of your time as well. We also recommend resetting your browsers once you complete the steps shown in the guide. If you do not think you are ready for these tasks, stick with automatic removal. Removal

  1. Open Explorer (tap Win+E keys) and enter C:\Windows\System32\ into the bar at the top.
  2. Place the cursor in the search box on the right, type wbemtest, and then tap Enter on the keyboard.
  3. Right-click the file and choose to Run as Administrator.
  4. When the WMI Tester menu shows up, click Connect…
  5. Type root\subscription into the Namespace box and then click Connect again.
  6. Mark Enable All Privileges and then click the Enum Instances button.
  7. Type ActiveScriptEventConsumer under Class Info and then click OK.
  8. Look for an instance with the ASEC string in the name, select it, and click Delete. Exit the utility.
  9. Identify the shortcut of the infected browser (you will need to modify all shortcuts one by one).
  10. Right-click the shortcut, select Properties, and then move to the Shortcut tab.
  11. In the Target box erase the URL of the hijacker after chrome.exe”/iexplore.exe”/firefox.exe”. Click OK.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.