Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine

If you suspect something is possibly not right with you came to the right place as in this report we will talk about this suspicious search engine’s working manner and risks that could arise from its usage. First of all, we would like to mention the application is classified as a browser hijacker. It may affect the Internet Explorer, Mozilla Firefox, or Google Chrome by modifying their shortcut settings; such programs are also known as shortcut hijackers. If these changes alone annoy you, we would advise you to hesitate no more and erase immediately with the deletion instructions provided at the end of this text. After all, using this search engine could be risky since it might promote potentially malicious third-party content. If you want to learn more, we urge you to keep reading the text.

For starters, it would be useful to find out how the application could enter the system in the first place. According to our researchers might be downloaded with bundled malicious installers. In such case, it is even possible that you received it accidentally. As you see bundled setup files can suggest a couple more programs in addition to the main one, although they do not have to be related. Sadly, if you do not review terms on the setup wizard you might miss your chance to deselect such software, and it could be installed automatically. On the other, if you are facing a malicious installer it may not give you an option to choose at all. Therefore, it would be probably smartest to download setup files only from legitimate web pages. Plus, it might be easier to keep the system clean if you use a trustworthy antimalware tool.

At this point, we would like to talk about what happens when enters the system. At first, the browser hijacker should create a folder in the %APPDATA% directory that could be named as Browsers. This location should contain quite a lot of executable and batch files, although some of them might be hidden. Most importantly, there should be files that could contain hidden tasks (e.g. start““c:\PROGRA~1\google\chrome\APPLIC~1\chrome.exe” “”). Consequently, this data could be used to command the affected browser to load the search engine. To do so the application should delete the existing Target Line located in the Shortcuts settings and place a link leading to the file with the hidden command, for example, C: Users\{user}\AppData\Roaming\Browsers\exe.xoferif.bat.

Once the browser is hijacked, it should load every time it is launched. Afterward, the application might further redirect you to other unreliable web pages, for example, it may load sites asking to participate in fake surveys, lotteries, and so on. This is why we would advise you to keep away from such websites and get to know how your personal information could be used before submitting it. Users should be extremely careful with pop-ups, banners, sponsored links, and other ads displayed on too since such content could have links to untrustworthy web pages as well. For instance, by clicking the ads, you could enter sites created for malware's distribution. Also, users could come across sites distributing other browser hijackers, adware, and more similar threats.

As you realize, advertised content could be malicious or potentially harmful, so it might be safer for the computer if you avoid such advertisements. Since the browser hijacker may show such ads even in the search results, we advise you to remove it at once. Later, you could pick a more reliable search engine to surf the Internet. For less experienced users we recommend following the instructions placed below if they want to get rid of the application manually. However, if the process looks too complicated or you think there might be more suspicious software on the computer, it would be more advisable to scan the system with a legitimate antimalware tool. After the scan, you could simply click the removal button, and the detected threats should be erased automatically.


  1. Press Win+E.
  2. Insert %APPDATA% into the Explorer and click Enter.
  3. Find a folder called Browsers, select it and press Shift+Delete.
  4. Locate the affected browser’s shortcuts in these directories:
    %ALLUSERSPROFILE%\Start Menu\Programs
    %APPDATA%\Microsoft\Windows\Start Menu\Programs
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  5. Mark the hijacked shortcuts separately and select Shift+Delete.
  6. Create new shortcuts in preferred directories, for example, Desktop.
  7. Press the right mouse button and select New.
  8. Click Shortcut and browse till you find the location with your browser’s launcher.
  9. Select Next and press Finish to create a new browser shortcut.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.