Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine

If you are annoyed by redirections and third-party ads while surfing the web, it is possible that has found a way to your system. This is a Russian browser hijacker that also operates as an adware server. On the surface, it looks like a news website with a search engine. However, its news could be copied from other websites and simply pose as fake content to fill up the page. Its search engine should not be trusted either as it may present to you questionable search results. The worst is probably that this browser hijacker can also create scheduled tasks to open your browser with promoted content, which can be porn or gambling-related. Clicking on any content coming through this malware infection could cause further system security issues. Thus, we believe that you should remove without a second thought.

There are a few ways in which you can install this browser hijacker in your major browsers, including Mozilla Firefox, Internet Explorer, and Google Chrome, or in which you can get redirected to it. As a matter of fact, this is not the first time we see such a Russian threat. In the past months there were a number of identical pages and adware servers emerging on the net, such as,, and You may get infected with this threat simply by clicking on the wrong content while browsing. For example, when viewing a page, a pop-up or banner ad comes up on your screen that tells you that you need to install a new plugin or driver to be able to watch content on this page. When you click to install, you can easily drop a whole bundle of malware threats, including this browser hijacker. You should never believe such commercials because it hardly ever ends well when you click on one. No website can possibly have information about your software and drivers on your system. If any content may require a certain program to run, you should always use official websites to download it yourself.

You can click on corrupt third-party ads on file-sharing, online gaming, and pornography-related sites because these are usually the ones that host several advertisements and fake contents in order to promote third-party installers of bad bundles. On certain torrent sites, for example, you could drop infections simply by clicking into search fields or on invisible content. You need to be extra cautious when you land on unfamiliar pages because you will never know where you can safely click and the wrong choice my result in your having to delete and other threats from your PC. In fact, we do not encourage you to view any of such suspicious websites even if you want to download free files. You should always use reputable pages to do so.

Do your research before wanting to download and install anything really. Also, be aware that using search engines, no matter how reliable they may be, is never 100% safe because you could be presented with results that link to malicious websites. Schemers have an understanding of how to create fake and malicious pages to come up on the first results page even in Google. So be careful what you search for because certain keywords may trigger such pages. However, if there is any chance you may have installed such a bundle, you need to delete right away and find a trustworthy malware scanner to detect all other potentially harmful programs as well.

This malicious website has two main functions. First, it pretends to be a Russian news website that features a search box as well. Our tests indicate that the news articles may be plagiarized and simply used as a cover. The search engine should not be used either as it may forward you to modified search results pages that could contain potentially unreliable third-party ads and links. If you click on these, you may download further malicious programs or end up on malicious pages being scammed. Unfortunately, the same can happen when this malware threat starts functioning as an adware and redirect you to promoted webpages that could be unreliable. This can happen at every restart of your system or every 34 minutes as the created task is scheduled. If you do not want to lose your identity or money due to an online scam by landing on a malicious page, we suggest that you act now and remove from your computer.

If you want to make sure that this threat fully disappears from your computer, first you need to delete any related task. This infection may show up as 24runewscom*, blogingtnet*, 7runewsnet*, 101news101org* or anything similar for a list of at least a dozen site names used by the creators. The name of this malicious task may change almost every day. Please follow our instructions below if you want to remove from your system. As you can see, it is important that you give your PC proper protection. If you cannot defend it yourself, you may want to consider installing a proper anti-malware program like SpyHunter.

Remove scheduled tasks possibly related to

  1. Open your Task Manager by pressing Ctrl+Shift+Esc.
  2. Choose the Start-up tab.
  3. Locate the suspicious program in the list and press Disable.
  4. Close your Task Manager.
  5. Press Win+E to open File Explorer.
  6. Open the %WINDIR%\Tasks and %WINDIR%\System32\Tasks folders.
  7. Find and delete the suspicious task that could be linked to
  8. Empty your Recycle bin.

Remove from browsers

Internet Explorer

  1. Press Win+Q and type regedit. Hit the Enter key.
  2. Remove the following value names:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[10 random letters] (value data contains “”)
    HKCU\Software\Start Page\Start Page (value data contains “”)
  3. Overwrite the value data of “HKCU\Software\Microsoft\Internet Explorer\Main\Start Page”
  4. Close the editor.

Google Chrome

  1. Press Win+E.
  2. Open the “%LocalAppData%\Google\Chrome\User Data\Default” folder.
  3. Bin the following files: Preferences, Secure Preferences, and Web Data
  4. Empty the Recycle Bin.

Mozilla Firefox

  1. Press Win+E.
  2. Open the “%AppData%\Mozilla\Firefox\Profiles\{Unique Mozilla user ID}” folder.
  3. Open the prefs.js file in Notepad.
  4. Overwrite the user_pref("browser.startup.homepage", "*") string with a URL address you want.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.