Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine might seem like an unusual application since it does not do much besides changing your browser settings, although our researchers say given time there is a chance the search engine could begin showing irritating third-party advertisements. This type of a program is considered to be a browser hijacker. If you are facing it for the first time, it would be advisable to read the rest of our article and get to know this threat better. As you see, the ads might show to users could be not just annoying, but also possibly malicious and it is why we recommend using a more trustworthy search engine. If you entirely agree with us, we can offer you the deletion instructions located below this text; they should show users how to get rid of the browser hijacker step by step.

At the beginning of the report we mentioned the application could change your browser settings; what we had in mind is that it can replace user’s start page, default search provider, or new tab page with Accordingly, the affected browser would start loading it once you launch it, open a new tab, or just start a new search. Currently, the browser hijacker seems to be able to affect Internet Explorer, Mozilla Firefox, and Google Chrome. Each of the mentioned tools has its own working manner, for example, Mozilla Firefox saves user’s preferred settings on file named as prefs.js; it is located in the %AppData%\Mozilla\Firefox\Profiles\{Unique Mozilla user ID} directory. Therefore, to hijack this browser, the threat should identify prefs.js and modify it by replacing the links of your favorite web pages’ with its own. The way it could change data belonging to the other two browsers you can see from the instructions located below the article.

Besides we have researched and tested quite a lot of similar or in some cases almost identical browser hijackers. Since many of them do not provide a unique search engine or any advanced tools, it seems to us the only point creating such applications might be to generate advertising revenue. If the threat uses a custom search engine, it can inject the gathered results with additional advertising content coming from the software’s third-party partners. However, if you read the application’s End User License Agreement or Privacy Policy documents, you will find the search engine’s creators take no responsibility for such ads. In other words, the ads are probably not reviewed, which means any advertisement might be displayed, even if it could have links to malicious web pages or promote dangerous content.

For instance, there might be ads leading to scam web pages, sites containing viruses, Trojans, or other malware, and so on. We do not say you will necessarily encounter such content as we cannot be sure, but there is a risk you could, and you should consider it carefully if you are thinking about surfing the Internet with Lastly, users should be aware that the browser hijacker could be distributed through unreliable channels, for example, it might be distributed with suspicious advertisements or bundled software installers. Such content could be encountered while visiting doubtful file-sharing web pages, such as,,,, and so on. Thus, to avoid browser hijackers or other unreliable applications in the future, we would advise users to stay away from untrustworthy file-sharing web pages and watch out for bundled setup files.

If you have decided not to take any chances with and wish to eliminate it you should know there are in fact two ways to do so. Firstly, users could try to fix data belonging to the hijacked browser if the threat modified it. The process is shown step by step in the instructions available below, so if you feel up to this possibly complicated task, we encourage you to follow the given steps. The second option is to acquire a reliable security tool. With it, you could do a system scan and to erase the detected threats; you would probably only need to click the deletion button.


Internet Explorer

  1. Press Win+R.
  2. Type Regedit and click OK.
  3. Search for the following path: HKCU\Software\Microsoft\Internet Explorer\Main
  4. Search for value name titled Start Page.
  5. Right-Click Start Page and select Modify.
  6. Replace value data (, for example, with
  7. Click OK.

Mozilla Firefox

  1. Press Win+E.
  2. Get to: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\{Unique Mozilla ID}
  3. Locate file Prefs.js and open it with Notepad.
  4. Identify this line: user_pref("browser.startup.homepage", "").
  5. Replace the application’s link.
  6. Save the changes (Ctrl+S).
  7. Close Prefs.js.

Google Chrome

  1. Open File Explorer.
  2. Locate the following path: C:\Users\{Username}\AppData\Local\Google\Chrome\User Data\Default.
  3. Find and erase these listed files: Preferences, Secure Preferences, and Web Data.
  4. Close the Explorer.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.