Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine

We have yet again discovered a new browser hijacker and yet again it comes from the developer that labels its hijackers with the “by SaferBrowser” logo. Unfortunately, there is nothing safe about this hijacker and we suggest that you remove it from your computer as soon as you can because it can jeopardize its security. We have categorized as a browser hijacker because of its malicious distribution method that involves inserting it into your browser without your knowledge or authorization. It is set to enter your computer in secret and replace your web browser’s homepage address and other search-related settings. This hijacker replaces it so that it could show you promotional links in its search results. It is also set to collect information about you, so if you have it on your browser, then we highly recommend that you read this description.

Browser hijackers are a category of malware that can come as a standalone website or along with a browser extension or program. They can be distributed in several ways so let us take a look at how this particular hijacker can be distributed. We have found that is disseminated using malicious installers that inject it directly into the web browser. This dissemination method is applied for Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome. Also, this method of distribution involves tampering with the browsers’ files and this is unacceptable since the installer does not give you the opportunity to opt out from injecting it into the browser. We want to inform you that it the installers that feature this hijacker also contain freeware, and the whole package is put up for download on shady software distributing websites. Therefore, to avoid this infection, you should not visit unreliable software providers and get an antimalware application that could prevent the malicious installers from injecting malware into your PC.

When this hijacker is injected into your computer, it will replace the homepage of all three web mentioned above browsers as well as the search provider of Internet Explorer and Firefox. As a result, you will be forced to use it for conducting your online searches, provided that you do not take action against it. The reason is set to use deceptive methods to get onto your computer is that its developers have set it to feature additional promotional links that generate advertising revenue. This particular hijacker is not alone in this advertising campaign, mind you. It has dozens of clones that include the likes of,,, and among others. All of them come from the same source that we refer to as SaferBrowser. This entity has been secretly making much money by counting on non-tech-savvy users to keep its hijackers on their web browsers.

Our research has revealed that redirects the search queries to which is a legitimate search engine, but is also a favorite of browser hijacker developers because it allows them to customize the search results and include additional promotional links. We are concerned that this hijacker can put your computer in danger because its promotional links might redirect you to websites that feature malicious software or fake online shopping websites. Whatever the case may be, we want to stress that is unsafe, and you should get rid of it. However, before we move on to its removal methods, we want to provide a bit more information regarding privacy.

Our analysis of the privacy policy has shown that is set to collect information such as the search and browsing history automatically, as well as the IP address, geographical location, and so on. Also, if you choose to contact the developers of this hijacker and reveal any personal information about yourself, then this information will be stored, supplemented with non-personally identifiable information and used to customize the advertising campaign. All things considered, this is an undesirable search engine, so we recommend that you delete it.

We conclude that is not a legitimate search engine, but a browser hijacker that is set to modify your browser’s search-related settings and subject you to questionable commercial advertisements via its search results. In addition, it is configured to collect information about you to tailor the advertising campaign and since it can get hold of personally identifiable information and use it to generate more income. Please consult the removal instructions below on how to get rid of it.

How to delete this browser hijacker

Microsoft Internet Explorer

  1. Hold down Windows+R keys.
  2. Type regedit in the dialog box.
  3. Click OK.
  4. In the Registry Editor, go to HKCU\Software\Microsoft\Internet Explorer\Main
  5. Locate the Start Page, right-click it and click Modify.
  6. In the Value data line, enter a new URL.
  7. Then go to HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  8. Right-click on the following registry strings and replace their Value data with another URL.
  • FaviconURL REG_SZ
  • FaviconURLFallback REG_SZ
  • TopResultURL REG_SZ

Mozilla Firefox

  1. Hold down Windows+E keys.
  2. In the address bar, enter %AppData%\Mozilla\Firefox\Profiles\{Random ID number}
  3. Find and open prefs.js with Notepad.
  4. Fix the user_pref("browser.startup.homepage", ""); string by replacing the with your preferred URL.

Google Chrome

  1. Hold down Windows+E keys.
  2. In the address bar, enter %LocalAppData%\Google\Chrome\User Data\Default
  3. Find Preferences, Secure Preferences and Web Data.
  4. Delete them or open them with Notepad and replace all strings with to your preferred URL.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.