Click on screenshot to zoom
Danger level 8
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine

Browser hijackers such as are among the most commonly encountered infections. We do not consider them as extremely malicious. However, the mere fact that they modify your browser’s settings without your permission and get on your computer without your authorization is enough to label them as malicious. Therefore, it is necessary to remove this and other hijackers that masquerade as legitimate search engines. Truth be told, is a new type of browser hijacker from the infamous Elex browser hijacker family. To find out more about it, please read this short description. is a type of browser hijacker that comes bundled with suspicious software bundles. At the time of our research we did not have all of the information about it, so we assume that the installers it comes bundled with allow you to deselect its installation. However, the sample that we have tested was configured to inject this hijacker directly into the web browser. Hence, it does not come with a dedicated browser extension. Testing has shown that this hijacker can affect Mozilla Firefox and Google Chrome. Therefore, it has the potential to infect many computers, but it all comes down to how popular are the bundles and websites they are featured on.

As mentioned in the introduction, is part of the Elex browser hijacker family. On that note, we want to inform you that this family also includes the likes of,,, and many others. However, this new hijacker is different in the way it hijacks the browser settings and how it prevents you from changing them. So, not only does it enter your computer without your authorization but also prevents you from rolling back the changes it has made.

Our research has revealed the changes that this hijacker is set to make. Testing has shown that the installers that inject it into the browsers have been configured to modify the homepage address only. Therefore, it will not change the search provider settings and the new tab page address. It sets the homepage address to, but all of the entered search queries are redirected to However, it appears that this hijacker does not modify Google’s search results to include promotional links, so it is safe in that regard.

Still, you should know that it is committed to collect non-personally identifiable information about you. This information includes but is not limited to Internet Protocol (IP) address, browser type, the number of clicks, browsing history, and entered search queries. Also, it is important to note that the collected information includes broad demographic information such as your approximate geographical location. In addition to non-personally identifiable information, this hijacker will gather and make use of personal information. According to the Privacy Policy, “may request or collect personal information from online users in a variety of ways, including through online forms for ordering products and services, and other instances where users are invited to volunteer such information.” This information includes your name, gender, date of birth, and country.

Now let us talk about why it is difficult to get rid of When this hijacker infects your computer, it will create batch files in for the installed browsers in the C:\ProgramData folder (the folder is hidden.) In the case of Chrome, it will it will create the C:\ProgramData\Google Chrome.lnk.bat file and if you have Firefox installed it will create C:\ProgramData\Mozilla Firefox.lnk.bat. Furthermore, it will replace the browser shortcuts on your desktop to point at these batch files. The batch files will then open the browser which will load this hijacker's URL.

To get rid of this hijacker, you have to delete the batch and Ink files and delete the modified browser shortcuts found on the desktop. Then, your browser’s homepage will be reset to its default address, but you might have to reenter the URL if the address remains Feel free for the manual removal guide, but if you experience issues, then try using an antimalware application. Even though this hijacker does not show malicious search results, it is a good idea to remove it just to be on the safe side of things.

How to get rid of this browser hijacker

  1. Simultaneously press Windows+E keys.
  2. In the address box enter C:\ProgramData
  3. Locate Google Chrome.lnk.bat and Mozilla Firefox.lnk.bat
  4. Right-click them and click Delete.
  5. The, go to %AppData%
  6. Locate Google Chrome.lnk and Mozilla Firefox.lnk
  7. Right-click them and click Delete.
  8. Delete the created browser shortcuts.
  9. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.