Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine may look like a search engine, but it is more than that and not in a good way. We have tested this alleged search engine and concluded that it is a browser hijacker since it is distributed in such a way that, in short, changes your browser’s homepage address to its URL. You ought to remove this hijacker because its developers modify its search results to include shady promotional links. Not only that, but it will collect information about you and your browsing experience to assign advertisements that you are most likely to click while scrolling through the search results.

Indeed, all this effort is made for the single purpose of showing you clandestine ads. Now, this hijacker is not some one-off experiment by an obscure malware developer. The truth is that this hijacker was made by a company called Imali Media. This company is based in Tel Aviv, Israel and is in the web monetization business. Unfortunately, this company has opted to promote content using rather dishonest methods because of an unsuspecting you user might not realize that a search engine generated link is, in fact, a promotion of a website. We have tested many of Imali Media’s browser hijackers. For example, we have recently written about and and a bit earlier. All of this company’s hijackers make up the web monetization scheme that is said to bring a healthy profit.

In regards to's distribution methods, we have found that it can be distributed with an accompanying browser extension and as a standalone website. However, both methods of distribution rely on a malicious installer to secretly inject into the browser or install the browser extension that will, in turn, insert this hijacker as well. The extension is not vital because a properly configured third-party installer can interact with a web browser and modify its settings and set as the default homepage address.

The aim of the game is to change the homepage address of web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer and force you to use it for conducting online searches. When you enter a search query, however, this hijacker will redirect it to a customized Yahoo search engine. We call it a custom search engine because it is set to include additional promotional links that you would not see if you used the regular Yahoo search engine. Yahoo is a favorite of through developers as it allows extensive modifications to feature additional links. However, we are concerned that the content promoted by may come from illegitimate sources and put your computer’s security in jeopardy. Indeed, you may be subjected to links to malicious websites that might want to extract personal information, such as logins and passwords or your PC might become infected with ransomware and other types of highly malicious malware. Therefore, it is of utmost importance to get rid of this hijacker before it attracts more dangerous software.

To present you with customized advertisements, is set to collect information about you. It can obtain both personal and non-personal information. Personal information is provided on a voluntary basis by contacting the company that controls it. This information includes name, email address, country of origin, nickname, telephone number, website, company, and so on. According to this hijacker’s privacy policy, “If you download and install the plugin, we collect any information voluntarily provided by you during the installation and registration process, which can include demographic information such as gender, age, occupation, household income, zip code, and country.” The non-personal information includes but is no limited to IP (internet protocol) address, entered search queries, browsing history, websites visited though the site, and so on. As you can see, the information collection can be extensive, and you should be concerned with providing personal information about yourself to a company that produces malicious websites.

We hope that this description was informative and has shown you the true nature of the alleged search engine. It hijacks the homepage, shows shady links in its search results and collects information for advancing its advertising campaign. If you want to remove it from your PC, we suggest consulting our manual removal guide presented below. We also recommend scanning your PC with an antimalware program to make sure that no malware has entered your computer throughout the duration of having on your PC.

Removal Guide

Google Chrome

  1. Hold down Windows+E keys.
  2. In the File Explorer’s address bar, enter C:\Users\{You user name}\AppData\Local\Google\Chrome\User Data\Default
  3. Find and delete Preferences, Secure Preferences and Web Data files.

Mozilla Firefox

  1. Hold down Windows+E keys.
  2. In the File Explorer’s address bar, enter C:\Users\{Your user name}\AppData\Roaming\Mozilla\Firefox\Profiles
  3. Go to the {Random ID} folder
  4. Locate prefs.js and open it with Notepad.
  5. Find and replace in the user_pref("browser.startup.homepage", ""); string.

Microsoft Internet Explorer

  1. Hold down Windows+R keys.
  2. Enter regedit and hit Enter.
  3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  4. Locate the Start Page registry string.
  5. Right-click it and click Modify.
  6. Type a new homepage address and click OK.
  7. Close the Registry Editor
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.