Click on screenshot to zoom
Danger level 6
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine is a dubious website sharing similarities with and Surfvox which were detected by researchers working at some time ago. To be frank, specialists rarely call it a “dubious website.” Instead of being just an untrustworthy page, it is, undoubtedly, a browser hijacker. Certain pages receive this label because they are set up on all browsers without a user’s consent. is no exception. It tends to show up on browsers out of the blue too. Users notice the changes applied, but they do not hurry to undo them because they believe that this website is going to act as a decent search tool too. Unfortunately, it is not exactly true. It really has a search box located in the middle of the page and displays search results. Also, it does not look harmful at all at first sight; however, our researchers have made several disturbing findings, so they cannot call this website trustworthy by any means. Actually, the appearance of a website on all browsers without permission already indicates that it cannot be trusted, so if your browsers’ settings are changed against your will ever again, do not even consider whether or not to get rid of that website responsible for the changes because the answer is obvious – it needs to be erased ASAP!

There are links opening hardware reviews on the start page of, and there is a Google Custom Search box there too, so it does not surprise our specialists at all that users do not notice that this page is full of advertisements at first. Ads are shown on the main page of, but, according to findings of our specialists, they might be shown on the search results page too. Of course, users see those commercials only if they use the search box they find located on to search the web. We do not say that all commercials are linked to dangerous malicious applications, but if you click fearlessly on all the ads you see, you might step on a malicious commercial one day too. We do not try to prove here that all the ads you come across when you surf the web are associated with bad websites and malware. What we try to say here instead is that developers of browser hijackers or other bad programs might display ads leading to corrupted pages because they only seek to get the pay-per-click revenue, and they do not care about the safety of users at all. Not only untrustworthy applications can be found on these “corrupted pages”. You might also be asked to provide personal details which might then be recorded. These recorded details might be sold to third parties in the near future. It is not likely at all that you will be asked to provide your online banking credentials; however, such details as name, surname, and address, which might not seem to be important at first, might be used for fraudulent purposes as well, so do not submit any details about yourself on dubious websites and protect your privacy more.

The browser hijacker might be distributed in several different ways. For example, it might come bundled with freeware in software bundles, or it might be spread through fake torrents. It seems that the latter distribution method is adopted the most frequently. Let us explain to you in more detail how manages to enter systems. As has been found, this usually happens when users download a decent-looking file, e.g. a video file, open it, and then are asked to update software responsible for opening this file, e.g. video codecs. Once a user executes the file spread in the same package, a browser hijacker is installed silently on the computer. As has already been mentioned, it is definitely not the only distribution method used to spread browser hijackers, so users who surf the web every day and tend to download applications from the web should install a security application. Before you let security software enter your computer, double-check if it is as reliable as it claims to be.

The manual removal guide you will find below this article will definitely help you to take care of if you perform all the removal steps as indicated. As can be seen, Internet Explorer users need to delete the Value data from the Start Page Value to make the dubious search tool disappear. In the case of Mozilla Firefox users, modifications inside the prefs.js file keeping all users’ preferences have to be undone. Finally, data inside several files of Google Chrome needs to be changed, or these files completely deleted. The same removal steps can, surely, be performed quicker with an automatic malware remover, e.g. SpyHunter. Click on the Download button to get the free diagnostic scanner.

Remove in a manual way

Internet Explorer

  1. Press Win+R, enter regedit, and click OK.
  2. Open HKCU\Software\Microsoft\Internet Explorer and go to find the Start Page Value.
  3. Right-click on it when you find it and select Modify.
  4. Clear the data from the Value data field or enter another URL, e.g. .
  5. Click OK.

Mozilla Firefox

  1. Press Win+E and go to type %AppData%\Mozilla\Firefox\Profiles\ in the bar at the top.
  2. Locate the folder whose name consists of random symbols and open it.
  3. Locate the prefs.js file and open it with Notepad (right-click on it, select Open with, and select Notepad).
  4. Find the string inside this file: user_pref("browser.startup.homepage", "") .
  5. Delete it and then save the changes.

Google Chrome

  1. Press Win+E.
  2. Open %LocalAppData%\Google\Chrome\User Data\Default.
  3. Find Preferences, Secure Preferences, and Web Data there.
  4. Delete those files one after the other.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.