Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine is a Russian-made browser hijacker that can replace your browser’s homepage address if you accidentally install a software bundle that features it because that is how it is most likely distributed. You should remove this hijacker because cyber criminals use it to generate advertising revenue. This particular browser hijacker is part of a larger web monetization scheme, so promoting third-party content is its top priority and it appears that your PC’s security is irrelevant to its developers as our research suggests that can promote content supplied by shady entities. comes from a secretive malware developer that is dedicated to releasing browser hijackers. According to our research, this developer has also created hijackers such as,, and Undoubtedly, this developer is in the online advertising business whose main objective is to generate advertising revenue. Unfortunately, we have no more information about the developer other than the obvious fact that it is based in Russia because its hijackers promote Russian websites much too often.

Browser hijackers can either be distributed along with a browser extension that is designed to manage the hijacking of the browser or without it. If the hijacker has a browser extension, then it might have a dedicated distribution website. However, regardless of whether it has a browser extension, a hijacker can be distributed via software bundles. in particular does not have a browser extension, so it relies on third-party software bundles to install it. We think that the installers might not allow you to deselect’s installation, so it can infect your browser without your knowledge.

Unlike most browser hijackers that are created to replace the homepage address, new tab page, and/or search provided, is totally different. It hijacks to browsers’ shortcuts by creating batch file in %Homedrive%:\Users\{User name}\AppData\Roaming\Browsers\exe.xoferif.bat. Our research has shown that the exe.xoferif.bat features various commands that include the likes of "start"" "C:\PROGRA~1\INTERN~1\iexplore.exe" "". This particular command is the one that performs executes the hijacking. Furthermore, this hijacker can place shortcuts in %ALLUSERSPROFILE%\Start Menu\Programs, %USERPROFILE%\Desktop and several other locations that will be listed in the removal guide. Whatever you may think of this hijacker, the actions that it performs are inherently malicious. should either redirect you to its promoted websites or open them in a new browser tab. It can redirect you to sites such as http://quantumsystem{.}org/ref/qs05, http://traffic-media{.}co/mghtml/framehtml/c/1/t/607785.html, http://internetgazeta.cardvrmirrorr{.}ru/index.html?p=othermartuid&userid=_fsyhgc67zc9twzkw, https://promo.101xp{.}com/loa2_3/?subid=cc43cdfecab17ab19f86f7c715a62b59&pid=94790_&id=. Some of these websites are entirely legitimate. However, some of them look rather shady. Their true purpose is unknown and we suspect that some of them might be used to collect information about you or do worse things than that. In the worst case scenario, this hijacker might get your PC infected with malware, such as adware, spyware, ransomware, and so on. In short, it can severely compromise your computer’s security. Therefore, you should consider removing it as soon as the opportunity arises. is a Russian-made browser hijacker that can infect your computer if you install a malicious software bundle. Our research suggests that it can redirect you to its promoted sites while you browse the web or open new tab pages and load them separately. This hijacker might subject you to rather malicious, so it is of paramount importance that you remove it from your PC as soon as the opportunity arises. Removal

  1. Press Win+E keys.
  2. Enter %APPDATA% in the address box and press Enter.
  3. Delete the Browsers folder.
  4. Then, enter the following addresses in the box and hit Enter.
    • %USERPROFILE%\Desktop
    • %ALLUSERSPROFILE%\Start Menu\Programs
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  5. Locate the hijacked browser shortcuts and right-click them.
  6. Click Delete.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.