Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine

A sudden increase in the visits to suggests that a browser hijacker is on the loose. Have you found this suspicious search tool set as your homepage or default search provider? If you have, but you have no clue how it got in, you should have no doubts regarding the trustworthiness of this tool. Have you installed it by accident when installing something else? Maybe you even consented its installation? Whatever the case might be, trusting this suspicious hijacker is a bad idea, and we explain why in this report. If you are not interested in learning more about this threat, you can scroll down to find a guide that shows how to remove from Internet Explorer, Chrome, and Firefox web browsers.

If you click the “i” button placed on the bottom-left corner of, you can access the “About” section presenting more information about this search tool. According to this information, the suspicious hijacker is meant to attract you with its features. The interface of the questionable search tool displays a weather widget, and it also allows you to change the background image. There is also the “Favorite Links” feature that allows you to add favorite sites for easy access. The current date and time are displayed as well. Considering that these features are quite useful, it would not be surprising if some users let in themselves. Of course, we suggest deleting for reasons that are not associated with the useful and attractive features.

The main reason you need to be cautious about is the search service. Since the main feature of this hijacker is a search tool, you need to hold it to a higher standard. The issue is that the hijacker does not actually offer search services. Instead, it takes the search results from the well-known Yahoo search engine. All user traffic is tunneled to, but you are unlikely to realize that because the hijacker simply shows a window with search results. Here is another problem: You do not get to see many search results. Instead, you are exposed to a bunch of advertisements, and that is what worries us the most. As stated in the Privacy Policy, SearchMaster can share information about you with third-party advertising companies. As you might have figured out yourself, works as an advertising tool, which makes it a useless search tool. Notably, you are most likely to face it if you live in Germany, Spain, Netherlands, Italy, or the United Kingdom.

According to our research team, is hosted on the same server as and Both of them are classified as hijackers, and you can find their removal guides on our website. Were all three of these hijackers created by the same party? That is not known, but it is clear that you are better off without them running on your PC. Since the distribution of this malware is still quite mysterious, we encourage you to install a trusted malware scanner and have your operating system scanned before you jump to removal. If the hijacker was introduced to you in a software bundle along with malicious infections, you will learn about them right away. What should you do if you are not familiar with the threats detected by the scanner? You can research them, but if you do not want to waste time – and your virtual security could depend on it – it is best to utilize automated malware removal software.

The instructions that you can see below show how to delete from web browsers manually. If a malware scanner reveals other threats that you cannot eliminate yourself, we advise using an anti-malware program to have all of them deleted at the same time. The hijacker will be removed as well. If you wish to get rid of malware that has invaded your operating system yourself, you have to rely on your own removal skills and research. Note that you can always use a legitimate malware scanner to help you find malware, which might help with the overall elimination process. After you get rid of all threats, make sure to perform a full system scan once more to make sure that your operating system is 100% clean. Removal

Mozilla Firefox:

  1. Tap Win+E keys to launch Windows Explorer.
  2. Into the bar at the top enter %AppData%\Mozilla\Firefox\Profiles\.
  3. Open the folder representing your Firefox profile.
  4. Open the file called prefs.js.
  5. Find the URL of the hijacker, overwrite it, and do not forget to save the file.

Google Chrome:

  1. Tap Win+E keys to launch Windows Explorer.
  2. Into the bar at the top enter %LocalAppData%\Google\Chrome\User Data\ (if you are a Windows XP user, enter %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\).
  3. Right-click and Delete the files named:
    • Preferences
    • Secure Preferences
    • Web Data

N.B You can also open these files and overwrite the hijacker’s URL in them.

Internet Explorer:

  1. Tap Win+R keys to launch RUN.
  2. Type regedit.exe and click OK to launch Registry Editor.
  3. Move to HKCU\Software\Microsoft\Internet Explorer\MAIN.
  4. Double-click the value named Search Page and overwrite the hijacker’s URL. Click OK.
  5. Double-click the value named Default_Page_URL and overwrite the hijacker’s URL. Click OK.
  6. Double-click the value named Start Page and overwrite the hijacker’s URL. Click OK.
  7. Move to HKLM\software\Microsoft\Internet Explorer\MAIN.
  8. Repeat step 6 to get rid of the hijacker.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.