Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine might look like a safe and reliable alternative for your boring old search engine, but you should know that this particular search engine has something to hide. We have classified it as a browser hijacker because its developers have decided to distribute it is a highly unethical manner. Hence, it can replace your browser’s homepage address without your authorization as a result of installing a malicious software bundle. Therefore, we think that you ought to remove it from your PC as soon as the opportunity arises. However, if you want more information on this hijacker, then you might want to check out the information provided below. is yet another Polarity technologies Ltd. release. This company is a known browser hijacker publisher that is responsible for releasing malicious search engines such as,,, and many others. It has previously released many similar hijackers, dozens in fact, so there is no doubt that the developers of are as shady as they get.

Like the hijacker’s that were released before it, should be distributed through malicious bundled software installers. These bundled installers are usually hosted on questionable free software distributing websites that make money off bundling free software with potentially unwanted programs (PUPs), adware, and browser hijackers. This particular browser hijacker does not seem to have a dedicated browser extension, so there is no doubt that the installers were purposefully configured to inject it into your browser. Furthermore, it seems that the installers do not allow you to deselect this search engine as it is hidden.

Our analysis has shown that malicious installers are set to inject this hijacker into your browser if you use Google Chrome, Mozilla Firefox, or Microsoft Internet Explorer. It replaces their homepage address so that you would use it as a regular search engine. Its main age features links to Gmail, Yahoo, Facebook, YouTube, and so on. All the links presented there are for well-known websites. You can use as a regular search engine, but we want to note that it does not have its own search algorithm. Therefore, it redirects all the search queries you enter in its search box to a custom Yahoo search engine. We say custom because the search results can differ from those presented at The search results can feature additional promotional links that can redirect you to questionable websites. Advertising is how Polarity technologies generate advertising revenue because this company does not offer any services.

It is worthy of a note that is capable of collecting certain information about you. Granted, this information is collected by all legitimate search engines as well, we want to point out that is anything but a legitimate search engine, so there is no telling how the collected information will be used. We have found that it is capable of collecting non-personally identifiable information such as your IP address Internet Service Provider (ISP) domain name, Operating system type, browser type, approximate geographical location, search history, entered search queries. All of this information is used for presenting you with customized search results and also show you personalized promotional links.

Now, let us take a look at what this hijacker does to your browser in more detail. If you use Microsoft Internet Explorer, then this hijacker will modify HKCU\Software\Microsoft\Internet Explorer\Main|Start Page and replace the value data with Apart from that it will also modify HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} and replace the values listed below.

  • FaviconURL REG_SZ
  • FaviconURLFallback REG_SZ
  • TopResultURL REG_SZ

If you use Mozilla Firefox, then this hijacker will modify a uniquely named user file at %AppData%\Mozilla\Firefox\Profiles. This file can be opened with Notepad. Basically, it modifies the user_pref("browser.startup.homepage", ""); line and injects Finally, if you use Google Chrome, then this hijacker will modify Preferences, Secure Preferences and Web Data files located at %LocalAppData%\Google\Chrome\User Data\Default. As in other cases, it will replace some values with

In closing, is highly unreliable, malicious search engine set to replace your browser’s homepage address by force and expect you to use it as a regular search engine. The problem is, however, that this search engine can feature shady links in its search results that can jeopardize your computer’s security. Therefore, we recommend that you act quickly and remove this hijacker as soon as you can.

Replace the homepage manually

Microsoft Internet Explorer

  1. Hold down Win+R.
  2. Enter regedit in the box and click OK.
  3. Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  4. Find Start Page on the right side of the window and double-click it.
  5. Change the Value Data from to your desired homepage address.
  6. Click OK.

Google Chrome

  1. Hold down Win+E and enter C:\Users\{UserName}\AppData\Local\Google\Chrome\User Data\Default in the address box.
  2. Hit Enter.
  3. Delete Preferences, Secure Preferences and Web Data files.

Mozilla Firefox

  1. Hold down Win+E and enter C:\Users\{UserName}\AppData\Roaming\Mozilla\Firefox\Profiles\{Unique Mozilla user ID} in the address box.
  2. Hit Enter.
  3. Find prefs.js and open it with Notepad.
  4. Replace in the user_pref("browser.startup.homepage", ""); with your preferred address.
  5. Close and Save changes.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.