Click on screenshot to zoom
Danger level 8
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine might not look like a suspicious search engine, but our specialists discovered it could show modified search results, among which the user might notice unreliable advertisements from the third party. Because of this, it falls under the classification of browser hijackers. The application can also change user’s homepage, default search engine, or even other browser preferences. Naturally, if you are not happy with these changes, we advise you to eliminate this suspicious search engine with no hesitation. Further, in the article, we will explain more about why it might be risky to keep it on the system and how it could settle in, so if you would like to learn more, we invite you to take a look at the rest of the text. Slightly below it, we will place deletion instructions prepared by our specialists as well; thus, if you require any assistance while removing the browser hijacker, feel free to use our provided steps.

Our researchers say should work with Google Chrome, Mozilla Firefox, and Internet Explorer. Apparently, the browser hijacker could settle in if the user encounters ads distributing it or downloads an installer bundled with it. Both the suspicious ads and the bundled installers could be found on torrent and other untrustworthy file-sharing web pages, and so if you occasionally download content from such sites, we recommend being more careful. To ensure the installer from an unreliable site is not malicious the user could scan it with a reliable antimalware tool. What’s more, it would be advisable to pick advanced or custom installation settings. That way the user may have a chance to deselect bundled applications he does not want to receive or perhaps even learn vital details about the program he is about to install. However, probably the safest option would be to avoid file-sharing web pages and download software from legitimate sites.

In case, the browser hijacker is downloaded, it might settle in by modifying files belonging to the browser it is about to hijack. After such alterations, the affected browser might start loading each time it is opened, when the user searches the Internet, creates a new tab, etc. As we explained earlier, the tool could show modified search results since it seems like it uses a modified Yahoo search engine version to gather them. A modified version may mean the application might be able to alter the collected results, for example, by placing additional advertising content among them. The bad news is if the browser hijacker does so there might be not knowing where such advertisements could come from. To be more precise, there is a possibility some of them might be potentially dangerous. For instance, the ads may redirect the user to sites distributing similar threats, malware, etc. Therefore, if you notice such content while surfing the Internet with, we would advise you to be extra cautious.

On the other hand, knowing the browser hijacker could show you suspicious advertising content, it would be smarter just to get rid of it and find yourself a more reliable search engine, for example,,, etc. The application can be deleted in two ways. First of all, more experienced users could try to locate the data possibly modified by and erase it manually. Our researchers prepared deletion instructions that may help you with this task, so if you feel you may need some assistance, we encourage you to follow the steps provided a bit below this text.

The other way to remove this browser hijacker from the system is to scan it with a reliable antimalware tool of your preferences. Users who do not have such a tool yet could simply install it. Later, we recommend performing a full system scan during which the chosen tool should detect the data associated with and help you erase it. Users who have more questions about the threat can also leave us a message at the end of this page.


Internet Explorer

  1. Press Win+R.
  2. Type Regedit and click OK.
  3. Search for the following path: HKCU\Software\Microsoft\Internet Explorer\Main
  4. Search for value name titled Start Page.
  5. Right-Click Start Page and select Modify.
  6. Replace value data (, for example, with
  7. Click OK.
  8. Navigate to the following paths:
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes
  9. Find keys called:
  10. Right-click mentioned keys one by one and select Delete.
  11. Exit Registry Entry.
  12. Press Win+E and go to %APPDATA%
  13. Locate a folder named {28e56cfb-e30e-4f66-85d8-339885b726b8}, right-click it and select Delete.
  14. Close File Explorer.
  15. Empty Recycle bin.

Mozilla Firefox

  1. Press Win+E.
  2. Get to: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\{Unique Mozilla ID}
  3. Locate file Prefs.js and open it with Notepad.
  4. Identify this line: user_pref("browser.startup.homepage", "").
  5. Replace the browser hijacker’s link.
  6. Save the changes (Ctrl+S).
  7. Close Prefs.js.

Google Chrome

  1. Open File Explorer.
  2. Locate the following path: C:\Users\{Username}\AppData\Local\Google\Chrome\User Data\Default
  3. Find and erase these listed files: Preferences, Secure Preferences, and Web Data.
  4. Close the Explorer.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.