What is

A new browser hijacker working exactly like,, and has been recently detected by malware experts working at It is not an ordinary browser hijacker for sure because it does not change browsers’ settings, e.g. homepage, New Tab URL, and default search provider like other prevalent browser hijackers tend to do. Instead, it hijacks shortcuts of all browsers users have installed on their computers. At the time of writing, it is compatible with Internet Explorer, Google Chrome, and Mozilla Firefox, so if you have all these three web browsers installed on your computer, you will notice that they all open It should be emphasized that users see the domain for a second only because it immediately redirects to As a consequence, some people think that the latter URL has taken over their browsers and belongs to malicious software, which is not exactly true.testtesttest

What does do?

In order to launch together with web browsers, the browser hijacker hijacks all browsers’ shortcuts the second it enters the computer. It adds such or a similar line pointing to a .bat file there: %Homedrive%:\Users\{username}\AppData\Roaming\Browsers\exe.xoferif.bat. It does that instead of changing parameters (e.g. homepage and default search tool) of browsers. These changes are applied so that would be automatically opened for users every day. If we look inside batch files, e.g. exe.xoferif.bat located in the Browsers folder this browser hijacker places in %APPDATA%, we will see that it contains a command inside, for example, start "" "c:\PROGRA~1\INTERN~1\iexplore.exe" "". It forces browsers to open As has already been mentioned in the first paragraph, users might not notice this domain because of another web page ( opened. This page looks like a decent search provider at first, but, according to researchers, it cannot be trusted fully either. Its main drawback is that it presents users with the commercial content. Ads associated with dubious third-party pages are located on its start page. In addition, users might see them located on the search results page too if they use this search provider as a default search tool. Researchers have not found this finding disturbing at all because this search engine uses Google Custom Search which can be modified and adapted to one’s needs. Users who use the search engine opened for them as the one and only tool to perform web searches might help people behind this page to earn the pay-per-click revenue. Unfortunately, users themselves might only get a bunch of undesirable software instead. Bad applications can sneak onto the computer even if the dubious website is opened for a second after clicking on any of these displayed ads.

Where does come from?

Undoubtedly, is launched for you automatically when you open any of your web browsers because a browser hijacker has successfully entered the computer and applied changes to browsers. More specifically, browsers’ shortcuts have been hijacked and a folder containing .bat files has been dropped on the computer. We are sure you have not voluntarily installed this threat on your system because, as research carried out by specialists at has revealed, it is spread through bundled malicious installers in most cases. The word “bundled” means that it usually does not travel alone. We cannot tell you the names of programs that come together with it because they change depending on the user’s location. The only thing we surely know is that untrustworthy applications could have been installed on your PC together with the browser hijacker. If you do not do anything to protect your PC, e.g. install a reputable security application, you might find other dubious programs on your PC any time soon.

How do I delete

Do not even bother resetting your web browsers to their default settings because this will not remove from browsers. Instead, remove the folder with .bat files from %APPDATA% belonging to this browser hijacker and erase all hijacked shortcuts of browsers. Then, go to create new shortcuts to be able to quickly and conveniently open your web browsers. Our instructions (they are located below this paragraph) should help you to take care of this computer infection, but if you do not trust your skills in malware removal at all, you can delete the browser hijacker automatically with an automatic scanner, such as SpyHunter, as well.

Remove manually

  1. Open the Windows Explorer.
  2. Type %APPDATA% in the URL box at the top to open this directory.
  3. Locate the Browsers folder there.
  4. Delete it.
  5. Remove hijacked browsers’ shortcuts from the following places:
  • %ALLUSERSPROFILE%\Start Menu\Programs
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  • %USERPROFILE%\Desktop
100% FREE spyware scan and
tested removal of*

Leave a Comment

Enter the numbers in the box to the right *