Jyhjyy.top

What is Jyhjyy.top?

Our security analysts have recently tested a suspicious search engine known as Jyhjyy.top. They have classified it as a browser hijacker and suggest that you remove it because it has been designed to show promotional links in its search results and main page and to make money as a result. This hijacker stands out from the rest of the pack because it hijacks the browser’s shortcut target to override the homepage setting when you modify it. If you do not do anything about it, then you will be stuck with this hijacker, and you will have to deal with its promotional links which can be unreliable and pose a significant risk to your computer’s security.

Where does Jyhjyy.top come from?

Our security analysts at Anti-spyware-101.com have performed extensive research of this particular hijacker and found that many intriguing facts about it. One of them is that unlike most browser hijacker, Jyhjyy.top is distributed with the help of a Trojan that drops its contents and modifies your browser’s and OS’s settings to set its URL as your browser’s homepage. The Trojan can get on your computer when you install unknown malicious software bundles or open a fake email attachment that, when opened, drops this hijacker onto your computer. The use of a Trojan to disseminate a browser is not that common since most browser hijackers are distributed with dedicated browser extensions and toolbars as well as using malicious installers to insert it into to browser directly.

What does Jyhjyy.top do?

Jyhjyy.top is a fileless infection that uses the Windows Management Instruction (WMI) to hijack your web browser. WMI is a tool that can be used by system administrators get notifications from Windows. Among other things, this application can launch VBScript and PowerShell scripts. This feature, in particular, is often exploited by malware developers to create fileless infections such as in the case of Jyhjyy.top.

This hijacker can infect your browser’s shortcut by adding http://jyhjyy.top/ to the end of its target line. Thus, each time you launch your web browser, be it Google Chrome, Mozilla Firefox, Microsoft Internet Explorer or some other web browser. Our malware researchers say that this hijacker registers itself as an instance of the of the ActiveScriptEventConsumer class in the ROOT\subscription namespace. Furthermore, this instance is named ASEC, and it contains a VBScript that is set to execute very ten seconds. As a result, it refreshes the target hijacking setting that keeps http://jyhjyy.top/ as your browser’s homepage.

The reason why this hijacker is so determined to remain as your web browser’s homepage is that its developers have configured it to show promotional links in its search results that generate advertising revenue when clicked. However, our researchers say that the additional ads come from unknown sources and should not be trusted, given this hijacker’s less than legitimate distribution methods. It is worth mentioning, however, that this hijacker redirects the search queries to Google Custom Search which is not the same as Google’s regular search engine because the custom search enables its administrators to modify the search results and insert promotional links. Therefore, it is evident that you cannot trust its search results.

How do I remove Jyhjyy.top?

If you have tried to delete this hijacker without success, then we have good news for you. Our malware researchers have made a manual removal guide that will help you get rid of this browser hijacker for good. Again, you should set a new homepage address because its search results are apt to contain additional promotional links that can jeopardize your computer’s security.

Removal Guide

1. Simultaneously press Windows+E keys.
2. In the address box, type C:\Windows\System32\wbem
3. Locate and right-click the file named wbemtest.exe
4. Click Run as administrator.
5. Click Connect in the Windows Management Instrumentation Tester.
6. Type root/subscription in Namespace.
7. Click Connect and check Enable All Privileges.
8. Select Enum Instances and enter ActiveScriptEventConsumer and click OK.
9. Select ASEC and click Delete.
10. Close and Exit.
11. Then, right-click your web browser’s shortcut and select Properties.
12. Select the Shortcut tab.
13. Delete http://jyhjyy.top from the target line.
14. Click OK.

Download Removal Tool100% FREE spyware scan and
tested removal of Jyhjyy.top*