What is – also known as – is a browser hijacker that can take over your browsers. According to the research conducted by analysts, this hijacker is most likely to be linked to an extension that has not been developed yet. Even at the bottom of the hijacker’s home page, you can see a tag that says “extension, powered by Imali Media,” and this is why we assume that this hijacker has not been fully developed yet. The bad news is that we cannot tell you which browser extension will be used to introduce users to this hijacker. Luckily, we have analyzed quite a few hijackers from the Imali Media family, and we can give you a quick rundown on how this software works and why trusting it is a bad idea. Overall, we recommend removing from your browsers as soon as possible, and you can learn all about this process using the report.test

How does work?

As you now know, Imali Media is the developer of This company is also responsible for,,, and a ton of other browser hijackers that have virtually identical interfaces. Although the easy-access links represented via the home pages of these hijackers are different in every case, they all work in the same way. For example, if you enter keywords into their search dialog boxes, you will be redirected to via the server. Using this well-known search engine, the creator of can expose you to sponsored links. The problem is that it is unlikely that you would notice if the search results shown to you were modified. If you have reviewed the “Imali Media End User License Agreement And Privacy Policy,” you might know that the company works with advertisers. Needless to say, they might use the hijacker to collect information about you, but it is most likely that they will employ the search provider as a platform for advertising.

Although it is possible that you will let in by downloading a browser extension from its official website, whatever it might be, our researchers warn that misleading pop-ups could be used to expose you to this hijacker as well. If you interact with a software bundle – whether it is introduced to you via a pop-up or you find it on a suspicious website – you have to be cautious about third-party software. Much more malicious threats might slither in along with, and, of course, they deserve immediate removal. Of course, you must not underestimate the hijacker itself. This hijacker can redirect you to third-party sites, and keeping it installed is risky because there is a possibility that it will redirect you to unreliable websites. Even the seemingly harmless Yahoo Search engine that you are redirected to cannot be trusted as sponsored links might be included. Overall, we suggest removing this suspicious software as soon as possible.

How to delete

Even if you do not find unreliable, you have to consider the risks associated to trusting it. Do you want to be exposed to reliable content or sponsored links? Do you want the software to serve you or suspicious, unknown third-party advertisers? If you agree with us that it is too risky to trust software that is associated with unfamiliar parties and that can showcase potentially unreliable links, you should delete in no time. Our proposed method of removal involves erasing the components of the hijacker and modifying the files changed by it. The process might seem complicated, but we can assure you that getting rid of the hijacker is not that difficult. If you are hesitant to erase it manually, you can always implement an automated malware remover. We even encourage users to install this software, especially in those cases when other treats are active as well.

Removal Instructions

Mozilla Firefox:

  1. Tap Win+E keys to launch Explorer.
  2. Enter %AppData%\Mozilla\Firefox\Profiles\ into the address bar.
  3. Open the {Unique Mozilla user ID} folder.
  4. Right-click the file named prefs.js and choose to open it with Notepad.
  5. Delete the user_pref("browser.startup.homepage", ""); string.
  6. Save the file and close it.

Google Chrome:

  1. Tap Win+E keys on the keyboard to launch Explorer.
  2. Enter %LOCALAPPDATA%\Google\Chrome\User Data\ or, if you are operating on Windows XP, %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\ into the address bar.
  3. Open the folder named Default/{Unique Chrome Profile}.
  4. Delete the files named Preferences, Secure Preferences, and Web Data (you can also open them using the Notepad and replace the URL of the hijacker with the preferred URL).

Internet Explorer:

  1. Tap Win+R to launch the RUN dialog box.
  2. Type regedit.exe and click OK to launch Registry Editor.
  3. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ and click Main.
  4. Right-click the value named Start Page and select modify.
  5. Delete the URL of the hijacker in the value data box and enter the preferred URL.
  6. Modify the Search page value in the same way.

N.B. Although the removal of the hijacker is not too complicated, we strongly encourage users to use a legitimate malware scanner to inspect their operating systems. This step can help you figure out if your PC is malware-free, and it can help you identify the threats if they exist.

100% FREE spyware scan and
tested removal of*

Leave a Comment

Enter the numbers in the box to the right *