What is is a recently released browser hijacker from the ELEX family. If you noticed this suspicious application on your system, we advise you to erase it immediately. According to our researchers at, the application might hijack user’s browser profile and control it. In addition, the hijacker should also replace your homepage with, which is an unreliable search engine. For example, it might add suspicious ads into your search results that could lead you to malicious web pages. Nonetheless, that is not all that we have found out about this threat, thus continue reading the article and learn more about the browser hijacker. Also, to make it easier for you to erase the application, there will be removal instructions at the end of the text.testtesttest

How does work?

The browser hijacker can replace default homepage with on Google Chrome and Mozilla Firefox. If you take a look at this site, it does not look any different from other similar search engines. However, it is important to know that it might show you modified results. Even though the results would still be based on your search queries, they might include third-party advertising. We advise you not to click these ads because you could be redirected to potentially harmful websites. For instance, the site could be created for malicious purposes, e.g. distribute malware, steal your personal data, and so on.

The program might also control your Google Chrome or Mozilla Firefox profile. Depending on your default browser the application could hijack its profile and move it to another folder. If you use Mozilla Firefox, might put its profile in the %APPDATA% or %LOCALAPPDATA% directories. However, if the user has Google Chrome, the browser hijacker should create a folder with a title of random letters, e.g. hirfshihijndltufrbty. This folder would contain the hijacked profile. Our researchers say that the application does so that it would remain undetected on your computer. Moreover, hijacking browser’s profile could allow hide other browser hijackers of the ELEX family that could be on the user's system.

Where does come from?

Users might install with bundled installers that are shared on torrent and other file-sharing websites or with a potentially unwanted program called Ghokswa. The mentioned application is a browser that looks like Google Chrome, but actually, it is only a clone of it. If you have this suspicious program on your system as well, we advise you to read about it more on our website and remove it with provided instructions.

How to delete

You can erase manually if you eliminate the hijacked browser profiles from the system. Based on the affected browser you might also need to delete other folders, files or modify some data. As you realize the process might be rather complicated, so you should carefully follow the instructions below. Still, it could be too complicated if you are an inexperienced user. In that case, it may be easier for users to download a legitimate antimalware tool and use it to eliminate this threat. A reliable security tool would help users locate and remove all data that belongs to the browser hijacker. Also, it would help you get rid of other threats that might be on your system.

Remove hijacked browser profile

Mozilla Firefox

  1. Launch the Explorer.
  2. Copy and paste the following directories separately: %APPDATA%, %LOCALAPPDATA%
  3. Find a folder named as Profiles in both of these directories and right-click them to delete.
  4. Locate this path %APPDATA%\Mozilla\Firefox
  5. Search for a file called profiles.ini.
  6. Right-click the file and select Delete.

Google Chrome

  1. Open the Explorer.
  2. Insert given location %LOCALAPPDATA%
  3. Find a folder that has a name of random letters (e.g. sfbttrrsfsnritivkfssu).
  4. Check if this folder has same data as in the %LOCALAPPDATA%\Google\Chrome\User Data directory.
  5. Right-click this folder and press Delete.

Erase from browsers

Mozilla Firefox

  1. Open the Explorer.
  2. Find the following path C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\{Unique Mozilla user ID}
  3. Search for a file called Prefs.js and open it as a Notepad document.
  4. Locate given line: user_pref(“browser.startup.homepage”, “”).
  5. Delete from it and type any web page address that you prefer.
  6. Save the document and close it.
  7. Press Win+R, type regedit and press Enter.
  8. Navigate to the listed directories:
  9. Find registry keys with random titles (e.g. {EC63F2AB-4C3B-435F-8683-944C798136CF}.
  10. Check if its value data is related to, if it right-click the registry key and press Delete.

Google Chrome

  1. Press Win+E to launch the Explorer.
  2. Find this path C:\Users\{username}\AppData\Local\Google\Chrome\User Data
  3. Search for a folder with a random name (e.g. guperghghimckstepasy).
  4. Right-click the folder and click Delete.
100% FREE spyware scan and
tested removal of*

Leave a Comment

Enter the numbers in the box to the right *