Remove form Chrome/Edge/Firefox

This page is here to help you remove This removal guide is suitable for Chrome, Firefox and Internet Explorer, as well as all Windows versions.

Delete – it is an insidious infection classed as a browser-hijacker. Once inside a system it changes the default search engine and homepage to a modified Google page with the Hao123 Toolbar, and is preloaded with ads – all designed to redirect you and dictate your browsing. Like many similar PUPs (potentially unwanted programs), it is acquired by inattentive installation of freeware. It’s bundled into free software and starts modifying browser and registry and desktop settings as soon as it is erroneously installed. Claiming to be a download client that will make browsing ‘more efficient’, it also alters Start menu and shortcut settings.

The nuisance value is high enough, though when potential security threats are examined it is easy to see why users want to get rid of Browser-hijackers are developed by intermediaries to provide aggressive advertising platforms and freeware download facilities for legitimate companies. Every time an ad in the rogue browser is viewed or clicked-on, the hijackers get a fee – hence the aggressive and underhand operating techniques. Advertising – and the sell – just got harder. This sort of infection may not seem overtly dangerous until it’s understood that being hijacked by one of these PUP’s can have severe security risks as well as causing operating problems.

This is just one of many browser-thieves out there who have subverted legitimate (if annoying) mass-market advertising, and turned intensive advertising into aggressive intrusion. Each view and click of this infection accelerates it up search engine rankings and makes more money for the developers who are paid by the featured companies. is owned and run by a Beijing corporation called Baidu, Inc, and in 2014 its website was the 14th most visited in the world (and the 5th in China). It doesn’t take much to work out why this may be – the great illusion of advertising continues… meanwhile, back in the real world – there may be some serious side-effects if the user doesn’t stop…


The potential dangers lie with the fact that many of these developers are operating without scrutiny and perhaps dubiously. And one of the functions of these browsers is to monitor ‘consumer’ traffic – the pages you visit for a start. This is presumably for commercial modeling and to improve targeted advertising. Usually, permission for this is hidden somewhere in the terms of the download and the I Agree box is already ticked (though if the program slipped by you, you certainly didn’t read this anyway). As these third parties could possibly be criminal, then apart from your privacy being invaded by this tracking, consider that it’s possible for this PUP to log many other details about you – up to and including key-logging which could lead to identity theft (if the operators have malicious intent, then it’s possible that a redirect may lead the user to a compromised ‘site that could result in an even more dangerous infection). This is why it it is imperative to uninstall if it finds its way into your system.

Summary of risks associated with browser-hijacker

  • Browser-hijack offers an open door to more virulent threats, and operators of this kind of software have often been connected to the use of malware;
  • System fatigue and a possible browser crash can result as the hijacker works in the background;
  • Download clients of this type and their ‘sites are not often registered, and not overseen by regulatory bodies. Introduction of further malware could facilitate key-logging to record sensitive information such as passwords, pin or account numbers… resulting in financial/I.D theft;
  • The browser-hijacker can record the entire specifications of an operating system, software installed and its configurations, I.P address and server/network data, geo-location – all of this could provide a perfect back-door hack… eradicate now. Homepage Hijacker Removal Instructions

1: Enter Safe Mode.
2: Remove from Chrome, Firefox, Internet Explorer and Edge.
3: Remove malicious attachments to browser shortcuts.
4: Uninstall the malware from your Add/Remove Programs.
5: Permanently delete the virus from Task Manager’s processes.
6: Uninstall the threat from Regedit and Msconfig.

In order to get rid of, please refer to the following step-by-step removal instructions for each of your browsers. Please note that you also have to manually restore their desktop shortcuts to their original state.

STEP-1 Before starting the real removal process, you must reboot in Safe Mode. If you are familiar with this task, skip the instructions below and proceed to Step 2. If you do not know how to do it, here is how to reboot in Safe mode:

For Windows 98, XP, Millenium and 7:
Reboot your computer. When the first screen of information appears, start repeatedly pressing F8 key. Then choose Safe Mode With Networking from the options.
Safe Mode with Networking
For Windows 8/8.1
Click the Start button, next click Control Panel —> System and Security —> Administrative Tools —> System Configuration.‌
Windows 8 Safe Mode with Network
Check the Safe Boot option and click OK. Click Restart when asked.
For Windows 10
Open the Start menu and click or tap on the Power button.
win10 safemode 1
While keeping the Shift key pressed, click or tap on Restart.
win10 safemode 2 hijacks the homepage of Chrome, Firefox and IE. Please, follow the guide precisely. If you miss some of the steps below, there is a chance that will come back at a later moment. Here are the steps you must follow to remove the hijacker from the browser:

Remove From Mozilla Firefox:

Open Firefox, click on top-right corner , click Add-ons, hit Extensions next.
firefox extensions
Look for suspicious or unknown extensions, remove them all.

Remove From Chrome:

Open Chrome, click chrome menu icon at the top-right corner —>More Tools —> Extensions. There, identify the malware and select chrome-trash-icon(Remove).
chrome extensions

Remove the Hijacker From Internet Explorer:
Open IE, then click IE gear icon on the top-right corner —> Manage Add-ons.
ie gear
Find the malicious add-on. Remove it by pressing Disable.


Right click on the browser’s shortcut, then click Properties. Remove everything after the .exe” in the Target box.

ff shortcut


Open Control Panel by holding the Win Key and R together. Write appwiz.cpl in the field, then click OK.


Here, find any program you had no intention to install and uninstall it.


Run the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.

task manager

Look carefully at the file names and descriptions of the running processes. If you find any suspicious one, search on Google for its name, or contact me directly to identify it. If you find a malware process, right-click on it and choose End task.


Open MS Config by holding the Win Key and R together. Type msconfig and hit Enter.


Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.

Prevent from appearing again

*Remember – all infections of these kind are preventable

  • Don’t open attachments in unfamiliar e-mails, however convincing or friendly they may appear;
  • Do always use either Custom/Advanced installation option;
  • Do avoid clicking on pop-up links not recognized or requested;
  • Do always ensure you have the very latest version for browsers. Enable warnings for ‘site content if available;
  • Do install capable software for early warning of threats and to regularly monitor your system files.
  • Practice good hygiene, and get some security for extra cover.
  • Build a Great Fire-Wall between your system and this peril – or you could end up Shanghaied!*

Still can not remove from your browser? Please, leave a comment below, describing what steps you performed. I will answer promptly.

* [Shanghaiing or crimping refers to the practice of kidnapping people to serve as sailors by coercive techniques such as trickery, intimidation, or violence. Those engaged in this form of kidnapping were known as crimps. Wikipedia]

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.