Adfocus “Virus” Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Adfocus “Virus”. These Adfocus removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows. Adfocus is similar to other Ad-distributing platforms like Adfly, Linkbucks, Hitleap and others.

The Adfocus bot redirection

Adfocus is a type of Browser Hijacker, and if you have already been infected by it – you can surely guess what the term means. Basically, it’s a type of program designed to distribute ads. And although this may seem harmless to you at first, we don’t recommend you allow Adfocus to stay present on your computer for much longer. Don’t get us wrong – it’s not a virus of any sorts and shouldn’t be treated as some of the nastier instances of PC infection like ransomware, for example. Ransomware will encrypt your files, where this program will merely annoy you by displaying adverts. But despite it not being a direct threat to your system, there are several red flags about Browser Hijackers, which we will discuss shortly. Adfocus “Virus” is not actually a virus, but a rather annoying platform created to distribute advertisements through browser redirects. This can be done either through an Adfocus bot or through classic URL shortening system. The bottom line is that it’s in your best interest to get rid of Adfocus as soon as you can and to help you do that, we have designed a very simple, user-friendly guide with step-by-step removal instructions to walk you through the process.

Red flag No1

We mentioned that Adfocus bot distributes advertisements and these come in various shapes and sizes: pop-ups, banners, random hyperlinks that appear in plain text, page redirects, etc. All of this can be greatly annoying and can make simple webpage navigating a nightmare, but what is the ultimate point of it all? Money. The Browser Hijacker developers make their money from every time you click on one of their ads, based on the so called Pay per click scheme. In order for this to be more effective, however, they need to maximize their chances of gaining your attention and how would they do that? By getting a feel of what interests you, which in turn is done by gathering your browsing info. Not creeped out yet? Then let this sink in: all the websites you visit, the frequency with which you visit them, everything you search for online and all the pages you bookmark, together with any personal details of yours – all of that is recorded and analyzed in order to produce content that is more relevant to you. And once all that’s been done, your personal details can easily be sold on to someone else, which is oftentimes the case.

Red flag No2

For those of you who need more convincing – we’ve got you covered. Most of the ads displayed on your screen by Adfocus rarely turn out to be what they claim they are, once you’ve clicked on them. They can be as misleading as an election promise. And you can’t really blame them for it, since all they’re interested in is your click, they don’t necessarily care with how happy you are after you’ve clicked. But the issue here is that not only can those links and pop-up mislead you, they can also direct you to some pretty dangerous websites that can be loaded with malware. Your click can even land on a thing called malvertisement, which will essentially download malware onto your computer – with or without your consent. And the consequences of that can be quite devastating. Naturally you want to remove Adfocus “virus” from your machine as fast as possible.

Distribution and safety measures

Before we move on, there’s actually another red flag, but it seemed too insignificant in comparison with the other two to have a separate paragraph. Browser Hijackers are also notorious for its potential of slowing down your computer, worsening its general performance and even crashing your browser. There, now you have it. As for distribution, chances are you might not even know where Adfocus came from and how it got on your computer. The most commonly applied technique is called program bundling and is the practice of packaging one program (a potentially unwanted one) together with another, which you would actually want to have, for whatever reason. Thus, when you’ve downloaded the desired program and proceed to install it, you are typically given the option of choosing between default and custom setup. If you picked the former, you’ve automatically surrendered any further choices to the developers and they could have set practically any other software up for installation alongside this one. The easiest way to prevent this from happening is to opt for the custom (advanced) setup and then you will have the option of seeing what else has been bundled in and deciding whether or not you want it.

Obviously, basic measures of cyber security should be taken to ensure maximum safety while browsing the web. This includes first and foremost a trusted antivirus program, which should be on at all times and which you should use to perform virus scans on a regular basis. Avoiding shady websites like the ones described above would also be ideal and will go a long way.


Name Adfocus
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Multitude of banners, pop-ups, page redirects with advertisements of all sorts. 
Distribution Method Program bundles appear ot be most common method. Can also be done via spam emails and other Browser Hijacker.
Detection Tool Adfocus may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Adfocus “Virus” Removal

Readers are interested in:



Reboot in Safe Mode (use this guide if you don’t know how to do it).

This was the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Reveal All Hidden Files and Folders.

  • Do not skip this  – Adfocus may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Adfocus from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Adfocus from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the Browser Hijacker/malware —> Remove.
chrome-logo-transparent-backgroundRemove Adfocus from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the problematic processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!