Browser Redirect Pop-up “Virus” Removal Chrome/FF/IE

How irritating is this problem? (10 votes, average: 4.70)

This page aims to help you remove “Virus”. Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

Online ads are the worst, right? They show on your screen while you are browsing and cover any relevant content that you actually want to see with various intrusive (and oftentimes misleading) offers that mostly only prevent you from enjoying your time online and/or doing your job. However, if a stream of ads is coming from a certain website, you can at least stop visiting the said site or you can get an ad-blocker and that way stop at least some of the ads you’d otherwise see. However, if you have an app such as “Virus” on your PC, then neither of those methods would be effective with getting rid of the ads and page redirects you see in your Edge, Opera, Chrome, Firefox or any other browser. If you have this app on your PC, the search engine, the starting page and the new-tab page of your browser are also likely to get changed in addition to the constant generation of pesky banners, pop-ups, blinking boxes and other similar advertising contents. “Virus” is what is known as a browser hijacker – it is an app that initially looks like any other extension for your browser but soon after it’s installed on your machine, it would show its true colors and it’s around this time that you realize this app is not something you’d like to keep on your PC. Unfortunately, it’s oftentimes not so easy to uninstall a hijacker. Most such apps are programmed in a way that makes them somewhat difficult or tricky to get rid of. They might lack an uninstallation wizard and there might be no entry for them in the list of installed programs in your Control Panel. Also, it is likely that even if you try to change your browser back to normal, the intrusive hijacker would re-impose its changes as soon as you start a new browsing session or reboot your PC. However, all of this is not to say that removing “Virus”cannot be done. Note that eliminating a hijacker, though a bit tricky at times, is nowhere near as difficult as it is dealing with an actual malware virus (like a Trojan, a Ransomware, a Spyware or some other nasty threat). Now, we can help you deal with the “Virus” annoyance in case you are currently struggling with it – down below, you will find a guide that has all the needed instructions, screenshots and steps to aid you in the uninstallation of the hijacker. However, it’s a good idea to first finish reading this write-up in order to learn some more essential information about apps like “Virus”. Pop-up “Virus” Removal

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.



  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.


Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

How dangerous?

We already pointed out that browser hijackers are not the same as viruses and are certainly not as dangerous as malicious and noxious malware threats the likes of Trojans, Worms, Ransomware, Spyware and so on. That being said, the sheer intrusiveness and irritation that comes from most hijackers is more than enough for most users and security researchers to regard them as potentially unwanted. Furthermore, although there’s usually no malicious code inside most hijackers, their activities might still lead to the exposure of your computer to various security risks. One important example here is the advertising materials generated by such software and their potential to be unsafe at times. Sure, not every advert coming from a hijacker is a security risk but some of them might as well be. It’s, therefore, safer to keep your distance from them and, of course, the best way to do that is to simple eliminate their source which in this case would be

Distribution of hijacker software

Some apps that fall under this category have official sites but in most cases users get browser hijacker installed on their machines in other ways (usually without even realizing it). For instance, spam e-mails and misleading Internet offers, download suggestions and ads are oftentimes used as tools for hijacker distribution. Also, it is really common for such a unwanted app to get bundled with another program and get installed alongside it. That is why, you ought to be really considerate regarding the pages you visit online and regarding the content you interact with. Also, be sure to always be in control of the installation of any new piece of software you have downloaded on your PC. It’s preferable if you use the Advanced/Expanded setup settings instead of the Quick/Default ones, as the latter are likely to have the installation of any bundled content enabled by default. On the flip side, using the Advanced/Custom options would allow you to leave ou anything you might not want to have on your PC which is exactly what we’d advise you to do.


Type  Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms  Anything from unwanted changes to your browser to frequent page redirects and generation of random web-ads on your screen.
Distribution Method Software bundling, spam, questionable downloads, misleading pages, fake offers, etc.
Detection Tool

Leave a Comment