Feed Sonic Search (Removal Guide)

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Feed Sonic Search. These Feed Sonic Search removal instructions work for Chrome, Firefox, Internet Explorer and Safari, as well as every version of Windows.

Feed Sonic Search is the type of application you do not want on your computer, but since you are here you’ve probably discovered that for yourself already. What we are dealing with is actually an browser hijacker type of threat. It exist to spam Ads on your screen and make money out of it. Unfortunately it is very aggravating to put up with and the Ads often lead to various malicious websites. We recommend that you uninstall Feed Sonic Search as soon as possible to minimize the risks.

Feed Sonic Search in Google Chrome

Core functionality of Feed Sonic Search

browser hijacker applications in general are not considered very dangerous – at least not directly. Feed Sonic Search boasts some useful functions, but if you try to explore them you’ll soon discover that it is just a ruse. The main goal of this thing is to spam Ads in Chrome, Firefox or IE. Its owner is usually linked as an affiliate and will get money every time an Ad is clicked on and a purchase of some good occurs. The Ads come in a variety of shapes and types – usually as pop-ups and banners, but they can also be added as toolbars on your browser or embedded into the code of pages that open without your permission. Feed Sonic Search may also try turn some works into Ad-linked keywords – they will turn into hyperlinks and link to the Ad if clicked on.

In any case it is a bad idea to interact with these Ads in any way. browser hijacker is notorious for its inclusion of low-quality goods that employ scam tactics in order to sell better. Reputable software is rarely advertised through such channels – anything you try to download and install on your machine is most probably be useless bloatware or more browser hijacker.

There is an especially nasty practice to create fake problem messages in order to make you believe your PC is suffering from some kind of problem. Old, but perfectly harmless registry entries are often blamed for a multitude of unrelated problems. Even though a software may claim to be free usually only the scan functionality is available – you’ll be asked to purchase it in order to fix those “problems”. What’s worse – if these bloatware programs are allowed to mess with your PC they can do some real harm.

So yeah, keep out of the Ads.

Why was your PC targeted?

In reality browser hijacker programs rarely target specific computers – they are released en masse via various infected executable files and software bundles. You have obtained one of these – through one way or another – and installed it on your computer without realizing it would also install Feed Sonic Search. We’ll try to give you some tips on how to avoid such incidents in the future.

  • When you are installing programs don’t select the Default option – some installers contain extra software that will also be installed on your PC if you select default. This practice is what we refer to as software bundles. A much better alternative is to use the Advanced option – at worst you’ll only need a couple of clicks to get the same result as with default, but in the meantime you can see the list of programs that are to be installed and you can remove any unwanted extras from that list. Do it. Useful software is very rarely obtained in such a way – you are much more likely to get something in the lines of Feed Sonic Search.
  • Try to never download software from unsafe locations. Software and random storage sites see no supervision or anti-virus control and the installers for different files are often loaded with nasty presents like this browser hijacker.
  • Keep an ant-virus or anti-malware program present on your PC and scan all incoming files at all times. Sometimes people may send you infected files without themselves realizing they are infected


Name Feed Sonic Search
Type Browser Hijacker
Danger Level Medium (The Ads may link to dangerous sites or try to download bloatware applications)
Symptoms Large increase in number of Ads displayed, general slowdown of your computer.
Distribution Method Infected executables – software bundles and files obtained from torrents etc.
Detection Tool

1: Enter Safe Mode.
2: Remove Feed Sonic Search from Chrome, Firefox, Internet Explorer and Safari.
3: Remove attachments to browser shortcuts.
4: Uninstall the virus from your Add/Remove Programs.
5: Permanently delete the threat from Task Manager’s processes.
6: Uninstall the virus from Regedit and Msconfig.

Feed Sonic Search Removal

Things readers are interested in:



Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is just the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first mandatory thing is to Reveal All Hidden Files and Folders. Read here more how to do it. Each version of Windows does this slightly differently.

  • I repeat – it’s extremely important you do this. Feed Sonic Search may have hidden some of its files and you need to see them to delete them. 

All of your browsers likely contain an Add-on created by Feed Sonic Search and that add-on is responsible for the Ads you see. To remove it please follow the instructions written below in Step 2 and Step 3.

NOTE: Be careful! Feed Sonic Search may try to create confirmation messages that lead to new software downloads or send you to various danger sites. Please terminate and such downloads as they appear and close any unwanted pages that open.

ie9-10_512x512  Remove the Malware from Internet Explorer:

Open IE, then click  IE GEAR —–> Manage Add-ons.

pic 3

Find the malware. Remove it by pressing Disable.

If your Home Page is different from the usual, click IE GEAR —–> Internet Options>edit the URL box with your preferred search engine, and click Apply. Also, Reset Your IE Settings

firefox-512 Remove Feed Sonic Search from Firefox:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

pic 6

The problem should be lurking somewhere around here –  Remove it. Then Refresh Your Firefox Settings.

chrome-logo-transparent-backgroundRemove Feed Sonic Search from Chrome:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon.

pic 8

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.


Right click on the browser’s shortcut, then click Properties.

NOTE: We are showing Google Chrome, but the method is the same for Chrome, Firefox, Internet Explorer, Safari, and Microsoft Edge.


Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, delete EVERYTHING AFTER .exe.


Hold the Start Key and R together. Write appwiz.cpl in the field, then click OK.


You are now in the Control Panel. Search around for the virus and suspicious-looking programs. Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstall, choose NO:


Hold the Start Key and R againbut this time copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t type or change it. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.


Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.


Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can.


This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.



Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a Pop Up window.


Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete/uninstall the registries manually:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious, but bear in mind they are always different.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Did we help you? Please, consider helping us by spreading the word!

  • Lizel Cacananta

    I checked my hosts file and I see different IPs connected to it. What should I do next?

    • HowToRemove.Guide Team

      Hello Lizel,

      Can you show us the IPs? They are probably a part of the virus but we need to be sure.

  • Victor down.baidu2016.com 123.sogou.com http://www.czzsyzgm.com http://www.czzsyzxl.com

    Ive got these in my document. When I try to remove them and save it’s saying im not allow to save..

    Help please

    • HowToRemove.Guide Team

      Hello Victor,
      These are definitely part of the virus and need to be removed. Could you check if you are operating with admin rights when trying to edit the hosts file? Let us know.

  • HowToRemove.Guide Team

    Glad we could help!

  • HowToRemove.Guide Team


    Delete all lines after the first two entries that look like this
    # localhost
    # ::1 localhost

    Don’t forget to save the file afterwards!

    Please let me know if that fixed your problem.

  • taqee naqee

    when I use the command notepad %windir%/system32/Drivers/etc/hosts

    the notepad display the following data ,is mean my account is hacking?

    help me




    http://www.czzsyzxl..com down.baidu2016..com 123.sogou..com http://www.czzsyzgm..com


    • HowToRemove.Guide Team

      Yep, all of these are added by the virus. Delete them, then save the file.

      Did you do the rest of the guide? If you haven’t please finish it and contact me if you still need help.

  • Kris

    Hi, i have definitely been hacked i have almost 200 extra lines (all of which share the same ip address. i was being careless and now i’m stuck, I have tried to use anti-malware amongst other methods. But all of the setup managers keep automatically exiting. i have deleted websearch from both chrome and internet explorer. But each time it comes back, It is killing my pc PEase help me

    • HowToRemove.Guide Team

      Hi Kris,

      Looks like a you are having a hard time. Please try to follow the guide – step 1 enables Safe Mode, which should prevent the malware from shutting down your anti-malware programs. Removing the virus from the browser only won’t do – please do the guide in full and contact me if you are still having problems.

  • HowToRemove.Guide Team


    Try the following things: 1. Start your computer is Safe Mode (Step 1 of the guide); 2. Open the file as an administrator (navigate to the file manually, right click-> properties, use as an administrator). This should work.

    Please let me know of the outcome.

  • HowToRemove.Guide Team

    Hi there,

    Can you try deleting your google chrome profile and creating a new one? its done from options – accounts section.

    • SA GamingHD

      thanks! its working fine now and I dont see the browser popping again.

      Keep up the good work!

      • HowToRemove.Guide Team

        Hi there

        We are glad we were able to help 😉

        • William

          Hey, It does not work It’s not in extensions. for me

          • HowToRemove.Guide Team

            Hi William,

            DId you go through the rest of the steps as well?

  • HowToRemove.Guide Team

    Save these lines somewhere else, just to be safe, because I’m not 100% sure if any of them are part of the browser hijacker. After that delete them from the file, and save it.
    Tell us if that changed anything?

  • HowToRemove.Guide Team

    Post them here. We’ll take a look and tell you whether they are safe or need to be deleted. 🙂

  • HowToRemove.Guide Team

    Remove all of these. They are part of your problem.

  • HowToRemove.Guide Team

    If you have a hard time finishing Feed Sonic Search off – download the program from one of our banners. It’s a paid program, but the scanner is free – use it to find the files you missed with the removal instructions alone.

  • sashank

    The listed below ip’s are displaying in my system what I have to do…

    • HowToRemove.Guide Team

      What IP’s exactly? Please elaborate so we can try and help you.

  • HowToRemove.Guide Team

    Hi fede,

    Luckily those aren’t scripts but merely domain links. just erase them from the file, then save it as usual.
    f you experience any problems with permission rights do the following:

    Search for Notepad in Windows search -> right click on the executable and select Run as Administrator.
    From inside Notepad click on the File-> Open menu and navigate to the hosts file

    You should now be able to save the file properly.

  • HowToRemove.Guide Team

    Hi there, sorry for the delay. Delete all of these lines, then save the file.

    If you experience any problems with permission rights when you try to save the file do the following:

    Search for Notepad in Windows search -> right click on the executable and select Run as Administrator.
    From inside Notepad click on the File-> Open menu and navigate to the hosts file

    You should now be able to save the file properly.

  • HowToRemove.Guide Team

    Unfortunately I can not answer your question – these files and folders may be legitimate or not. I can’t tell you without seeing them or knowing their names. I recommend downloading SpyHunter from one of our ads. Its scanner can help you find the infected files.

  • DemonEastz

    thanks a lot for these~
    thumbs up

    • HowToRemove.Guide Team

      You are welcome! 🙂

  • HowToRemove.Guide Team

    Hi Neil,
    with this type of threats you can never be too sure weather is legit or suspicious. You can contact us and we can check it up for you.

  • Alexa

    Hi! This is what I’ve got after with this

    # localhost name resolution is handled within DNS itself.
    # localhost
    # ::1 localhost statsfe2.update.microsoft.com.akadns..net fe2.update.microsoft.com.akadns..net s0.2mdn..net survey.watson.microsoft..com view.atdmt..com watson.microsof.t..com watson.ppe.telemetry.microsof.t.com vortex.data.microsoft..com vortex-win.data.microsoft..com telecommand.telemetry.microsoft..com telecommand.telemetry.microsoft..com..nsatc..net oca.telemetry.microsoft..com sqm.telemetry.microsoft..com sqm.telemetry.microsoft..com..nsatc..net watson.telemetry.microsoft..com watson.telemetry.microsoft..com..nsatc..net redir.metaservices.microsoft..com choice.microsoft..com choice.microsoft..com..nsatc..net wes.df.telemetry.microsof.t..com services.wes.df.telemetry.microsof.t..com sqm.df.telemetry.microsoft..com telemetry.microsoft..com telemetry.appex.bing..net telemetry.urs.microsof.t..com settings-sandbox.data.microsoft..com watson.live..com statsfe2.ws.microsoft..com corpext.msitadfs.glbdns2.microsoft..com compatexchange.cloudapp..net a-0001.a-msedge..net sls.update.microsoft..com..akadns..net diagnostics.support..microsoft..com corp.sts.microsoft..com statsfe1.ws.microsoft..com feedback.windows..com feedback.microsoft-hohm..com feedback.search.microsoft..com rad.msn..com preview.msn..com ad.doubleclick..net ads.msn..com ads1.msads..net ads1.msn..com a.ads1.msn..com a.ads2.msn..com adnexus..net adnxs..com az361816.vo.msecnd..net az512334.vo.msecnd..net ssw.live..com ca.telemetry.microsoft..com i1.services.social.microsof.t..com df.telemetry.microsoft..com reports.wes.df.telemetry.microsoft..com cs1.wpc.v0cdn..net vortex-sandbox.data.microsoft..com oca.telemetry.microsoft..com..nsatc..net pre.footprintpredict..com spynet2.microsoft..com spynetalt.microsoft..com fe3.delivery.dsp.mp.microsoft..com..nsatc..net cache.datamart.windows..com db3wns2011111.wns.windows..com settings-win.data.microsoft..com v10.vortex-win.data.microsoft..com win10.ipv6.microsoft..com ca.telemetry.microsoft..com i1.services.social.microsoft..com..nsatc..net msnbot-207-46-194-33.search..msn..com settings.data.microsof..com telecommand.telemetry.microsoft..com..nsat-c..net

    what should I do after?

    • HowToRemove.Guide Team

      Hi Alexa,
      you should delete these IPs.