If you have recently noticed unpleasant activities occurring in your browser such as random redirects to unknown sites and webpages as well as different intrusive ads getting streamed to your browser screen, then you are probably dealing with or any other potentially unwanted application (PUA) of the browser hiFjacker category.

The virus will redirect your browser.

Aside from the ads and page redirects, it’s also likely that a hijacker tries to make certain alterations to the browsers that you use (Internet Explorer/Microsoft Edge, Opera, Firefox, Chrome or any other). Such alterations may include replacement of the starting page and the new-tab page of the browser, replacement of the default search engine, different modifications made to the toolbar of the browser and other similar modifications. Normally, a hijacker wouldn’t really ask for your permission in order to impose the changes. Also, in most cases the said changes don’t really give you anything useful and are typically seen as unwanted as they mostly serve the needs of the hijacker when it comes to streaming ads to your screen. For example, the newly imposed search engine that your browser has received might give you modified search results for each of your searches. That way, you might land on pages brought to you by the new search engine that aren’t really the ones that you have been looking for and are instead web locations that the hijacker app is supposed to promote. It’s likely going to be the same with your starting page and new-tab page – they would probably be of sites that the pesky software on your browser is supposed to advertise.

Potential dangers

Of course, some of you might say that this isn’t a big deal – after all, it’s not like the is some kind of insidious Ransomware or Trojan Horse virus. However, while it is true that most hijacker apps are nowhere near as harmful as real computer viruses like the ones mentioned above, it is still within the realm of possibility that a browser hijacker could indirectly expose your machine to certain security risks. Such a risk could be any of the ads or page redirects that might get streamed to your screen while you are browsing. If a certain ad that isn’t reliable or safe gets displayed on your screen and you click on it, you could easily end up having your machine targeted by different malware threats the likes of Spyware, Rootkits, Worms and, of course, Ransomware and Trojan Horse viruses. Therefore, we strongly recommend you take away or any other hijacker that might be currently residing on your computer as this will surely make your computer much less likely to get infiltrated by malware. Something that needs to be pointed out here is the fact that it is usually somewhat tricky or at the very least non-intuitive to remove a hijacker since most such apps lack built-in uninstallation options. Therefore, anyone who wants to get rid of an app such as would need to resort to a bit more advanced methods. There are typically two effective courses of action in this case. The first one is to manually locate any data related to the unwanted hijacker that’s on the computer and remove it from there. On this page, we have posted a set of instructions to guide you through the process of manually removing the unwanted app. However, if you don’t’ think the manual method is for you, know that there’s also the automatic one – using a trusted specialized removal software could also help you eliminate a hijacker like Such a software tool has been included in the guide from this page so know that you can use that as well when trying to remove the hijacker app from your machine.

How can a hijacker get to you?

If you open a shady e-mail and click on its attachment, if you download some sketchy file, if you open some questionable online ad or offer and if you visit some obscure and unreliable site, you could easily land a hijacker on your PC. The same could also happen if you install some new program (especially if it is freeware) on your PC using the Quick setup configuration. Bear in mind that it is always better to go for the Advanced setup settings if such are available as they could allow you to see if some unpleasant app like has been bundled with the program you’re trying to install. If you ever  see something like that, be sure to uncheck it before you continue as this will prevent the potentially unwanted software component from getting installed on your machine alongside the main program.


Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms A hijacker is likely to negatively affect the way your browser operates which is how you can notice the unpleasant app.
Distribution Method Program bundles deceitful links and spam messages, shady ads, etc.
Detection Tool Pop-up Ads Removal

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous.

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
Mapsanddrivingdirections.comAVG AV

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

Properties —–> Shortcut. In Target, remove everything after .exe.  Remove from Internet Explorer:

Open IE, click —–> Manage Add-ons.

Find the threat —> Disable. Go to —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply. Remove from Firefox:

Open Firefoxclick  ——-> Add-ons —-> Extensions.

Find the adware/malware —> Remove.
Mapsanddrivingdirections.comRemove from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename it to Backup Default. Restart Chrome.

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment