Nicesearches “Virus” Removal From Chrome/Firefox

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Nicesearches “Virus.” These Nicesearches “Virus” removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows. Although we just called for expediency Nicesearches a “virus”, it is not actually one. Viruses display not just obtrusive behavior, but can  also severely arm your system, while browser hijackers are rarely more than a big irritant.

But before we jump headfirst to the removal guide it is a good idea to give you a little brief about what exactly Nicesearches is.

Nicesearches – What it is and what does it cause

There are many different categories of programs out there that will make your computer-using experience unpleasant. According to security experts, Nicesearches, falls into the category of being an adware. Do note that adware is very different from а virus: A virus is a piece of code that may causes various types of direct damage to computer in which it resides whereas. Adware, in comparison, is usually an unwanted program that poses as no (direct) serious security threat to the user and the computer. However, adware will still undermine your surfing experience as it causes undue amount of irritation to the user, namely you.

This adware basically tracks the browsing patterns and history, favourites and bookmarks on your browser, be it Chrome, Firefox or Internet Explorer. From all the data collected it will generate ads that are specially catered to your preferences. The ads may appear in the form of banners, pop-up boxes or ads or even as a separate window. More often than not, these ads will be accompanied by tags such as “Powered by Nicesearches” or “Proudly Brought to You by Nicesearches” to illustrate that they’ve been created by the Adware. However, do not be fooled by these gimmicks – the aim of the ads is to get you to click on them, which we strongly encourage you to avoid doing.

Ads – Why should you not click on them

As these ads are generated by this adware, they are often not genuine. In the best case scenario, you will probably get directed to a webpage that you have previously visited where the “deal” can be found. But most of the time, you are either being directed to a third-party’s pay-per-click site or a suspicious webpage. In the event that you are directed to a pay-per-click site, it will help the creators, not you, to generate some form of income. If you are directed to a suspicious webpage, it will probably be promoting some form of new software that is full of security loopholes. Alternatively, it may even be a portal by which other adware are able to gain access onto your computer. Therefore, regardless of whatever the outcome is, the webpages that you will be directed to will not be to your benefit in any way.

Nicesearches – How is it being spread

According to security experts, the most common way in which this adware is being spread is through the free  program downloads that are available online through various channels. It is usually being bundled together with such programs, so that when you download these programs, Nicesearches will be downloaded and installed together with it as a set.

In such cases then, fear not! A download does not allow this adware free access to your computer – it is only able to work after installation. Therefore, you are advised to take extra precaution and be diligent during the installation process of the programs that you download. Do not attempt to save time by choosing “Automatic Installation” as this is what creators of adware and (and even malware!) take advantage of. Instead, go for the “Custom Installation” option and screen through the names of all the files and folders that are to be installed onto your computer. If you find any of the names unfamiliar, remove those files to prevent them from being installed. Oftentimes, there are some files that are hidden within the “Advanced Settings” option, so it is worth your while as well to give that a look just to err on the safe side. Remember that it is usually much easier to prevent such programs from installing on your PC, than it is to remove them afterwards. You’ll find the detailed instructions on how to uninstall Nicesearches in the guide below.


Name Nicesearches
Type Browser Hijacker
Danger Level Medium (Can help other unwanted applications get access to your PC)
Symptoms Various types of Ads, browser redirects, search replacements and other annoyance.
Distribution Method Very often hidden in the installers for other applications.
Detection Tool Browser Hijackers may be extremely difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Nicesearches Removal

Readers are interested in:



Reboot in Safe Mode (use this guide if you don’t know how to do it).

This was the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Reveal All Hidden Files and Folders.

  • Do not skip this  – Nicesearches may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Nicesearches from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Nicesearches from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Nicesearches from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the problematic processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!