Remove Mysearch123 From Firefox/Chrome

Today’s article is about the removal of the browser hijacker known as Mysearch123, a virus that changes your home page and search engine settings to match .


Since you are reading this then probably your PC has already been infected by it and you are looking for the way to remove this bugger. Well – you’ve come to the right place. Our removal guide will get the job done, but before rushing to it consider reading the article in full. Knowing how your computer was infected will likely help you recognize similar viruses in the future and stop them before they have the chance to do any harm. This is especially true when you find out that  browser hijackers – viruses that can infect you with Mysearch123 or something similar – successfully infiltrate many different parts of PC systems. This includes installing files, dlls, different registries, backup boot options that can regenerate the virus on each startup, new tab URLs, things like that.

WARNING! It is a well known fact that there are just a few ways users can get infected by this browser hijacker and all of them require it to  somehow get access from you. The only other option available that they have is to trick users into not knowing they are installing adware or PUPs (potentially unwanted programs). Also, this virus has been flagged as an addition to another one. It comes “out” when you successfully remove Delta-homes.

A glance at how it works.

Due to the endless waves of ads Mysearch123 generates it is regarded as a browser hijacker type of virus. Obviously the annoyance those ads create is enough to want it removed, but the real problem is that they are only a drop in the bucket. Most of the time the homepage search results lead you to generic commercial advertisements containing products. This is about 70% of the time. If you think about it, it all makes sense, because in essence, these people are trying to crudely promote websites by forcefully redirecting traffic there. Of course it’s a promotional tool that opens backdoors for further trouble and installs a whole package of unwanted programs, but to those people that probably seems acceptable.

The following is an example of the program, given to us by a user who uninstalled Mysearch123:

Remove Mysearch123 Program

 The other 30% of the time are the real trouble. There’s a chance you’ll get redirected to other websites containing so-called “rogue pages.” These pages contain different types of malware – some of which are much more dangerous than a homepage like – and are slated to begin downloading a .exe file that begins installation immediately after finishing up. Don’t waste time trying to exit the setup from the inside – most likely a virus is made so that you won’t be able to cancel it whenever you want. Start the Task Manager and end the process manually, then delete the file that was downloaded.

You may also start to encounter a number of other things – for example:

  1. A pop-up warning that you have a missing plug-in and need to download and install it. These are known as “banner fakes” and you will most certainly encounter them when dealing with this fake homepage.
  2. Some kind of video shown in an empty media window with a message that you need to download a specific video player to see the video. These are often overlayed on top of streaming platforms like Twitch or Youtube, and make the websites practically unusable since the ads do not have a close sign – they are thumbnails.
  3. Urgent messages to fix security vulnerabilities in an existing, but outdated program by downloading an update for it.
  4. A “generous” offer to download and try a “free” application. Often anti-malware programs are used as the bait here. Alternatively may try to outright imitate an anti-virus and hope that you’ll get confused and give it access. Users trust outright anti-virus programs most of the time. Even if they can’t immediately recall if this program was installed bundled with their own software of choice, they may trust it. And that’s what cyber criminals take advantage of.

Make no mistake – every single out of these offers is actually a virus. In fact this is a very commonly used trick and you make see such messages on different websites around the net. These are a very good indication of dangerous sites you should stay clear of. If you suspect you may be in fact missing a plug-in or some program needs an update you should just google it and look for the official website. Always get new software from the official developer’s site for it. Its the only way to be sure it’s 100% virus free.

And to be honest any updates won’t run away – remove the malware first, and you’ll have all the time in the word to apply any real updates.

The most common dirty tricks used by hackers to spread their viruses.

This trick are the program bundles. Many developers include in their program’s installer several other programs – as promotional extras. Unfortunately, especially with free programs, these extras may in fact be an browser hijacker program, because the people who create the software give it up for free, and have to make money somehow, right? So they get “compensated” for including adware/hijackers in their bundles.

Here’s the good thing in all of this though. Whoever creates the programs this fake homepage come in with, is afraid you’ll sue him/her. They are so afraid that they give out a disclaimer you can actually see if you monitor the setup steps and use Custom/Advance Install. It will allow you to see and control what exactly is getting installed. Deny access to anything you don’t need or looks suspicious.

So the disclaimer should look like this:


Although this isn’t really the virus we’re talking about, the installation works in exactly the same manner.

How to Remove Mysearch123
Readers are interested in:


Our first step here is a reboot in Windows Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:

For Windows 98, XP, Millenium and 7 Users:

Reboot your PC. There is a window in time in which you need to press F8. To ensure you don’t bungle it, spam the key until a new menu shows up. Choose Safe Mode With Networking.


Proceed to Step 2.

For Windows 8 and Windows 8.1 Users:

 Press Windows + R simultaneously. Next, select the Boot —> Safe boot —> OK.


After that click  Restart.

system- config

Proceed to Step 2.

For OS X Users:

When your Mac is turned off, press the Power Button. After you hear the Startup Sound, immediately press and hold the Shift key until the Apple logo appears.

Proceed to Step 2.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

  The virus has infected ALL of your browsers. Apply the steps separately for each one.

ie9-10_512x512  For Internet Explorer Users:

Open IE, then click  IE GEAR —–> Manage Add-ons.

pic 3

Find the virus . Disable it.

Click IE GEAR —–> Internet Options>edit the URL box with your preferred search engine, and click Apply.

firefox-512  For Mozilla Firefox Users:

Open Firefoxclick on mozilla menu (top right) ——-> Add-ons.

pic 5.

Hit Extensions next.

Firefox Extension Mysearch123

The malware  should be somewhere around here –  Remove it.

Next, type about:config on the web page address bar. A message will tell you that you need to be careful. Agree and say OK. Directly below the address bar, there is a search bar. Type in it Mysearch123. Any entries that Mozilla finds with the term need to be reset to their defaults by right clicking and choosing the Reset option.

Remove Mysearch123 from homepages

chrome-logo-transparent-background For Google Chrome Users

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions.


pic 7

In  Extensions,  find the virus and  select  chrome-trash-icon.

Mysearch123 Extension Chrome

 Click chrome menu icon   again, and proceed to Settings —> Search (the fourth tab), select Manage Search Engines.  Remove anything but the search engines you normally use.

pic 9

safari For Safari Users:

Open Safari, and click Safari —–>Preferences —–> Extensions—–>Uninstall the malware.


(Works for Windows XP, Windows 7, Windows 8, Windows 8.1)

Hold windows-buttonand R together. Write appwiz.cpl  in the new field, then click OK.


You are now in the Control Panel. Search around for the virus homepage and anything else suspicious-looking.  

Uninstall Mysearch123 Control Panel

 Uninstall  it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstallchoose NO:



This is perhaps the most important and difficult step, so be extremely careful. Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.


Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can. If the virus returns later on after you supposedly removed it, the reason is that you missed something here.


Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.

STEP 5: 

You should do the following for ALL browsers you have installed. Browser hijackers infect everything while in your system. You need to manually get rid of it from each shortcut. You should do the following:

Right click on the browser’s shortcut, then click Properties.

Alternatively, if you have your browser pinned down to the taskbar, you Right click it, then Right Click again on the Small Browser Icon —–> Properties

NOTE: Below, we are showing Google Chrome, but the method is the same for all browsers.


Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, you should REMOVE EVERYTHING AFTER .exe. Most likely the URL listed inside will be “hxxp://


Select the Menu icon on top —>Settings—> Search. After that enter Manage Search Engines. Edit out any search engines you don’t recognize or use.

google chrome settings


There’s a good chance the virus will generate when you remove it and restart. If such a thing occurs:

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. Alternatively, if you can’t find any this way, look in these directories, and delete the registries manually:

  • HKEY_CURRENT_USER—-Software—–Random entry or just numbers
    HKEY_CURRENT_USER—-Software—Microsoft—Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random (Probably Start Page)



If none of the things you did managed to remove the virus, do the following:

  • Navigate to the directory /myusername/appdata/everything . Inside it you should see an icon called “uninstall.exe” Run it – we’ve received reports that it removes some of the files associated with Mysearch123.

STEP 8 – Optimization

And that’s it. Well done for removing this cr*p. We’ve prepared an optimization guide we specially designed for users who just went through what you did. It’s free, you don’t need to download anything, and it’s fast. You can check it out here if we got your attention.


  • Pingback: Remove Mysearch123 | Home Computer Security Guide()

  • Pingback: Remove Razor Web Ads Malware -

  • Pingback: Remove "Ads by compareItApplication" -

  • Pingback: How to Remove AutoDealsApp Ads -

  • Pingback: Πως να αφαιρέσετε το Mysearch123 από τον υπολογιστή σας()

  • Dear,
    Please help me to remove this page” mysearch123, I tried all the ways you showed in your video, but it is not removing this website. is there anything else to remove this?

    Need you help.

    Thank you,

    • Stefan Sadakov

      Check the guide in our article: we update it regularly for any new information, while we sadly don’t with the video. If the problem persists, leave another comment an we can schedule a skype call or something where I’ll help you myself 🙂

      • Najeeb

        Dear Stefan,
        I have tried everything you said, still it is not even showing that it exist. what to do with this ? and sorry for late reply.

        • Stefan Sadakov

          No problem. Can you make a screenshot of your task manager processes, upload it somewhere and leave a link in your next comment? I’ll take a look myself.

  • shiva

    thnx a lot finally removed it after a lot of search thumbs up for tht updated step 7

    • Stefan Sadakov

      You are welcome 🙂 I’m glad this helped you 🙂

  • Hi all. When i run Firefox, IE or Chrome i will get mysearch123 website replacing my Google. When i go through Step 6, under Start Page, there were no mysearch123 but there were Better check it out guys.

    • Stefan Sadakov

      Does it have “unknown” as manufacturer? If yes, then it’s 100% part of the virus. If not, it’s safe. Can you elaborate or leave a screenshot for me?

      • Dear Stefan, i’m sorry i didn’t take any screenshot. But when i rename it to google, it will ruturn back to acer13…… Anyway i manage to remove it. I’m referring to my situation. When i check the services running on my Windows 8 (I’m using Acer W511) there was a service running SSFK. When i search it on my pc, the file is located under Program Files under SFK folder. Since i didn’t install any software that is called SFK or SSFK, so i decided to delete the whole folder. When i restart Windows, no more mysearch123 appeared on Firefox, IE or Chrome. Worth to check it out guys……Hope it helps….

        • Stefan Sadakov

          Thank you for sharing this 🙂

  • HowToRemove.Guide Team

    Just to be clear – when you say you did everything, were you in Safe Mode or in regular Windows mode?