Thisgo.Su “Virus” Removal

Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading SpyHunter to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you with the removal of the “Virus”. These “Virus” removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

If you have noticed that all of your browsers, no matter whether you open Chrome, Firefox or Explorer, have been acting in a strange manner recently, that’s because all of them have been affected by a piece of ad-generating software. The name of this program is and its main expertise is showing a huge number of pop-ups, banners and box messages – all forms of online ads, setting a new homepage and/or a new search engine to your browser; and last but not least making it redirect you to some web locations you don’t recognize and possibly do not consider safe.

What is

All its typical features mentioned above show that we are talking about a browser hijacker – a type of ad-producing program that may also change homepages and substitute search engines, as well as make the used browser lead the user to websites, which might appear shady. Many programs of this kind have been developed recently and there is a reason for that, of course.

Why are browser hijackers on the rise? and the programs that resemble it are simply marketing tools. And it is obvious that promoting and advertising are everywhere at the present moment. Browser hijackers could actually be very beneficial for many interested people. On the one hand, the ones that create them generate vast profits from the ads that they display. On the other hand, the promoted products and services can gain much popularity and can be purchased more often, which again will make their producers rich and well-known. Briefly, these facts explain why developers write such software and why this software always strives to show more and more pop-ups and banners.

How could your PC end up infected?

The possible options of getting infecting with are numerous and vary greatly from one another. For example, browser hijackers might be caught from spam emails. Also, your computer may be contaminated as a result of your visiting a contagious webpage. Another possible option, and the source which is responsible for most of the infections, are program bundles. These are different sets of various programs that get spread together. This is not bad; as you already know,’s characteristics bring money and success to many people. However, the whole content of the bundles which carry the hijackers gets installed together and that is when a system gets infected. The installation wizard of any program normally contains two or three different features. The ones you should avoid in case you want to keep your machine free from ad-generating programs are the ones called automatic, default, typical or quick. Their EUCAs do not include information about the whole content of a given bundle and in this way you may unknowingly install a program like on your system. The ones that should be chosen in order to ensure a safe installation process are called advanced or custom. Learning to install software the right way is one of the most useful abilities you may ever need in computing.

So, we can conclude that is not a virus…

Indeed, does not represent a type of a virus. None of the typical features above identify it as malware. It is not capable of sneaking into your computer and then stealing important information (account and banking credentials), as Trojans do. Nor is it able to use a Trojan to enter your system and then block all of the files you open on a daily basis, as a Ransomware-type program usually does. Still, to be completely precise, we should point out some of its quite unclear functions which may leave the user with the impression that the affected computer has been contaminated with a virus. Such a shady feature is the capability of all hijackers to guess what kind of ads to produce on the basis of your recent browsing history. Some users might consider such a survey into their surfing activities more intrusive than what they find acceptable. Another questionable characteristic of is its ability to send you to various websites. Some users may consider such redirects too irritating. As a result the whole browser hijacker family has been identified as a group of potentially unwanted programs.

What to do in order to uninstall

Fortunately, in most of the cases the programs from the browser hijacker group can be removed and the process is not too difficult. We advise you to go with our Removal Guide, which you will find as the last part of this article. The instructions are described in detail and are simple to follow, but should you face any difficulties, please do not hesitate to leave us a comment.


Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Various ones: changed search engine and homepage of your browsers. Redirection to strange online locations. Many possibly irritating pop-up ads might start appearing.
Distribution Method Via bundles, websites, torrents, spam, shareware.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall. “Virus” Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


Reveal All Hidden Files and Folders.

  • Do not skip this  – may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.



Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.

chrome-logo-transparent-backgroundRemove from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


Right click on each of the problematic processes separately and select Open File LocationEnd the processafter you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!

Leave a Comment