Removal Guide

Do you know what is?

It might be difficult to identify because this threat is quite stealthy. The best indication that this is the browser hijacker that you are dealing with is unauthorized redirecting to If you are redirected to it every time you launch your web browser, it is quite possible that a hijacker with a different name is to blame for that. Another thing you can do to identify the threat is to check the Target. Right-click the infected browser’s shortcut, select Properties, and then move to the Shortcut tab. The Target line should represent the launcher of the browser (e.g., firefox.exe or chrome.exe), but if it was hijacked, it might represent a suspicious batch file called “exe.xoferif.bat”. The Target should show %Homedrive%:\Users\{username}\AppData\Roaming\Browsers\exe.xoferif.bat. If all adds up, there is no doubt that you need to delete from your browsers. The good news is that the removal of this infection is not too complicated.

Although it looks completely different from, both of these threats share files, which is why anti-malware tools are often removing as Both infections corrupt the browser’s shortcut to ensure that the hijacker is introduced to them as soon as the corrupted browser is launched. Were you surprised by this? If you were, it is most likely that the infection was infiltrated without your knowledge. If you expected a change of some sorts, you might have been tricked into agreeing to have your homepage or browser settings modified. In either case, it is very possible that the suspicious came bundled with malware. Adware, potentially unwanted programs, Trojans, and other suspicious and dangerous threats could have invaded your PC, and you might not realize it. We suggest employing a reliable malware scanner to quickly examine your operating system to let you know if you need to delete other, potentially more dangerous Removal screenshot
Scroll down for full removal instructions

The page that redirects you to – – looks quite normal and harmless, at first. If you stay on it longer, you might realize that the banner advertisement it showcases is unreliable or suspicious. The inexistence of legal information is a bad sign as well. Despite this, the hijacker represents Google Custom Search with the “powered by Google” tag, and some victims of might assume that the search tool is reliable. Unfortunately, that is not the case. When you use this tool, you are likely to be shown more advertisements and sponsored links than regular search results, and that is not a good thing. In fact, it could be dangerous if the search tool was promoting things offered by malicious parties. Furthermore, information about you could be recorded and leaked for as long as you keep interacting with the hijacker. All in all, if you take things into consideration, there is no doubt that removing is the only option.

Have you scanned your operating system? If you have not done this yet, get to it. Once you know which threats you are dealing with, you can decide how to eliminate them. If you only need to delete, follow the instructions below. If more threats are present, it is best to use anti-malware software because it can erase all threats simultaneously. Even better, it can keep malware away for as long as it is installed and updated. If you are having any issues with the removal of the hijacker, please start a conversation below so that we could help you immediately.


  1. Simultaneously tap Win+E keys to open the Windows Explorer window.
  2. Type %Appdata% into the bar at the top and tap Enter.
  3. Delete the folder called Browsers.
  4. Delete the {unknown name} shortcut file from all of these folders:
    • %ALLUSERSPROFILE%\Start Menu\Programs
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
    • %USERPROFILE%\Desktop
  5. Identify the shortcut of the infected browser (there might be a few) and right-click it.
  6. Select Properties, click the Shortcut tab, and then move to the Target.
  7. Modify the Target line to represent the path of the original browser’s executable. Click OK.

In non-techie terms:

If you are introduced to every time you launch your browser, but you cannot restore the startup settings by modifying the homepage URL, there is a great chance that has invaded your operating system. This threat hijacks your browser’s shortcut to ensure that you are routed to the unreliable search engine every single time you open the infected browser. The hardest thing in this situation is figuring out what is causing the problem. Once you are familiar with the hijacker, you can follow the instructions posted above to clean your PC and browsers manually, or you can install a trustworthy anti-malware tool if you want it removed automatically. The latter option is the best if your computer is also infected with other threats and if you need reliable protection against malware in the future.