Home / Computer Help / Guntony Removal Guide

Guntony Removal Guide

by 0 Comments

Do you know what Guntony is?

Guntony is a secretive application that can enter your computer without your knowledge or approval. Our malware analysts think that it is unreliable, but they have not tested its sample yet because it is an elusive program. In any case, you might want to remove it, because it is a Chromium-based web browser that is set to replace Google Chrome, provided that you use it. We think that the most plausible explanation for this activity is redirecting web traffic to a particular search engine that contains ads on its main page and promotional links in its search results. At present, there is not much information about this program, but we want to get the word out about its shady actions as soon as possible.

Malware analysts say that this application was developed to hijack Google Chrome and replace it as the default web browser. Research has revealed that this Chromium-based browser is in many respects similar to Ghokswa Browser which is also based on the Chromium platform and was developed by a company called Bysenda Technology Inc, which is based in Hong Kong. Interestingly, this same company has also set up a shady search engine at Safepage.easyfiletool.com. This search engine is not a browser hijacker, but it is plausible that it may come as Guntony’s default search engine as this application might also be developed by Bysenda Technology.

This web browser does not have a dedicated download website, so obtaining its installer is rather difficult, to say the least. Since it is a relatively new application, its dissemination channels have not grown enough to be noticed. Our researchers say that this program is probably distributed using software bundles. Software bundles are installers that feature multiple applications, but often they are used to get shady software installed on the computers of unwary users. We think that this app is bundled with malicious installers that inject it into the computer without your knowledge or consent, but we have yet to verify this.

Our malware researchers have classified this web browser as a potentially unwanted program because it does not fit the category of malware because it does not perform actions that put your computer at risk, and the legitimacy of its distribution methods has yet to be established. However, from the information we have obtained, it seems that Guntony is similar to Ghokswa Browser, if not identical. Both of these web browsers are designed to secretly replace Google Chrome as your default search engine. This can be seen from the Target line modification performed by Guntony. We have found that it changes Chrome’s Target line to C:\Program Files (x86)\Guntony\Guntony\chrome.exe. Thus, when you try to launch Chrome using its shortcut, it will open Guntony instead. Note that this browser is based on the Chromium platform, which means that it looks almost identical to Chrome.

As mentioned, this browser may have an accompanying search engine that is other than Google.com. We think that it features a custom search that is dedicated to displaying modified search results that may include promotional links. Also, it is entirely possible that its main page can contain advertisements. Search engines that come from unknown entities always raise suspicions because most of the time they are set to promote shady websites. We do not see any reason why Guntony should be trusted because it was not created for the single purpose of hijacking Chrome. It does that for a reason, and we think that redirecting web traffic to generate advertising revenue is that reason.

Therefore, you should consider uninstalling this application, but there is a slight problem. It does not have an uninstaller that you can run to remove its files and registry keys, probably because its developers do not want you to stop using it in the first place. However, you can delete its files manually by following our guide provided below.

How to remove Guntony

  1. Open Windows Explorer by tapping Windows Key+E.
  2. Enter these paths in the address bar of the resulting Explorer window.
    • %ProgramFiles(x86)%\Guntony
    • %ProgramFiles%\Guntony
    • %PUBLIC%\Documents\Guntony
    • %LOCALAPPDATA%\Guntony
    • %ALLUSERSPROFILE%\Guntony
  3. Delete all files in the Guntony folder.

How to delete its registry keys

  1. Open Registry Editor by tapping Windows Key+R.
  2. Type regedit in the dialog box and click OK.
  3. Locate the following keys.
    • HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Guntony
    • HKLM\SOFTWARE\Clients\StartMenuInternet\Guntony
    • HKCU\SOFTWARE\Classes\Guntony
  4. Delete Guntony’s subkeys.

Restore the hijacked Target line

  1. Right-click on Google Chrome’s shortcut and select Properties.
  2. Replace the modified Target line with C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

In non-techie terms:

Guntony is a Chromium-based web browser designed to replace Google Chrome as your default browser using deceptive means. It modifies Chrome’s Target line so that when you double-click on Chrome’s shortcut, you launch Guntony instead. We think that this browser may feature a custom search engine that can display unreliable advertisements. If you do not want these modifications to hinder your browsing, then remove this application using our guide.