What is is a browser hijacker that enters target systems without permission. It is hard to locate the actual sample of the infection because the program gets distributed with potentially unwanted applications. Therefore, if you get infected with this browser hijacker, it also means that you have several other unwanted programs installed on your computer. You need to remove right away, and then search for other potential threats before they manage to destroy your system. In order to locate dangerous intruders, please scan your computer with a licensed antispyware tool. This way you will get a full list of potential stowaways on board.testtest

Where does come from?

It is hard to say who exactly have developed this browser hijacker and where it comes from. The location of the IP address and the infection itself occurs in different places worldwide. This information is more important for the prevention of the infection because it allows us to foresee where we can expect the hijacker infection to occur. Nevertheless, it does not mean that this security issue is limited only to the regions where it appears the most. Malware infections have no boundaries, and they may barge at your doorstep, too.

The countries that are mostly affected by the infection include Algeria, Bangladesh, India, Indonesia, Pakistan, Sri Lanka, and Vietnam. As you can see, the browser hijacker is mostly prevalent in South and Southeast Asia, but there is no guarantee that it would not “hop on” into other regions, as well.

The hijacker itself is located in the IP address. A little research on the address shows that the geographic location of the IP address is in California, the United States. Also, CloudFare, Inc. is indicated as the Internet Service Provider, but it does not give much of a lead because CloudFare is a company that provides domain name server services. It means that basically anyone could make use of this service to upload their content and domain name online.

Our security experts say that belong to the same group of browser hijackers as,,,, and many others. This means that these browser hijackers are being released on a regular basis targeted at specific regions, and they are being distributed in waves.

As one would expect from a malicious infection, this browser hijacker does not have a direct distribution source. That is also the reason it is rather complicated to come across the actual plain sample of the program. Based on what we have found, is mostly dropped on a target system by potentially unwanted applications, such as Picexa or Ghokswa Browser. This means that users should be able to avoid such infections if they did not indulge in freeware installation without any caution.

Potentially unwanted programs are often hosted at file-sharing websites, so when you download something from a third-party source, you need to be attentive during the installation process. It is highly probable that the setup wizard shows a notification about additional software that will be installed along, and users miss it because they are too eager to get over with the installation ASAP.

What does do?

The browser hijacker does not present us with anything unexpected. Once the infection enters your computer, it modifies your homepage and default search engine to The infection does not affect the Edge browser, but it is compatible with other major browsers, such as Chrome, Firefox, and Internet Explorer.

Even if you do not use this domain for web search, the hijacker would still display modified search results that lead to commercial sites. This happens because the infection employs tracking cookies to collect information on your web browsing habits, and consequently, it knows what kind of customized content it can show to you, to increase the possibility of your clicking it.

The reason enters your computer is money, so the browser hijacker will not try to destroy your system or steal your financial information. Nevertheless, it COULD be exploited by malicious third-parties for malware distribution, and that is one of the main reasons you should not keep this program on your PC any longer.

How do I remove

There are several ways to make sure you get rid of this infection. To delete the domain from your browser, you can reset your browser settings to default. You should also remove all the hijacker-related files and registry entries from your PC. For that, we have provided the instructions below. However, to completely ensure your system’s safety and stability, it is strongly recommended that you invest in a licensed antispyware application. Keep the security tool updated so that it would protect you from similar intruders in the future.

Delete from Windows

  1. Press the Windows key + R to launch the Run command box.
  2. Enter %AppData% into the Open box and click OK.
  3. Find the newsearch123 folder in AppData directory and delete it.

Removal from Internet Explorer

  1. Press Win+R and enter regedit into the Run box. Click OK.
  2. Click Yes on the confirmation box.
  4. Select Microsoft and open Internet Explorer.
  5. Open MAIN and right-click the Search Page value on the right pane.
  6. Select Modify and delete value data
  7. Replace it with the search engine you prefer and click OK.
  8. Right-click the Default_Search_URL value and click Modify.
  9. Delete from value data and add the search engine you prefer.
  10. Click OK and right-click Start Page value in the right pane.
  11. Select Modify and delete from Value data.
  12. Enter the homepage you prefer and click OK.
  13. Go to HKEY_CURRENT_USER on the left pane and open SOFTWARE.
  14. Go to Microsoft and click Internet Explorer.
  15. Select the MAIN key and right-click the Start Page value.
  16. Select Modify, delete the unwanted start page and enter the domain you prefer.
  17. Click OK.

Removal from Firefox

  1. Press Win+R and the Run command box will open.
  2. Type %AppData% and click OK.
  3. Go to Roaming and open Mozilla folder.
  4. Open Firefox and go to Profiles.
  5. Open the folder with the Unique Mozilla User ID.
  6. Locate the Prefs file and right-click it and select to edit.
  7. Remove user_pref("browser.startup.homepage", ""); from the list.
  8. Save changes and close the file.

Removal from Chrome

  1. Press Win+R and the Run box will open.
  2. Type %AppData% and press OK.
  3. Go to Local and open Google.
  4. Select Chrome and open User Data.
  5. Open Default and locate the Preferences, Secure Preferences and Web Data files.
  6. Delete those files.
100% FREE spyware scan and
tested removal of*

Leave a Comment

Enter the numbers in the box to the right *