What is

Malware analysts at have recently found a browser hijacker that has since been known as It is not your typical browser hijacker because it does not hijack the homepage address. It was designed to redirect you to its promoted websites and, thus, subject you to their featured content. The problem is, however, that the websites can be malicious. Apart from that, this hijacker is highly intrusive and annoying, so you should remove it because of all of these things. In this short article, we will discuss how this hijacker can get onto your PC, what it does and how you can get rid of it.test

What does do? is not a browser hijacker for nothing. It has certain features that include modifying your browser’s settings without your knowledge or approval. This makes it highly malicious and, therefore, undesirable. Unlike most hijackers, consists of a batch file named exe.xoferif.bat that is dropped in %Homedrive%:\Users\{user name}\AppData\Roaming\Browsers. This batch file contains a command that executes the "start"" "c:\PROGRA~1\INTERN~1\iexplore.exe"” command. As a result, when you open your web browser, it will immediately redirect you to one of its many promoted websites. Most of the websites to which you can get redirected are in the Russian language, so this indicates that the developers might be from Russia and this hijacker is supposed to target people that live in Russia.

There is no doubt that’s main objective is to promote certain websites. Our malware researchers say that it is quite possible that this hijacker can promote rather malicious content. Indeed, it might redirect you to phishing or scam websites or sites that feature malicious software. The malicious software can range from mildly malicious adware to the most highly malicious ransomware or rogue fake anti-virus programs.

Where does come from?

According to our malware analysts, is similar to,, and We have no doubt that all of them come from the same secretive developer. Of course, the developers do not want to reveal themselves because their hijackers are considered malware and its distribution is illegal. Hence, the developers are nothing more than cyber criminals that ought to be stopped.

There is not a lot of information about how this hijacker is currently being disseminated. One thing is for sure that it does not have a dedicated browser extension, so it cannot have a dedicated distribution website. Therefore, our malware researchers believe that the developers use third-party software installers to have this hijacker installed on your PC. The installers can install bundled software and along with it. Since this particular browser hijacker is an essentially a batch file, it is unlikely that the installers will allow you to deselect it. Furthermore, this hijacker does not have a legitimate uninstaller. Hence, malicious installers can install this hijacker onto your computer without your knowledge or authorization.

How do I remove

If your browser redirects you to shady Russian websites, then your PC might have become infected with, a browser hijacker that is dedicated to promoting websites. However, the ads are intrusive and can be of malicious nature, so we suggest that you remove this hijacker as soon as you can. We also suggest scanning your PC with an anti-malware application to make sure that your PC is malware free. Please consult the guide below on how to delete all of this hijacker’s malicious files.

Removal Guide

  1. Hold down Windows+E keys.
  2. Type %APPDATA% in the File Explorer’s address box and press Enter.
  3. Find the Browsers folder, right-click it and click Delete.
  4. Then, type the following addresses in the box and hit Enter.
    • %ALLUSERSPROFILE%\Start Menu\Programs
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %USERPROFILE%\Desktop
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  5. Locate the hijacked browser shortcuts and right-click them.
  6. Click Delete.
  7. Empty the Recycle Bin.
100% FREE spyware scan and
tested removal of*

Leave a Comment

Enter the numbers in the box to the right *