Severity scale:  
  (35/100)

Remove BrowserModifier (Virus Removal Instructions) - updated Jan 2020

removal by Olivia Morelli - -   Also known as Ads by BrowserModifier, BrowserModifier ads, BrowserModifier virus, BrowserModifier adware | Type: Adware

BrowserModifier is a malicious program programmed to divert users' traffic to affiliated sites

BrowserModifier
BrowserModifier is a term used to describe an aggressive type of adware and browser hijacking programs

BrowserModifier is a heuristic name given to a type of potentially unwanted programs[1] that focus on browser hijacking activities on Google Chrome, Safari, Mozilla Firefox, Internet Explorer, etc. Most of such programs are developed and shipped to users via bundled software packages, which results in an unintentional installation, as optional components are often hidden within the installer deliberately.

BrowserModifier virus represents a large variety of computer infections, ranging from relatively harmless adware browser extensions to such malicious threats like BrowserModifier:Win32/Foniad, which acts as a Trojan and installs cryptojacking malware on the system. Therefore, if your anti-malware software was triggered by a BrowserModifier alert, you should definitely not ignore it, as it may be a huge security risk to you and your computer.

Name BrowserModifier
Type Malware, adware
Description BrowserModifier is a generic description used to identify a potentially unwanted program or malware, some of which can be particularly dangerous
Infiltration Most of the potentially unwanted programs are installed through software bundle packages or after being tricked by an attractive ad, as well as a fake update prompt. Some variants of this threat were spotted being injected via a Trojan downloader that is already present on the system
Associated risks Some versions of the virus might install other PUPs or malware, steal personal information, divert traffic to malicious domains, etc. Consequently, users may lose money to scams, disclose sensitive data to threat actors or even face identity theft
Symptoms  Intrusive advertisements show up on all sites that you visit, homepage and new tab URL altered, sponsored links appear in search results, suspicious browser extensions installed without permission, etc. Note that symptoms may vary based on the BrowserModifier version
Termination  Potentially unwanted programs can usually be removed manually via the Control Panel; however, BrowserModifier can represent malware infection – in such a case a scan with a reputable anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes is required
Recovery & optimization If you have been infected with malware, altered registry entries, as well as other settings, might corrupt your Windows OS, resulting in persistent crashes and errors. To fix the damage done by the virus, you can scan your machine with Reimage Reimage Cleaner Intego

The main purpose of BrowserModifier malware is to infect as many users as possible and then direct the HTTP traffic to affiliated websites and generate revenue. This way, third parties generate income via the pay-per-click system and can increase the ranking of these websites. That's because every advertisement brought by this domain may include a link to a third-party website, such as a dubious online shopping, certain service offerings, gaming portal, etc. However, intrusive ads and redirects are not the only reason to remove BrowserModifier from your machine as soon as possible.

As already mentioned, BrowserModifier can represent thousands of threats luring in the world wide web. Therefore, the infection routine, the symptoms, the activities, as well as the impact on the host machine, can vary greatly. However, users can usually spot a potentially unwanted program by the following symptoms:

  • Intrusive ads appear on all sites that you browser;
  • Suspicious browser extensions installed without your permission;
  • Search results are filled with hyperlinks;
  • Random redirects lead to suspicious websites;
  • New Windows registry keys,  scheduled tasks, processes and files are present on the system.

Note that some BrowserModifier variants can be programmed to perform a variety of background activities that are completely invisible to users' eyes, and finding them would require advanced computer knowledge. For that reason, the best remedy for BrowserModifier ads is anti-malware software, although some versions can also be eliminated manually as per our instructions below.

BrowserModifier virus
BrowserModifier is a type of computer infection which goal is to show users intrusive ads and divert traffic to affiliated sites

Security experts also recommend resetting all the installed web browsers and scanning the machine with Reimage Reimage Cleaner Intego after BrowserModifier removal. If the browser reset is not performed, the unwanted pop-ups, banners, deals, offers, coupons, and other ads might still be present.

BrowserModifier versions

As there are thousands of malware that can be flagged as BrowserModifier, we will look over the most prolific versions of this virus. Here are some examples of this threat:

  • BrowserModifier:Win32/Foniad
  • BrowserModifier:Win32/Diplugem
  • BrowserModifier:Win32/KipodToolsCby
  • BrowserModifier:Win32/Zwangi
  • BrowserModifier:Win32/Prifou
  • BrowserModifier:Win32/Pokki
  • BrowserModifier:Win32/Foxiebro
  • BrowserModifier.KeenValue PerfectNav
  • BrowserModifier: Win32/Xiazai
  • BrowserModifier: Win32/Riccietex
  • BrowserModifier:Win32/Poltecl
  • BrowserModifier:Win32/Xeelyak, etc.

Note, some variants, such as BrowserModifier:Win32/Pokki, are no longer recognized by most anti-malware engines[2] and are considered to be safe to use since November 2015.[3]

BrowserModifier:Win32/Foniad

BrowserModifier:Win32/Foniad was first spotted by Microsoft security researchers in April 2018.[4] The security intelligence noticed hundreds of thousands of hits by this malware that tries to reinfect its targets once removal is initiated with the help of a scheduled task that is set up during the infection routine. Security researchers said that they spotted “several millions” of versions of this malware.

BrowserModifier:Win32/Foniad
Foniad is an extremely aggressive form of BrowserModifier virus - it is usually distributed with the help of a trojan downloader and also installs other malware on the system

BrowserModifier infection means were traced to a Trojan downloader – a poisoned peer-to-peer application that was installed on thousands of computers. The malware uses xsetup.exe executable for the initial installation and the performance of other tasks on the infected machine. Once installed, BrowserModifier:Win32/Foniad launches the default web browser and visits several predetermined URLs, continually repeating this routine. Additionally, it also modifies Chrome settings so that desktop notifications can be shown to users without their permission.

BrowserModifier:Win32/Foniad also changes the DNS settings to divert online traffic, and installs a cryptominer that generates cryptocurrency to malicious actors.

BrowserModifier:Win32/Zwangi

BrowserModifier:Win32/Zwangi is a potentially unwanted program that is also known as Zwangi 1.0 build 127. First detected in 2009, this program was modified several times by its developers, names of which also changed – the app is known as QueryExplorer, SeekService, Findbasic, etc. Researchers found that it was engineered to run on the following browsers:

  • Firefox 3.6
  • Google Chrome Beta
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

Once installed, BrowserModifier:Win32/Zwangi creates a scheduled task, modifies the Windows registry, and drops hundreds of .dll and .exe files into %APPDATA% and %ProgramFiles% folders. This allows the program to act on its own: display intrusive pop-up messages related to predetermined keywords, divert search results to questbrowse.com, weemi.com, and zwangi.com, override the default error page notice 404, take screenshots without permission, etc.

BrowserModifier:Win32/Zwangi
Zwangi is one of the older versions of BrowserModifier versions

BrowserModifier:Win32/Prifou

BrowserModifier:Win32/Prifou is considered a high-level threat to users' PCs. Typically distributed via unsafe third-party websites or software bundles, this threat installs a standalone application called PriceFountain, as well as an add-on, a browser helper object (BHO), or a browser extension to Google Chrome, Mozilla Firefox, or Internet Explorer. Microsoft security researchers spotted around 6.8 million infections in two months since its release, most of which were located in the USA and Europe.[5]

After a successful installation, BrowserModifier:Win32/Prifou virus modifies web browser settings or makes use of the rundll32.exe process to infect its malicious DLL into the browser in order to display intrusive ads on all sites that users visit. In most of the cases, these ads are marked with its own markings, such as “Ads by PriceFountain,” “Brought to you by PriceFountain,” “PriceFountain ads,” etc. Due to intrusive advertisements this PUP displays, many users can notice browser slowdowns, as well as crashes.

BrowserModifier Prifou
Prifou is one of the versions of BrowserModifier - it infected 6.8 million users just two months after its release

Avoid browser-poisoning programs by following these tips

As soon as online advertising was discovered to be a gold mine back in 1994,[6] many rushed to earn quick revenue. Initially, ads were considered as means to earn ads and were embedded into websites that users used to visit. However, many parties realized that apps could be created in order to proliferate these ads into thousands of users' computers, resulting in quick demonetization based on clicks, as well as installs. In some cases, malware can also be installed on compromised machines to generate background traffic to predetermined sites.

As means for distribution, potentially unwanted programs are mostly spread with the help of software bundles – the method proved to be extremely effective, as many users tend not to pay attention to the installation process of new apps. These bundled installers are often placed on third-party sites – some might be trusted, while others might be shady. Therefore, users are always advised to choose official sources for their downloads and avoid potentially dangerous sites that host pirated software or cracks.

Therefore, you should always be careful when installing apps from third-party sites, as developers often hide optional components withing installers deliberately and use such tricks as pre-ticked boxes, fine print, misleading deals/offers, misplaced buttons, etc. Additionally, you should also always opt for Advanced/Custom settings if the opportunity is given.

Get rid of BrowserModifier virus

In some cases, BrowserModifier removal can be performed by accessing the installed program list via the Control panel – we provide detailed instructions below. However, some versions of this threat can be persistent – lack the uninstallation file, not be present in the installed program list, or reinstall itself due to dropped malicious files during the initial infection process.

In such a case, it is best to remove BrowserModifier virus with the help of a powerful anti-malware program, as it will locate all the malicious entries automatically and delete files that could result in threats' repeated installation. Additionally, because the PUP tends to modify web browser settings and install extensions, add-ons and browser helper objects, it is best to reset all the installed browsers for the unwanted activity not to reoccur.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove BrowserModifier, follow these steps:

Delete BrowserModifier from Windows systems

In most cases, you will be able to uninstall BrowserModifier via the Control Panel by following these instructions:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall BrowserModifier and related programs
    Here, look for BrowserModifier or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'

Erase BrowserModifier from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for BrowserModifier and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete BrowserModifier removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Get rid of BrowserModifier from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, BrowserModifier should be removed from your Microsoft Edge browser.

Eliminate BrowserModifier from Mozilla Firefox (FF)

Reset Mozilla Firefox as soon as you eliminate the threat:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select BrowserModifier and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete BrowserModifier removal. Click on 'Reset Firefox' button for a couple of times

Remove BrowserModifier from Google Chrome

Google Chrome reset will finalize the removal of BrowserModifier:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select BrowserModifier and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete BrowserModifier removal. Click on 'Reset' button to complete your removal

Delete BrowserModifier from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for BrowserModifier or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete BrowserModifier removal process. Select all options and click on 'Reset' button

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References


Your opinion regarding BrowserModifier