BrowserModifier (Virus Removal Instructions) - updated Jan 2020

BrowserModifier Removal Guide

What is BrowserModifier?

BrowserModifier is a malicious program programmed to divert users' traffic to affiliated sites

BrowserModifierBrowserModifier is a term used to describe an aggressive type of adware and browser hijacking programs

BrowserModifier is a heuristic name given to a type of potentially unwanted programs[1] that focus on browser hijacking activities on Google Chrome, Safari, Mozilla Firefox, Internet Explorer, etc. Most of such programs are developed and shipped to users via bundled software packages, which results in an unintentional installation, as optional components are often hidden within the installer deliberately.

BrowserModifier virus represents a large variety of computer infections, ranging from relatively harmless adware browser extensions to such malicious threats like BrowserModifier:Win32/Foniad, which acts as a Trojan and installs cryptojacking malware on the system. Therefore, if your anti-malware software was triggered by a BrowserModifier alert, you should definitely not ignore it, as it may be a huge security risk to you and your computer.

Name BrowserModifier
Type Malware, adware
Description BrowserModifier is a generic description used to identify a potentially unwanted program or malware, some of which can be particularly dangerous
Infiltration Most of the potentially unwanted programs are installed through software bundle packages or after being tricked by an attractive ad, as well as a fake update prompt. Some variants of this threat were spotted being injected via a Trojan downloader that is already present on the system
Associated risks Some versions of the virus might install other PUPs or malware, steal personal information, divert traffic to malicious domains, etc. Consequently, users may lose money to scams, disclose sensitive data to threat actors or even face identity theft
Symptoms Intrusive advertisements show up on all sites that you visit, homepage and new tab URL altered, sponsored links appear in search results, suspicious browser extensions installed without permission, etc. Note that symptoms may vary based on the BrowserModifier version
Termination Potentially unwanted programs can usually be removed manually via the Control Panel; however, BrowserModifier can represent malware infection – in such a case a scan with a reputable anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes is required
Recovery & optimization If you have been infected with malware, altered registry entries, as well as other settings, might corrupt your Windows OS, resulting in persistent crashes and errors. To fix the damage done by the virus, you can scan your machine with FortectIntego

The main purpose of BrowserModifier malware is to infect as many users as possible and then direct the HTTP traffic to affiliated websites and generate revenue. This way, third parties generate income via the pay-per-click system and can increase the ranking of these websites. That's because every advertisement brought by this domain may include a link to a third-party website, such as a dubious online shopping, certain service offerings, gaming portal, etc. However, intrusive ads and redirects are not the only reason to remove BrowserModifier from your machine as soon as possible.

As already mentioned, BrowserModifier can represent thousands of threats luring in the world wide web. Therefore, the infection routine, the symptoms, the activities, as well as the impact on the host machine, can vary greatly. However, users can usually spot a potentially unwanted program by the following symptoms:

  • Intrusive ads appear on all sites that you browser;
  • Suspicious browser extensions installed without your permission;
  • Search results are filled with hyperlinks;
  • Random redirects lead to suspicious websites;
  • New Windows registry keys, scheduled tasks, processes and files are present on the system.

Note that some BrowserModifier variants can be programmed to perform a variety of background activities that are completely invisible to users' eyes, and finding them would require advanced computer knowledge. For that reason, the best remedy for BrowserModifier ads is anti-malware software, although some versions can also be eliminated manually as per our instructions below.

BrowserModifier virusBrowserModifier is a type of computer infection which goal is to show users intrusive ads and divert traffic to affiliated sites

Security experts also recommend resetting all the installed web browsers and scanning the machine with FortectIntego after BrowserModifier removal. If the browser reset is not performed, the unwanted pop-ups, banners, deals, offers, coupons, and other ads might still be present.

BrowserModifier versions

As there are thousands of malware that can be flagged as BrowserModifier, we will look over the most prolific versions of this virus. Here are some examples of this threat:

  • BrowserModifier:Win32/Foniad
  • BrowserModifier:Win32/Diplugem
  • BrowserModifier:Win32/KipodToolsCby
  • BrowserModifier:Win32/Zwangi
  • BrowserModifier:Win32/Prifou
  • BrowserModifier:Win32/Pokki
  • BrowserModifier:Win32/Foxiebro
  • BrowserModifier.KeenValue PerfectNav
  • BrowserModifier: Win32/Xiazai
  • BrowserModifier: Win32/Riccietex
  • BrowserModifier:Win32/Poltecl
  • BrowserModifier:Win32/Xeelyak, etc.

Note, some variants, such as BrowserModifier:Win32/Pokki, are no longer recognized by most anti-malware engines[2] and are considered to be safe to use since November 2015.[3]


BrowserModifier:Win32/Foniad was first spotted by Microsoft security researchers in April 2018.[4] The security intelligence noticed hundreds of thousands of hits by this malware that tries to reinfect its targets once removal is initiated with the help of a scheduled task that is set up during the infection routine. Security researchers said that they spotted “several millions” of versions of this malware.

BrowserModifier:Win32/FoniadFoniad is an extremely aggressive form of BrowserModifier virus - it is usually distributed with the help of a trojan downloader and also installs other malware on the system

BrowserModifier infection means were traced to a Trojan downloader – a poisoned peer-to-peer application that was installed on thousands of computers. The malware uses xsetup.exe executable for the initial installation and the performance of other tasks on the infected machine. Once installed, BrowserModifier:Win32/Foniad launches the default web browser and visits several predetermined URLs, continually repeating this routine. Additionally, it also modifies Chrome settings so that desktop notifications can be shown to users without their permission.

BrowserModifier:Win32/Foniad also changes the DNS settings to divert online traffic, and installs a cryptominer that generates cryptocurrency to malicious actors.


BrowserModifier:Win32/Zwangi is a potentially unwanted program that is also known as Zwangi 1.0 build 127. First detected in 2009, this program was modified several times by its developers, names of which also changed – the app is known as QueryExplorer, SeekService, Findbasic, etc. Researchers found that it was engineered to run on the following browsers:

  • Firefox 3.6
  • Google Chrome Beta
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

Once installed, BrowserModifier:Win32/Zwangi creates a scheduled task, modifies the Windows registry, and drops hundreds of .dll and .exe files into %APPDATA% and %ProgramFiles% folders. This allows the program to act on its own: display intrusive pop-up messages related to predetermined keywords, divert search results to,, and, override the default error page notice 404, take screenshots without permission, etc.

BrowserModifier:Win32/ZwangiZwangi is one of the older versions of BrowserModifier versions


BrowserModifier:Win32/Prifou is considered a high-level threat to users' PCs. Typically distributed via unsafe third-party websites or software bundles, this threat installs a standalone application called PriceFountain, as well as an add-on, a browser helper object (BHO), or a browser extension to Google Chrome, Mozilla Firefox, or Internet Explorer. Microsoft security researchers spotted around 6.8 million infections in two months since its release, most of which were located in the USA and Europe.[5]

After a successful installation, BrowserModifier:Win32/Prifou virus modifies web browser settings or makes use of the rundll32.exe process to infect its malicious DLL into the browser in order to display intrusive ads on all sites that users visit. In most of the cases, these ads are marked with its own markings, such as “Ads by PriceFountain,” “Brought to you by PriceFountain,” “PriceFountain ads,” etc. Due to intrusive advertisements this PUP displays, many users can notice browser slowdowns, as well as crashes.

BrowserModifier PrifouPrifou is one of the versions of BrowserModifier - it infected 6.8 million users just two months after its release

Avoid browser-poisoning programs by following these tips

As soon as online advertising was discovered to be a gold mine back in 1994,[6] many rushed to earn quick revenue. Initially, ads were considered as means to earn ads and were embedded into websites that users used to visit. However, many parties realized that apps could be created in order to proliferate these ads into thousands of users' computers, resulting in quick demonetization based on clicks, as well as installs. In some cases, malware can also be installed on compromised machines to generate background traffic to predetermined sites.

As means for distribution, potentially unwanted programs are mostly spread with the help of software bundles – the method proved to be extremely effective, as many users tend not to pay attention to the installation process of new apps. These bundled installers are often placed on third-party sites – some might be trusted, while others might be shady. Therefore, users are always advised to choose official sources for their downloads and avoid potentially dangerous sites that host pirated software or cracks.

Therefore, you should always be careful when installing apps from third-party sites, as developers often hide optional components withing installers deliberately and use such tricks as pre-ticked boxes, fine print, misleading deals/offers, misplaced buttons, etc. Additionally, you should also always opt for Advanced/Custom settings if the opportunity is given.

Get rid of BrowserModifier virus

In some cases, BrowserModifier removal can be performed by accessing the installed program list via the Control panel – we provide detailed instructions below. However, some versions of this threat can be persistent – lack the uninstallation file, not be present in the installed program list, or reinstall itself due to dropped malicious files during the initial infection process.

In such a case, it is best to remove BrowserModifier virus with the help of a powerful anti-malware program, as it will locate all the malicious entries automatically and delete files that could result in threats' repeated installation. Additionally, because the PUP tends to modify web browser settings and install extensions, add-ons and browser helper objects, it is best to reset all the installed browsers for the unwanted activity not to reoccur.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of BrowserModifier. Follow these steps

Uninstall from Windows

In most cases, you will be able to uninstall BrowserModifier via the Control Panel by following these instructions:

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Reset Mozilla Firefox as soon as you eliminate the threat:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Google Chrome reset will finalize the removal of BrowserModifier:

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of BrowserModifier registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting adware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions