Severity scale:  

Remove redirect (Virus Removal Guide) - Aug 2019 update

removal by Alice Woods - -   Also known as Cassiopessa | Type: Browser Hijackers

Cassiopesa is a Chromium-based browser categorized as a potentially unwanted program that makes unwanted changes on the computer is a domain name that users will see on their Google Chrome, Safari, Internet Explorer, Mozilla Firefox, or another browser after they get hijacked by a potentially unwanted application. The program comes in the form of a Chromium-based browser and initiates all the other changes at once.

Potentially unwanted programs[1] (or PUPs for short) usually come bundled inside a software package downloaded from third-party hosting sites. Unfortunately, users might not be presented with the full list of the apps that are about to be installed unless the Advanced/Custom settings are picked. Soon after that, they will notice the hijack and that their default web browser that opens .html, .php and other webpage-associated extensions changed to a customized version of Chromium.

Beware that Cassiopesa may cause various unwanted issues during your browsing. For example, it may initiate continuous redirects to unknown and suspicious websites, diminish web browser performance, or may even track your online activities. Therefore, if you noticed that your default web browser changed without your permission, you should immediately proceed with removal from your system.

Name Cassiopesa
Type Potentially unwanted program, browser hijacker
Category Browser based on Chromium project
Search engine set to
Symptoms Hijacked web browsers, sponsored links, intrusive ads, redirects, etc.
Potential risks Installation of bogus software, malware infection, information disclosure to unknown parties, etc.
Termination To delete the browser automatically, scan your system with Reimage Reimage Cleaner Intego or make use of our manual removal guide below

It is worth mentioning that Chromium is a legitimate web browser and an open-source project by Google. Unfortunately, many businesses that specialize is online advertising adopted it and turned it into potentially unwanted programs. Here are a few examples of potentially malicious browsers that work similarly to Cassiopesa:

  • Citrio
  • Chroomium
  • Qword
  • WebDiscover
  • Yandex
  • Fusion, etc.

The primary feature of is to display the promoted sites in all possible ways. For that, the developers employ software bundling[2] in order to distribute the app to as many people as possible, which consequently performs changes to other web browsers and installs itself as a default one.

Users then can see a variety of sponsored links at the top of the search results that lead to affiliated sites. Besides, users might encounter pop-ups, deals, offers, in-text links, and other ads from that might cover the underlying content of all visited sites, diminishing the web browser experience.

In some cases, the ads that offer bogus system scanners and fake driver updates might be inserted directly into the startup page. In such a way, the developers guarantee that the sponsored content will be viewed by millions, consequently guaranteeing revenue for themselves. Unfortunately, Cassiopesa virus victims will struggle with never-ending ads and unwanted browser changes, and might as well have troubles while trying to get rid of the PUP.

Cassiopesa hijack
Cassiopesa is a potentially unwanted application that travels inside software bundles, so users rarely notice the point of entry

Besides,  is spread along with tracking cookies,[3] which may collect and store various information about the users, such as IP address, email address, PC location, search terms, websites visited, data entered in them, clicks, browser type, language and so on.

Therefore, by keeping Cassiopesa browser hijacker on your computer you risk losing personally and non-personally identifiable information, landing on suspicious websites, infecting your machine with other suspicious programs like scareware and even injecting malware without noticing it.

To conclude, our team, along with experts from[4] recommend users to remove from their systems as soon as possible. The elimination can be performed by using automated security tools like Reimage Reimage Cleaner Intego or by employing manual removal instructions at the bottom of this article.

Browser hijackers are distributed by using deceptive methods

Potentially unwanted programs are called in this way mainly because of the way they are distributed – users often find such apps installed without their permission. PUPs are inserted into a single software package, and optional components are often hidden from users' eyes purposely. This method, also often called as software bundling, is deceptive and unfair, although users are often accused of negligence and that they themselves failed to read the installation instruction properly.

Such software packages are usually promoted via popular and reputable download websites, including,,,, etc. By promoting optional applications within the freeware installers, these sites monetize effectively, and also offer freeware developers some share. Therefore, all parties are interested in as many users to install the optional components as possible.

No matter how attractively the optional components may be introduced, don't forget that the majority of them are adware, browser hijackers or other PUPs. To protect your computer from unwanted ads and redirects, you should opt-out of all attachments that are traveling with your selected freeware. Therefore, you should always opt for Advanced/Custom settings, decline all the deals or offers, and watch out for fine print along with pre-selected boxes to avoid PUP installation.

Cassiopesa search engine
Cassiopesa uses a customized search engine to to present users with suspicious ads directly on the startup page

You can terminate Cassiopesa either manually or automatically

If virus has already been downloaded to your computer as a reliable search engine, you should stay away from it. Otherwise, you may notice such unwanted activities as redirects to unknown websites, tons of annoying pop-up ads, and even browser crashes.

The easiest way to remove from your system is by using reputable anti-malware software that can detect and terminate potentially unwanted programs (some AV vendors include the scan as an optional feature, as PUPs are not usually treated as malware). Alternatively, you can also employ our manual Cassiopesa removal instructions below and find all the unwanted programs yourself. Be warned that it might not be an easy task, especially if your computer is flooded with multiple unwanted applications.

Because Cassiopesa is a browser hijacker, it modified the settings of Mozilla Firefox, Safari, Google Chrome, and other installed browsers. Therefore, you should also reset the settings to make sure that unwanted activity does not come back.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove redirect, follow these steps:

Eliminate from Windows systems

To remove from Windows, you need to access Programs and Features section in order to get rid of all the suspicious programs manually:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Uninstall from Mac OS X system

Macs can also be infected with a browser hijacker, so you should proceed with the following instructions to get rid of the unwanted ads and redirects:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Remove from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Erase redirect from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, should be removed from your Microsoft Edge browser.

Delete from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Get rid of from Google Chrome

As soon as you delete the PUP, make sure you reset Google Chrome, as the altered settings might still bring you to the affiliated sites and show intrusive ads:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Eliminate from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various circumstances, malware is also one of the main culprits that can cause loss of pictures, documents, videos, and other important files. Potentially unwanted programs may clear files that keep the application from running smoothly.

More serious malware infections lead to significant data loss when your documents, system files, or images get locked. Ransomware is the one that is focused on such functions, so your device gets useless without access to needed data. Even though there is little to no possibility to recover after file-locking threats, some applications have features for such recovery in the system.

In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Removal guides in other languages

Your opinion regarding redirect