DirectConverterz browser hijacker (fake) - Free Instructions

What is DirectConverterz browser hijacker?

DirectConverterz puts different search engines in place making the browser unreliable

DirectConverterz plugin causes unwanted changes in the browser

If your homepage, new tab address, and search engine have suddenly changed, your browser is affected by a hijacker. DirectConverterz is a recently discovered PUP (potentially unwanted program)^[1] that takes over the browsing experience. It completely changes the appearance of the browser making many people think that they have been infected with a virus.

In reality, most times it is just a browser extension that people add themselves without realizing. When it is affecting their browser, they are forced to use only channels selected by the developers. Users can be led to dangerous pages where they could get tricked into providing their personal information, downloading other PUAs, or even malware. Besides that, the hijacker provides unreliable search results which can make it annoying to browse.

How does the hijacker work?

Normally, browser extensions are meant to provide some kind of benefit for the user. With such big selections available at web stores, people can install extensions that block ads, dangerous pages or automatically apply coupon codes with the biggest discounts while shopping online. When DirectConverterz gets added to the browser, users start experiencing these symptoms:

• Browser's homepage changed to portal.directconverterz.com
• Web browser’s default search engine switched to Yahoo, Searchlee, Bing or Nearbyme
• Browser’s search queries are redirected through feed.directconverterz.com
• The DirectConverterz browser extension or program is installed on the computer

The plugin does not do anything else. It has some useless functions that are available in any browser with a click of a button – a PDF file converter, calculator, currency converter, and the ability to bookmark pages. This is an attempt to make the application look useful when you would probably never need those. There are many other applications that look exactly the same but just have different names, like WebAdblockSearch, QuickSearchMaps, and QuickConverterz.

The main purpose of a hijacker is to make money for the authors. That is why they do not care about functionality. Every ad and promoted link you click on generates revenue^[2] for the creators. Besides, ad spam can lead to questionable pages promoting fake antivirus software and cleaning tools. The extension can also keep track of:

• IP addresses
• search queries/keywords
• Site or URL visits
• geo-locations

A user profile can be created using this data, which can be later sold to advertising networks, that use it to target you with ads. To protect yourself from that, you can use a helpful tool like FortectIntego that can clear cookies and cache, fix system errors, registry issues and other PC problems which is helpful especially after an intruder like this.

DirectConverterz can lead to dangerous websites by causing redirects

System infiltration techniques

Oftentimes, users get their browsers hijacked because of their own carelessness. They do not want to put in the time into doing research, reading reviews, so they install random apps without giving it too much thought. Although that is not how it always is, that is the most common reason for browser hijacking.

Another method to spread PUPs is software bundling^[3] which is used by freeware distribution sites. The owners of such platforms need to make a profit to make their activities worthwhile, so they include additional programs in the installers without disclosing that on the page. Unfortunately, most people just rush through the installation process and do not notice them. So the next time you want to install free software, pay attention to the installation process and do not rush:

• Always choose “Custom” or “Advanced” installation methods. This way no steps will be skipped and hidden from you.
• Although it may be boring, we strongly suggest reading the Terms of Use and Privacy Policy to find out what data will be gathered and how will it be used.
• The most important step is to check the file list and see if there are any additional apps. If you see some, untick the boxes next to their names so they would not install in your machine together.

Remove the intruder

The first thing you should do is check if this could be caused by an extension that you added to your browser. We provided guides for Google Chrome, Microsoft Edge, Mozilla Firefox, Safari, and Internet Explorer:

Google Chrome

• Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
• In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.

MS Edge:

1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
2. From the list, pick the extension and click on the Gear icon.
3. Click on Uninstall at the bottom.

MS Edge (Chromium)

• Open Edge and click select Settings > Extensions.
• Delete unwanted extensions by clicking Remove.

Mozilla Firefox

• Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
• Select Add-ons.
• In here, select unwanted plugin and click Remove.

Safari

• Click Safari > Preferences…
• In the new window, pick Extensions.
• Select the unwanted extension and select Uninstall.

Internet Explorer:

1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
2. Pick Manage Add-ons.
3. You will see a Manage Add-ons window. Here, look for suspicious plugins. Click on these entries and select Disable.

Scan your system for PUPs

As we said before, you can infect yourself with PUAs by not paying attention during the installation process and browsing through shady sites. If the previous removal method did not get rid of the intruder, you most likely have an unwanted program performing tasks in the background.

Identifying the program responsible for hijacking your browser might be difficult if you have never done this before. It could be disguised as an antivirus, image editing software, or anything else. If you are not sure what to do and you do not want to risk eliminating the wrong files, we suggest using SpyHunter 5Combo Cleaner or Malwarebytes security tools that will scan your machine, eliminate it, and prevent such infections in the future by giving you a warning before a malicious program can make any changes.

If manual removal is what you prefer, we have instructions for Windows and Mac machines:

Windows 10/8:

1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
2. Under Programs, select Uninstall a program.
3. From the list, find the entry of the suspicious program.
4. Right-click on the application and select Uninstall.
5. If User Account Control shows up, click Yes.
6. Wait till uninstallation process is complete and click OK.

Windows 7/XP:

1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
2. In Control Panel, select Programs > Uninstall a program.
3. Pick the unwanted application by clicking on it once.
4. At the top, click Uninstall/Change.
5. In the confirmation prompt, pick Yes.
6. Click OK once the removal process is finished.

Mac:

1. From the menu bar, select Go > Applications.
2. In the Applications folder, look for all related entries.
3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

1. Select Go > Go to Folder.
2. Enter /Library/Application Support and click Go or press Enter.
3. In the Application Support folder, look for any dubious entries and then delete them.
4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.