Severity scale:  

Remove redirect (Removal Instructions) - Oct 2019 update

removal by Ugnius Kiguolis - - | Type: Browser Hijackers is a browser hijacker aimed at Turkish users is a browser hijacker that intrudes users' machines without asking for direct permission to do so

Netmahal is a site that users might see on their Google Chrome, Internet Explorer or Mozilla Firefox browser after they install a potentially unwanted application[1] on their computers. This browser hijacker is often bundled with freeware or shareware apps that are hosted on third-party sites, and users often install it without noticing.

Upon infiltration, browser hijacker changes the settings of the installed browsers – users see a customized search engine and a new homepage/new tab address set to hxxp:// The startup page is filled with various links to Twitter, YouTube, Facebook, and other popular sites, although they are also accompanied by multiple intrusive pop-up ads. Additionally, the seems to be targeting Turkish users, as the website is presented in Turkish.

There are also other signs of hijack, but they become more clear once the affected users start browsing the web. Once users type in a search query, the customized search engine returns results filled with sponsored links, which consequently changes what sites they visit. Additionally, most of the sites are filled with ads that are usually not present. Thus, if you want to remove from your browsers, you should check the instructions provided in the bottom section of this article.

Type Browser hijacker, PUP
Developer Troy Tech Co.,Ltd
Installation Users install browser hijackers unintentionally via software bundles
Targets Turkish users
Symptoms Homepage, new tab address and search engine are altered, search results are filled with sponsored links, all sites show more ads than usual, etc.
Risks The infected users are more likely to install other potentially unwanted programs on their systems, spend money on useless software or disclose their personal details on a scam website
Termination You can get rid of potentially unwanted programs by following our manual removal guide below or make use of anti-malware software that detects PUPs 
Recovery For best results, scan your machine with Reimage Reimage Cleaner Intego that may find files modified/corrupted by the virus

The main goal of is to drive visitor traffic to affiliate sites. This way, the developers of the browser hijacker artificially inflate the sponsors' website rankings and also gain profits from every visit. Therefore, it is in the main interest of the developers to expose users to commercial content as much as possible.

For effective operation, also uses tracking technologies like cookies or web beacons[2] in order to show users targeted advertisements based on their interests. The following data about users is collected:

  • IP address
  • Geolocation
  • Browser type
  • OS type
  • Sites visited
  • Links clicked, etc.

Besides that, Netmahal might also provide links to affiliated parties. However, the developers claim in their Privacy Policy that they are not responsible for any content contained on those sites. They even disclose that adware and other PUPs might be encountered on sponsored sites, but they are not responsible for the consequences of those installations:

To provide relevant information not found on our Web site, may provide links from our Web sites to third party Web sites and we encourage our users to read third party sites' privacy policies before submitting personal information. All the downloads and Exe files provided on this site are from a 3rd party and is not responsible for any files or adware that gets installed by their games and screensavers. They contain several adware products so download and install at your own risk. assumes NO responsibility.

Thereby, if you access a malicious website through the service, the developers of the site have no responsibility. You should think twice before using a service that is OK with their users being tricked into installing adware[3] while the developers get profits off of it. pup is a potentially unwanted application that displays sponsored results, urging users visit sponsored websites

We advise you to proceed with removal immediately. You can employ anti-malware tools for that, or make use of our manual guide in the bottom section of this post. For best results, however, we recommend resetting all the installed browsers and scanning your machine with Reimage Reimage Cleaner Intego to fix virus damage.

Try to avoid redirects, do not click on any content that it delivers because you can not only be rerouted to unknown third-party websites, but some of them may even be unsafe.

Practice safety when installing freeware

Generally, browser hijackers are not considered a major security risk – this is because the impact on users' online safety is minor. Nevertheless, due to sponsored links and inserted ads, users might end up on sites that will promote bogus tools or try to scam them into subscribing to useless services they do not need. Therefore, while the safety is mainly in users' hands, it is best to avoid browser hijackers as much as possible, as there are rarely any benefits from such applications, especially when there are so many free search engines that are reliable and do not fill search results with sponsored links.

To avoid browser hijackers and other potentially unwanted programs,[4] experts advise the following:

  • Choose official sources for your downloads
  • When using third-party sites, read up reviews on the application before installing it
  • Employ anti-malware software which would warn you about potentially unwanted programs
  • During installation, make sure Privacy Policy and EULA are provided
  • Beware of pre-selected boxes, fine print text, misleading buttons, offers and other tricks users by freeware authors
  • When prompted, always pick Advanced/Custom installation settings instead of Recommended ones. front page is directed to Turkish users

Get rid of and use reputable search engines instead

Without a doubt, the easiest way to remove is by using security software that can detect and uninstall potentially unwanted programs automatically. In most cases, such a process only takes a few minutes, so it also saves you time. Additionally, if one PUP is present on your system, more unwanted content is likely installed on your machine, so checking it is a good idea.

Manual removal is also possible – you can check the guide below. You will have to check the list of the installed applications and get rid of everything you do not recognize. In some cases, however, adware might gain persistence with the help of scheduled tasks or other methods, so eliminating them becomes difficult. If you encounter such a problem, use anti-malware software instead.

Finally, we strongly suggest you reset all the installed browsers, as browser hijackers like often leave traces that might return the unwanted activities.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove redirect, follow these steps:

Eliminate from Windows systems

To uninstall from Windows, you should access Programs & Features section via the Control Panel:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Remove from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Erase from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Uninstall redirect from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, should be removed from your Microsoft Edge browser.

Delete from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Get rid of from Google Chrome

After PUP elimination, reset Google Chrome browser as follows:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Eliminate from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Removal guides in other languages

Your opinion regarding redirect