Severity scale:  

Remove virus (Removal Instructions) - updated Apr 2019

removal by Gabriel E. Hall - - | Type: Browser Hijackers is a browser hijacker that modifies web browser settings in order to show users fake search results

Questions about virus is a browser-hijacking application developed by Kinner Lake Limited – a Gibraltar-based company. The unwanted programs usually enter machines without users noticing, as software bundles typically try to hide optional installs under Advanced settings, and most people simply skip this step by choosing the Recommended mode. Once inside the machine, virus starts performing a variety of changes, including the ones that modify users' homepage and a new tab, along with the search engine. From that point, users are forced to browse via the hijacked engine,[1] which typically shows them fake search results that include a colossal amount of sponsored links, deal with redirects to questionable websites, and suffer from the slow operation of the browser.

Type Browser hijacker, Potentially unwanted program
Related apps Under Cover Search, Flowsurf
Developer Kinner Lake Limited
Distribution Software bundling, third-party websites
Symptoms Homepage set to hxxp://, excessive amount of sponsored links in search results, pop-up ads on various sites, redirects to affiliated or dangerous websites
Risk factors Money loss, malware infection, data leak
Removal Delete the browser hijacker with security software or use our guide for manual termination
Optimization To recover from the infection, scan your device with Reimage Reimage Cleaner Intego

While browser hijackers are not considered to be severe computer infections, their presence might compromise computer security and users' online safety. In this article, we will explain peculiarities of this type of threat, and will also describe how to remove from Google Chrome, Mozilla Firefox, Safari, Opera, or another browser.

The primary goal of Under Cover Search developers is to generate traffic to sponsored websites, which would consequently increase the profits for both parties. For that, PUP authors need to make sure that hijacker reaches as many users as possible – hence the shady distribution technique.

Once the changes to the installed browsers are made, starts its shady activities by displaying sponsored content, placing a layer of ads on most sites, exposing to altered search results, and also tracking users' web browsing activities. This is done with the help of tracking technologies, such as Beacons[2] or Cookies. This information-gathering allows developers to gather the following information:[3]

  • technical information transmitted by your device such as type of operating system, device type, default browser;
  • your aggregated use of the Software, basically we know if you installed the software;
  • usage statistics;
  • language and the time stamp;
  • approximate geographical location.

This data is collected in order to generate personalized ads, but these are always coming from the affiliates. Therefore, hijack can manipulate what sites users visit, influence their interests and make them buy products or services that they otherwise would not.

Therefore, while the browser hijacking changes might seem relatively minor, it might result in the installation of potentially dangerous apps, exposure to online scams, and even malware infection. Thus, if you noticed that your homepage has changed, check your system with security software or perform manual removal as explained below. After you kill the PUP, make sure you use Reimage Reimage Cleaner Intego or similar repair software to bring your device to a pristine condition. is a browser hijacker that modifies web browser settings without permission in order to perform the revenue-generating activities

Make use of Advanced installation settings to avoid PUPs

If you do not want to let potentially unwanted programs hijack your computer, you should pay more attention to the software installation process. Contrary to many people’s beliefs, Default or Recommended installation settings are not the ones that should be trusted during the procedure.

In fact, Custom or Advanced settings will allow you to determine which applications are secretly offered to you. Therefore, opt for these settings because they enable you to reject unwanted items added to the desired software. Be aware that most of the free apps will include some sort of “offer” or “deal,” and it might be hidden in various ways, including grayed out buttons, pre-ticked boxes, misleading placement of the toggle, etc.

There are two ways to terminate from your computer

As we already mentioned, the presence of a browser hijacker will not bring you any benefit but instead will manipulate the search results and expose you to potentially dangerous content. For that reason, it is best to take care of removal before you compromise your computer safety.

You can remove virus manually or automatically. The latter option is best for those who are less tech-savvy, however. It will allow you to terminate the unwanted application in just a few minutes. Simply download and install a security program that focuses on potentially unwanted program removal and then perform a full system scan. Alternatively, you can also use our instructions below to delete the PUP manually.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove virus, follow these steps:

Uninstall from Windows systems

There are several programs that might be related to appearance of site and browser redirect problem. Therefore, you should look for Under Cover, Flowsurf, and other programs published by Kinner Lake Limited. Remove all of them, and then thoroughly check every web browser for suspicious components and revert modified settings. The tutorial we provide should help you to complete this task.

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Eliminate from Mac OS X system

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the entries.Uninstall from Mac 2

Get rid of from Internet Explorer (IE)

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example,
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete removal.Reset Internet Explorer

Remove virus from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Erase from Mozilla Firefox (FF)

Do not forger to reset Mozilla Firefox to make sure that all the setting changes performed by the hijacker are reverted:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Delete from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Uninstall from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages

  1. Robert says:
    November 28th, 2016 at 2:08 am

    Under Cover is insanely useless dont try to use it… .Im telling ya

  2. Godzilla says:
    November 28th, 2016 at 2:09 am infected chrome, mozilla, and IE…. now i gotta clean them all, and its so disturbing. i have to waste my time because some nasty browser hijacker wnats me to use this stupid search engine! Thats not fair!

  3. u_n_o says:
    November 28th, 2016 at 2:10 am

    Why did I click on that “Install UnderCover” button….

  4. CoMi222 says:
    November 28th, 2016 at 2:10 am

    Finally fixed the PC!!!! Nailed it

Your opinion regarding virus