Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

What is a browser hijacker? How to remove it

You open your browser of choice and notice something strange. Instead of your normal homepage, you’re looking at a search engine you’ve never seen before. Every new tab sends you back here, and changing your browser settings seems to have no effect. Your browser has been hijacked — but what is a hijacker? How did it happen? And what should you do next?

What is a browser hijacker? How to remove it

What is a browser hijacker?

A browser hijacker is a piece of malicious software that takes control of your browser, redirecting you to specific pages and altering your settings. It often forces you to use a new search engine and makes it extremely difficult to navigate from page to page.

Some browser hijackers are designed to generate ad revenue. They redirect you to pages with adverts, artificially boosting ad revenue for whoever is operating these sites. Others can be much more insidious, installing spyware, gathering information about your browsing history and online habits and paving the way for cyberattacks, including session hijacking and DNS hijacking.

Here are a few common examples of browser hijackers.

  • Ask Toolbar
  • RocketTab
  • GoSave
  • CoolWebSearch
  • Coupon Server

How to detect browser hijackers

The one positive thing about browser hijackers is that they’re very easy to detect once they become active. Here are some things to look out for.

  • A new search engine. This is a huge red flag. If you normally use Google, DuckDuckGo, or any other popular search engine, and suddenly your search bar is sending your queries through an engine you don’t recognize, you’re almost definitely dealing with a browser hijacker. Search Marquis and Ask are two of the most common to watch out for. The Wave browser malware also changes your default search engine to redirect you to websites that pay it commission.
  • A familiar but unexpected search engine. Not all hijackers start with an obviously suspicious search engine. Instead, some will start by changing your browser’s default search engine to Bing. Many users will think nothing of this, as Bing is a well-known service. However, suppose they continue to use it. They’ll find that this version of Bing causes some unexpected redirects, downloads malware, and is replaced with one of the aforementioned bogus search engines a few days later.
  • Settings can’t be changed. If you notice that you can no longer alter your browser settings or that changing them doesn’t seem to have an effect, be on the alert. Browser hijackers work their way into your settings and make it essentially impossible to reset your preferred search engine and homepage.
  • The infection spreads. Browser hijackers don’t stop once they’ve infected one application. They’ll add themselves to other browsers on the same device. You might think there’s a bug in one of your browsers, but when the same forced redirects, intrusive pop-ups, and strange pages are appearing on multiple browsers, there’s a hijacker at work.
  • A slower online experience. This one is a little subtler, but you may notice your browser becoming slower before any other major warning signs appear. Pages won’t load as quickly because malicious software is being installed behind the scenes, taking up bandwidth.

How to remove a browser hijacker

Removing browser hijackers can be quite a difficult task because it’s not always clear how they got onto your device in the first place. There are two approaches you can take: manual and automated.


If you want to locate and uninstall the hijacker manually, try these steps:

    1. Clear all browsing history, cookies, and cache from all browsers on your device.
    2. Search through your applications for any software you downloaded shortly before the hijacker appeared. If you installed a piece of free software a few days earlier, this is almost certainly how the hijacker got onto your device.
    3. Uninstall any software you think may have been the host for the hijacker, and then remove all system files related to that software. This is a crucial step. You might delete the program you downloaded, but there are still likely to be folders on your device which contain program files that came with the original download. These have to go.
    4. Once you have removed all files related to recent software downloads, open your browsers and reset all settings to default or your specific preferences. It’s important to do this because uninstalling the hijacker won’t reverse all the changes it made to your settings — you’ll need to change them manually.
    5. Test your browser by opening new tabs, clicking on the homepage button, and using the search bar.

This may work, but it’s a laborious process, and it’s likely you won’t be able to find and remove all risky files. If you’re struggling with this, try an automated approach.


Good antimalware software should be able to find and neutralize browser hijackers, along with any other malware on your system. There are many good-quality antimalware apps available, and whatever one you choose, it will offer to scan your device for threats and unwanted programs. Let it run this scan, and then instruct it to quarantine and delete what it finds.

It’s important to remember that not all antimalware will find browser hijackers, as some of them don’t show up during malware scans. Make sure to use antimalware with a free trial so that you don’t end up buying software that can’t actually find and delete hijackers.

With that in mind, you may need to try multiple antimalware programs until you find one that can do the job.

How to prevent browser hijacking

Browser hijacker removal isn’t always easy, so the best thing to do is to avoid being infected in the first place. Follow these three steps to prevent browser hijacking.

    1. Don’t download free software from unknown websites. From editing programs to video games, there’s a wide variety of online applications you can download for free online. However, many will come from obscure websites that you know very little about, and these may be bundled with unwanted software, including browser hijackers. Only install apps and software from well-known websites and stores, and be very wary of anything that doesn’t come with an obvious price tag.
    2. Keep firewalls and antimalware active. Though antimalware can be useful for removing hijackers, it’s better to have it installed beforehand, so it can prevent malware from being downloaded in the first place. Keep your security software up to date, and don’t shy away from investing in premium security services; the more protection you establish now, the fewer problems you’ll have later.
    3. Monitor your device for early warning signs. If you know what to look out for, you can catch the unwanted programs before they embed themselves too deeply in your device. If your browser is slow or unknown files are appearing in your downloads folder, don’t shrug it off. Remove any suspicious programs immediately and run an antimalware scan.

We would also suggest that you prevent browser hijacking through use of tools like NordVPN’s Threat Protection Pro feature. This powerful service protects NordVPN users from sites that are known to spread malware, limits invasive online tracking, and blocks ads.