Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 510
Category: Browser Hijackers

When shows up in your browsers as your new home page, you should not hesitate to act. As a matter of fact, this is a potentially harmful search website that is already blocked by security programs. You can be infected by this threat when a browser hijacker finds its way to your system. Our research shows that this hijacker is a new variant of This infection uses sophisticated techniques to make sure that you cannot easily get rid of it. Since this browser hijacker can expose you to unsafe third-party content and enter your system with other malware infections, we believe that it is best for you to remove from your PC as soon as possible. Unfortunately, this time it will not be as easy as modifying your home page settings but we have prepared the necessary instructions for you so you can eliminate this threat without leftovers. However, before you jump to the bottom of this page, we are offering you a deeper insight into this malware infection so that you may be able to avoid the next attack.

When you find this annoying search website in your browsers, it is possible that you have installed a free program recently. Maybe you downloaded this free software from the wrong website, i.e., a shady freeware or torrent page. You need to know that while there are reputable file-sharing sites that you can actually trust, cyber criminals has set up lots of fake ones that cannot wait for your click on the download button to infect you with a bundle of malware threats and potentially unwanted applications. Such a bundle may contain browser hijackers, adware programs, Trojans, keyloggers, and more. It is always the safest to install programs through official pages even though crooks can easily set up promotional pages that may strike you as professional or reliable.

But it is also possible that you simply click on the wrong content, i.e., a third-party advertisement while surfing the net. This ad in question can also be one that is disguised as a false system notification or a system pop-up, but it can also look like a navigation button or a download button. If you click on unsafe content, you can always drop infections or bundles onto your computer or end up on a malicious website that could scam you. You should also consider the possibility that your computer was already infected with malware when you let this bundle on board. This is why we suggest that you frequently scan your system with a trustworthy malware scanner. So when you delete, remember to check your PC for other potential threat sources as well.

Once this browser hijacker manages to infiltrate your system, it changes your home page settings to either or However, this infection does not simply modify your browser settings; it uses Windows Management Instrumentation (WMI) in order to change the Target lines of your browser shortcuts. In this sense, this hijacker is very similar to This clearly makes it a lot more difficult for inexperienced users to detect and eliminate from their system because every time they enter a new home page URL it will be overwritten.

This search website is in Russian language. This page hosts a couple of potentially unreliable third-party ads, a search box, a row of quick-link thumbnails redirecting to popular websites (e.g., Facebook, Amazon, YouTube, and Ebay), thumbnails leading to online games ( that may also present you with questionable and misleading third-party ads, and a few quotes that appear to be Russian jokes or jokes in Russian. The search engine takes you to another questionable search results page generated by, which may contain potentially unreliable content, such as third-party ads and sponsored links. We do not advise you to ever use this search engine because you may drop further infections onto your machine, but you may also get redirected to fake or malicious websites that can cause even more serious privacy and other issues for you. If you do not want to lose money from your bank accounts or experience identity theft, you should remove from your system. Of course, we do not claim that every click on this page can have such an awful consequence but it is certainly a possibility to end up badly.

In order for you to be able to clean up the mess this browser hijacker made, you need to remove the WMI script, a number of registry entries, folders, and restore the Target lines of your browsers. These may be steps that you need assistance with. Please find our instruction below to help you manually delete and all related file and changes. Letting such a malicious threat on board may make you think that you should defend your PC more efficiently. Keeping all your programs and drivers always updated and avoiding suspicious websites are two easy ways to make sure that you do your best to protect your computer. However, even that could not save you necessarily from more sophisticated and stealthy attacks. Therefore, we advise you to think about installing a professional malware removal tool, such as SpyHunter.

How to remove from Windows

  1. Tap Win+Q and type in cmd.
  2. Right-click the appearing Command Prompt link and choose Run as administrator.
  3. Type in the following commands at the prompt and hit Enter key after each line:
    “wmic/namespace:\\root\subscription PATH__EventConsumer delete”
    “wmic/namespace:\\root\subscription PATH__EventFilter delete”
  4. Exit the Command Prompt.
  5. Press Win+R and type regedit. Click OK.
  6. Remove these registry entries:
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YeaDesktop (64-bit)
  7. Close the editor.
  8. Press Win+E.
  9. Delete these folders:
    %ALLUSERSPROFILE%\Start Menu\Programs\YeaDesktop
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\YeaDesktop
  10. Empty your Recycle Bin.
  11. Restart your computer.

How to restore the Target lines

  1. Right-click on your browser shortcut on your desktop.
  2. Choose Properties and click on the General tab.
  3. Check if the Read-only box is unchecked.
  4. Click on the Shortcut tab.
  5. Remove the extra string in the Target line field after the quotes. Click OK.
  6. Right-click on the shortcut on your Taskbar to display the menu.
  7. Right-click on the browser name option at the bottom.
  8. Repeat steps 2 to 5 to restore the Target line.
Download Remover for *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter. Screenshots:


Your email address will not be published.


Enter the numbers in the box to the right *