Remove Extra Firefox Profile by GsearchFinder Browser Hijackers - How to, Technology and PC Security Forum |

Remove Extra Firefox Profile by GsearchFinder Browser Hijackers

yessearches-hobosearch-gfinder-sensorstechforumAd-supported and browser-hijacking software may not be malicious but it definitely can lead to serious consequences, if not removed on time. The more you postpone taking measures, the more vulnerable your system becomes to various forms of malware and spyware. Also, keep in mind that adware and browser hijackers often come bundled, which makes their removal even more challenging.

TypeBrowser Hijacker
Short DescriptionThe two GsearchFinder browser hijackers (HoboSearch and YesSearches) add an extra Firefox profile.
SymptomsUnwanted advertisements, unusual browser behavior, extra Firefox profile.
Distribution MethodIn bundled installers.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by GsearchFinder
User Experience Join our forum to discuss GsearchFinder.

Researchers at Malwarebytes recently found out that two GsearchFinder browser hijackers, YesSearches and HoboSearch, add an extra Firefox profile on the compromised system. Continue reading, as we’re about to tell you how to fix the issue.

YesSearches Technical Resume

When YesSearches is installed on your computer, several unwanted changes may occur. The browser hijacker may change DNS settings, browser settings, including the homepage, new tab page and default search engine of all browsers. Affected browsers are Google Chrome and Mozilla Firefox.

Keep in mind that YesSearches uses a secondary technique, a standalone process called “ShortcutBoost.exe”. That process rearranges the launch options of the Desktop and Quick Launch items of all browsers, so they all project “Yes Searches” upon initiating any browser. The homepage of all browsers is changed to “”.

Read more about YesSearches

HoboSearch Technical Resume

As reported by Enigma Software researchers, Hobosearch(.) com is likely promoted as a customized search engine for users in Asia. However, it’s only available in English and is in fact a crooked version of Google, created to display third party advertisements that may not be safe to interact with.

Keep in mind that Hobosearch may appear in your Plug-ins Manager with the name HohoSearch Enhancer and HohoSearch Toolbar.

Both of the browser hijackers – YesSearches and HoboSearch – have been found bundled with Amonetize, SoftPulse, Somoto and OutBrowse. Furthermore, the two of them share the same Privacy Policy, and as pointed out by Malwarebytes researchers, some of the phrases in the About section are likely copied from amog(.)com.

The browser hijackers also add a scheduled task, which means that various (unwanted and intrusive) advertisements will be displayed at set intervals. Researchers have observed the scheduled task be triggered every two hours. Here we get to the novel activity performed by YesSearches and HoboSearch – the creation of an extra Firefox profile.

This may sound as something difficult to deal with, but in fact fixing it is not that hard at all. Instead of altering your default browser profile, the browser hijackers create a new, pre-hijacked one.

How to Remove the Extra Firefox Profile Created by YesSearches and HoboSearch?

  • First, make sure to close all Firefox processes;
  • Then, simultaneously click Windows key + R to open the Runbox;
  • Write the command Firefox –P to open the Firefox profile manager;
  • Select the Firefox Default profile (not the “default” one) and select Delete Profile;
  • When asked if you want to delete the fake profile, click Delete Files;
  • Select Use the selected profile without asking at startup;
  • Keep in mind, that in case more than one profile is in the list, you should choose the one you want to use. Nonetheless, only the default profile should be left and selected automatically.
  • Click the Start Firefox button.

After you’re done with removing the extra Firefox profile, you should definitely consider scanning your system via an anti-malware program. If you’re experiencing other “classical” issues with YesSearches or HoboSearch, consider following the removal manual below.

Delete GsearchFinder from Windows and Your Browser

1.Remove or Uninstall GsearchFinder in Windows
2.Remove GsearchFinder from Your Browser

Remove GsearchFinder automatically by downloading an advanced anti-malware program.

1. Remove GsearchFinder with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against attacks related to GsearchFinder in the future
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the GsearchFinder threat: Manual removal of GsearchFinder requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share