Browser Hijacker Removal Guide
THREAT REMOVAL Browser Hijacker Removal Guide site home page image

The article will help you to remove effectively. Follow the browser hijacker removal instructions at the end of this article.

A dangerous browser hijacker called has been found to infect computer users worldwide. The victims report serious security and privacy issues and the domain has been known under the alias of TubeWorld or TubeWorld New Tab Search.

Threat Summary
TypeBrowser Hijacker, PUP
Short DescriptionEvery browser application which is on your computer will get affected. The hijacker can redirect you and show you lots of advertisements.
SymptomsBrowser settings that get changed are the start page, search engine and the new tab page.
Distribution MethodFreeware Installations, Bundled Packages
Detection Tool See If Your System Has Been Affected by


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss – Delivery Methods

The browser hijacker can be attained using different spread methods. One of the most popular ones is the distribution of spam email messages that feature social engineering tricks. The aim of the hackers is to confuse the victims into infecting themselves with the browser hijacker. It may also be referred as TubeWorld or World New Tab Search. There are two main types of email spam campaigns that are usually employed:

  1. Embedded Malicious Links ‒ The criminals seek to insert links in the body contents that lead to dangerous executables. Once they download and start the downloaded program the browser hijacker is automatically started.
  2. Direct File Attachments ‒ The emails contain instructions on downloading and running attached files that contain the malicious instance. Depending on the case the hackers can resort to infected documents that serve as payload downloaders. They are usually office files (spreadsheets, rich text documents or databases) that contain built-in scripts (macros). When they are run the browser hijacker is downloaded from a remote server and executed on the local computer. In other cases the email host the malware directly. infections can also be attained by downloading infected software installers from the Internet. The criminals behind the browser hijacker create fake download sites that pose as legitimate sources. P2P networks like BitTorrent are often used as well.

Take note that browser hijackers redirecting to the domain can also be deployed by web scripts, redirects and ad networks.

The browser hijacker can also be obtained from various fake Chrome Web Store extensions and other application repositories. – In-Depth Overview

Computer criminals have devised the dangerous browser hijacker to be compatible with several of the most popular web applications. Versions of it are also known as the TubeWorld or TubeWorld New Tab Search. Known instances of it include Google Chrome, however it is suspected that versions are made for other browsers as well: Mozilla Firefox, Safari, Internet Explorer and Microsoft Edge.

Upon infection with the malware the victims will find that important settings on their browsers have been changed. One of the primary goals is to redirect the computer users into a hacker-controlled search engine ‒ at the moment this is the malicious address The made changes include the default home page, search engine and new tabs page.

At the onset of the infection the malware can also incur other actions against the compromised system:

  • Information Harvesting ‒ The malicious plugin can harvest sensitive information from the infected browsers. This includes: history, bookmarks, settings, passwords, form data and account credentials. The downloaded information can be used to break conduct identity or financial crimes.
  • Operating System Changes ‒ The virus engine is able to perform dangerous operating system changes. This can lead to performance and stability issues, user settings removal and other problems.
  • Persistent Installation ‒ Some certain strains can perform a persistent installation. This is an advanced infection technique that actively counters manual removal methods.

When the users are redirected to the domain they are shown a familiar looking user interface. It shows a search engine, followed by several icon links that all redirect to familiar services and social networks. In the footer menu the users can see the alias of the domain TubeWorld. The main page itself is called New Tab Search. cookie image

When the users interact with the site and any of the links a tracking cookie is imposed on the victims. It is used to track all activity and habits, the data is transmitted to the hacker operators in real time.

The company operator of the domain is Polarity, a well known maker of browser hijackers and associated sites. They operate a large network of affiliate domains. The full mailing address provided is the following:

Polarity Technologies LTD
Nora Court, 3rd floor, office 301
Limassol, Cyprus 3040
[email protected]

Note that the use of the provided search engine leads to the generation of sponsored ads displayed by the malicious site are not the best search results. They are probably linked to affiliate money generation schemes. Use of the site or any of the linked services may lead to dangerous virus infections. – Privacy Policy

The privacy policy is available on the footer menu found on the bottom of the home page. It lists in detail all privacy-related issues that might arise from the use of the site or any of the linked services.

Among them is the fact that the users automatically consent to the document by accessing the site or any associated services. The collects a lot of sensitive information ‒ data that can both identify the users individually and detailed statistics about the hardware componenets, installed software and configuration. Search queries are also included in the document. Every victim is assigned with a unique victim ID (UID) and all data is relayed automatically to the hacker operators.

  1. Anonymous Data ‒ Includes the site and hijacker usage patterns, responses to offers, type and version of the web browsers, operating system type and version, IP Address, your Internet service provider (ISP), geographical location and other “diagnostic” information.
  2. Personal Information Disclosure ‒ As all interaction is recorded and transmitted to the hackers, the service may come in contact with personal information. This includes names, email or mailing addresses or other data that can identify a site visitor.

The harvested data can be disclosed to other affiliates or subsidiaries as well as advertising networks. In addition they can be loaded into databases used to launch sponsored ads in a more efficient manner.

Remove Effectively

To remove manually from your computer, follow the step-by-step removal instructions provided below. In case the manual removal does not get rid of the hijacker redirect and its files completely, you should search for and remove any leftovers with an advanced anti-malware tool. Such a program can keep your computer safe in the future.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share