Removal Guide

Do you know what is? is a serious browser hijacker that might sneak onto the system secretly. It has been observed that it travels together with the application for editing pictures. The application itself does not seem to be bad; however, it will not inform you about its presence too. Users who do not open browsers frequently might not even know that they have the browser hijacker installed on their computers because it does not do anything but appears on all the browsers (Internet Explorer, Google Chrome, Mozilla Firefox, and Edge). In some cases, users might also notice that their default browsers are opened together with If you suspect that you have encountered this browser hijacker and your suspicions are confirmed when you open your default browser, you should know that you need to eliminate this browser hijacker from the system as soon as possible. The reason is simple - might expose you to potential threats really quickly, so it would be best not to keep it.

Our team of researchers has thoroughly checked First of all, it has been found that this browser hijacker is the most prevalent in Ukraine, Belarus, and Kazakhstan at the time of writing. If you live in any of these countries, you must be extremely careful because you might encounter this infection. There is no doubt that this has already happened if you can find the ImageEd.exe file in %AppData%\ImageCropResize. In fact, this infection will apply other changes to the system too. For example, it will create the ImageEd value in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Most probably, it does that to be able to start working the moment Windows OS loads up. Also, this infection will create the njs value in the HKCU\SOFTWARE\ImageEd registry key. It seems that it does that because it is going to cause redirections to every 90 minutes. itself will redirect users back to, so they will not even notice the presence of Of course, we suggest getting rid of this browser hijacker not because it applies all those Removal screenshot
Scroll down for full removal instructions

Let us explain you briefly why we do not think that keeping is a good idea. Yes, we agree that might look like a decent web page at first sight because it provides interesting content (e.g. videos and articles on different topics); however, we also know that this web page might contain a bunch of untrustworthy links and advertisements. It means that you might be taken to an untrustworthy third-party website full of malicious software after clicking on any of those links or ads. We are 99% sure that this hijacker will also track you in order to find out more information about you and your activities on the web because it seeks to provide you with the relevant content. You will not stop this hijacker easily. Actually, the only thing that you can do is to erase the browser hijacker from the system.

There is no doubt that browser hijacker is always installed on the system secretly. It even tries to hide itself in the folder of the photo editing program ImageCropResize. This application is quite legitimate; however, its uninstaller in Control Panel removes only the uninstall.exe file from its main folder. It is hard to delete itself too because it cannot be erased like an ordinary piece of software. Even the browser reset, which usually helps to eliminate suspicious search engines, does not help to remove Do not worry; there is a way to eliminate this browser hijacker fully. All you need to do is to follow our instructions provided below step by step. Do not forget that they will not help you to delete additional threats. If you want to erase all the infections at once, you need to scan your system with SpyHunter. It will take care of all the infections for you within seconds.


  1. Open the Windows Explorer (Windows key + E).
  2. Go to %AppData%\ImageCropResize\ImageEd and find the ImageEd.exe file (kill the explorer.exe process in the Task Manager and start it again if you cannot remove the file).
  3. Launch RUN (Windows key + R).
  4. Enter regedit.exe into the box and click OK.
  5. Move to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the ImageEd value.
  6. Right-click on the njs value in HKCU\SOFTWARE\ImageEd and select Delete.
  7. Scan your system with SpyHunter to make sure that all the components of the hijacker are deleted, and there are no other threats.

In non-techie terms:

As browser hijackers usually sneak onto computers without permission, we highly recommend being very attentive in the future. First of all, you always need to read the information provided in setup wizards. Secondly, it is a must to download software from reliable sources, and, third, users should always keep the security tool installed on their computers.