Jyhjyy.top Removal Guide

Do you know what Jyhjyy.top is?

Jyhjyy.top is a malicious search engine that we have classified as browser hijacker. However, this particular hijacker is far more malicious than most other hijackers because it prevents you from removing it as it utilizes the Windows Management Instrumentation (WMI) that appends the web browser’s shortcut target line with its URL that set as the homepage address. Also, this cleverly designed hijacker is configured to show promotional links in its search results and generate advertising revenue. There is no way to tell whether the promoted links are safe and we think that in some cases they may not be safe. So we highly recommend that you take action against this annoying and dangerous hijacker.

In most cases, browser hijackers come bundled with malicious installers that insert them into the browsers or accompanying browser extensions that modify the browser settings to set them as the homepages, search providers and/or new tab pages. In the past, browser extension-based hijackers changed the shortcut target lines of the web browser’s to override the user settings and reset the hijacker as the main homepage, search engine, and so on.

Jyhjyy.top’s developers have outdone themselves when implementing the target line hijacking function because browser hijackers released in the past protected the hijacker from the user modifying the homepage address by hijacking the target line, but the hijacked target line could be easily fixed. However, this particular browser hijacker has a protective measure that resets the target line hijack every ten seconds. So getting rid of it is not that easy, but possible nonetheless.Jyhjyy.top Removal GuideJyhjyy.top screenshot
Scroll down for full removal instructions

Our researchers have tested Jyhjyy.top and have come to the conclusion that it is nearly identical to Yeabests.cc. It uses Trojans to infect unprotected computers, and they append the target line with the http://jyhjyy.top address. Also, it is registered as an instance of the ActiveScriptEventConsumer class in ROOT\subscription namespace. It is named ASEC that contains a VBScript that is set to execute every ten seconds. When this script is executed, it will infect the shortcuts to set Jyhjyy.top as the default homepage of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and other web browsers because this hijacker is compatible with almost all browsers for Windows. Due to the unique method used to infect and maintain the infection on your PC, this hijacker does not require additional files to run, so the Trojan that drops it onto your PC deletes itself. Indeed, this is a unique infection, but what is the purpose of hijacking the browser’s homepage? Let us find out.

Our malware researchers say that like most browser hijackers, this one is also set to generate advertising revenue by forcing you to use its search engine for processing the search queries. Apparently, this fake search engine uses Google Custom Search to process them, but that is not the same as using Google.com. The search results are customized to include additional promotional links that generate Jyhjyy.top’s developer money. We want to stress that is some cases the advertisements may be unsafe and jeopardize your computer’s security. In addition to ads presented in the search results, Jyhjyy.top’s main page is also set to feature links to popular social media, online shopping, and other legitimate websites. Also, it features links to online Flash games from Games.softgames.de. We find this hijacker’s promotions as untrustworthy, and our researchers recommend that you remove it from your PC as soon as possible.

If you have decided to get rid of Jyhjyy.top, then there are two ways you can approach this. Our researchers have found that the antimalware tool SpyHunter is capable of detecting and eliminating it. However, you can also remove it manually. Of course, if you opt to get rid of it on your own, then it will involve more effort. Please consult the instructions below on how to eradicate this infection.

How to remove this browser hijacker manually

  1. Hold down Windows+E keys.
  2. Type in C:\Windows\System32\wbem in the File Explorer’s address box.
  3. Right-click he file named wbemtest.exe
  4. Click Run as administrator.
  5. Click the Connect button on the right.
  6. Type root/subscription in Namespace.
  7. Click Connect and select Enable All Privileges.
  8. Click Enum Instances and enter ActiveScriptEventConsumer and click OK.
  9. Select ASEC and click Delete.
  10. Close and Exit.
  11. Then, right-click your web browser’s shortcut and select properties.
  12. Select the Shortcut tab.
  13. Erase http://jyhjyy.top from the target line and click OK.

In non-techie terms:

Jyhjyy.top is a browser hijacker that is set to replace your web browser’s homepage. If you use it, then you will be subjected to promotional links from unknown sources. We regard it as malicious and you might want to get rid of it. However, its developers have designed it to prevent you from removing it. Therefore we suggest that use make use of the guide presented above to eradicate it completely.