Removal Guide

Do you know what is? is a malicious infection that uses the Windows Management Instrumentation (WMI) script to its own advantage. This infection manifests as a browser hijacker that corrupts the homepage. The bad news is that disabling this hijacker appears to be impossible because it is capable of reinstalling itself using the WMI tool. Because of that, most users have problems removing from their browsers. Luckily, it is possible to get rid of this infection with the right tools and the right approach. Our research team has thoroughly inspected this malicious threat, and you can learn all about the findings by reading this report. Note that a comments section below can be used to add any questions that we will try to answer to clear things up and help you eliminate the infection successfully.

According to our research, is a copy of such infamous infections as and It is unknown if these infections were created by the same people, but we have found out that creators either come from or are located in China. Also, they are responsible for a potentially unwanted program known by the name “YeaPlayer,” which proves that this party is not developing reliable software. Surely, you cannot trust a company that does not have a good reputation. Based on the recent data, users who live in India, Indonesia, Egypt, Brazil, and Saudi Arabia are most likely to become victims of the suspicious hijacker. So, how is it spread? Our research team informs that a malicious clandestine Trojan is the most probable culprit. A Trojan might slither in and stay hidden for months and even years, and it can silently download other infections without your notice. Of course, that means that other threats might be active as well, and, if they are, you need to find and delete them Removal screenshot
Scroll down for full removal instructions

When is executed, it modifies the homepage. Although it does not have a search tool like most other hijackers, it displays advertisements, and interacting with them could be dangerous. The banner ads shown might look harmless, but do not underestimate them. Even if they appear to promote great offers, what lies underneath could be completely unexpected. You should also be careful about the easy-access links that are represented via the home page of Some of these links, such as,,, or, might be harmless, but we cannot ensure that all links represented via the hijacker’s interface will be. Overall, we do not recommend interacting with this WMI hijacker, and it is important that you remove it as soon as possible.

There is no denying that is a serious threat, and you have to have real skills and experience to be able to remove it manually because you are dealing with the Windows Management Instrumentation script. If you do not know how to delete infection script from WMI, you should consider using an alternative removal method, which is to install anti-malware software capable of erasing malware automatically. Considering that a clandestine Trojan is likely to be present as well, we strongly advise employing a trusted anti-malware tool without further hesitation. This tool will reliably eliminate all active threats, as well as enable protection ensuring that your operating system does not get infected with malware in the future. Should you stick with manual removal, do not forget about Windows protection.


  1. Launch Windows Explorer by tapping Win+E keys.
  2. Enter C:\Windows\System32\ into the address bar at the top.
  3. Enter wbemtest into the search box on the top-right corner to find it.
  4. Right-click the executable called wbemtest.exe and select Run as Administrator.
  5. In the WMI Tester window click Connect…
  6. Place the cursor in the Namespace box and enter root\subscription.
  7. Click Connect again, and a new window will show up.
  8. Check Enable All Privileges and click Enum Instances.
  9. In the Class Info dialog box enter ActiveScriptEventConsumer and click OK.
  10. In the Query Results menu look for an instance called ASEC.
  11. Select it and click Delete and then exit all menus.
  12. Right-click the shortcut of the infected browser (you will have to repeat this with all shortcuts).
  13. Select Properties, click the Shortcut tab, and move to Target.
  14. Erase the hijacker’s appendage and click OK (the normal Target should show only the location of the main browser’s .exe, such as "C:\Program Files\Internet Explorer\iexplore.exe").
  15. Do not forget to scan your PC to see if other threats are active, such as clandestine Trojans.

In non-techie terms:

If your web browser was corrupted by, other threats might be active as well. Inspect your operating system with a reliable malware scanner to see if other dangerous infections are active because they could be even more aggressive than the hijacker itself. Of course, you cannot underestimate the hijacker, and removing it is crucial. Unfortunately, this WMI hijacker is capable of employing WMI script to stop you from eliminating it, and you have to use a very unique method to eliminate this infection. Needless to say, you do not have to delete manually. In fact, we believe it would be much better and safer if you employed automated malware detection and removal software, especially if other threats are active on your PC. If you are struggling to erase the infection from your operating system, use the comments section below to communicate with us. We will try to help you at our best ability.