Browser Redirect Trojan:JS/Medfos. How to remove

Browser Redirect Trojan:JS/Medfos is the malicious tool that does a lot of troubles on the compromised PC.The main signs of its presence on your machine are more than obvious – it alters your default homepage value and further redirects your searches to the unwanted web pages but not to the actual page you indented to visit. It is really annoying. Your Web surfing becomes unbearable.

These system changes may indicate the presence of this malware:

When entering search queries, you are redirected to one of the following pay-per-click sites:


The presence of the following browser extension in Mozilla Firefox:

Mozilla Firefox

The presence of the following browser extension in Google Chrome:

Google Chrome

What are the reasons for this? It’s typically a trojan delivered with a browser extension. This little malicious particle is really persistent in that it impudently does different things to your PC without asking you. To be short, you lose control over your browser. So whenever you are on Google looking for something of crucial importance for you, all the links there will be directing you to the wrong URL, being constantly replaced. So it is a must to stop this turmoil and restore the normal browsing capability. The step by step algorithm of Browser Redirect Trojan:JS/Medfos elimination is outlined in our post, so be sure to do exactly what is stated in the instruction to completely get rid of this redirect problem.

Browser Redirect Trojan:JS/Medfos Removal Guide

  1. Show hidden files and folders.
    Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options. Click the View tab.
    Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.

show hiden files

  1. Open Registry entries. Find out the malicious files and entries and then delete all.
    Attention: Always be sure to back up your PC before making any changes.

a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.


Registry Editor
b.All malicious files and registry entries that should be deleted:
Trojan:Win32/Medfos.B is typically installed by variants of Win32/Medfos. and is present as a DLL file in the %TEMP% or %APPDATA% folder,
for example “%TEMP%\btpse.dll”, “%appdata%\ntvms.dll”.
The system registry is modified to run the trojan at each Windows start via “rundll32.exe”, for example:
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: “ntvms”
With data: “rundll32.exe “%appdata%\ntvms.dll”,[rnd]”

Launch the full system scan with a reputable antispyware program, like GridinSoft Trojan Killer and remove all detected threats “invited” during redirects.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Leave a Reply

Back to top button