Short Bio

This is a detection for Trojans that use the Windows Management Instrumentation (WMI) infrastructure to alter victims’ browser shortcut files in order to add the target site so the browser(s) open with that site.

You can read more about WMI hijackers in our blog post, Explained: WMI hijackers.

Common method of infection

The majority of these hijackers are installed by bundlers.


Malwarebytes can remove this threat without further user interaction. However, a reboot is required after threat removal.

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language