Hao123 - Dangerous! How To Remove (Steps + Guide) - Team HTRI

Earlier a reputed search engine, now a virus!

So, why is ‘Hao123’ categorized as Malicious?

Hao123, a popular Chinese search engine which is now being called as “Hao123 virus,” as it acts as a gateway to other malware that is available online.

Image 1: Official Homepage of Hao123

Get peace of mind! Get rid of malicious programs instantly

Free Malware Scan Compatible with Win 10,8.1,8 & 7

As you are here reading this article, we can only assume that you have been seeing ads from ‘Hao123’ and that you want to know more about it.

In the next few lines, you would see how ‘Hao123’ takes control of a web browser and also the reasons behind it being categorized as malicious.

Hao123 also goes by the names hao.123, en.hao.123, hao123.com, hao123.cn, tw.hao.123, jp.hao.123, br.hao.123, vn.hao.123, and many more.

Image 2: Another known version of Hao123

A web browser will display pop-up ads from ‘Hao123’ when it is infected with adware and it will also frequently redirect your searches to its malicious portal.

This is considered as an adware attack because the add-on that is injected into the browser was purposely made to deliver ads on the PC. Pop-up and browser redirect shown by ‘Hao123’ have one goal.

The redirects and ad pop-ups are considered as an attack on a user’s browsing experience.

Also Read: Vidzi.tv – not Safe! Vidzi TV is a Virus! Remove it NOW (Easy Steps)

This kind of attacks are purposely injected into the web browser through adware and the continues interruption by pop-ups and redirects are called as adware attack.

‘Hao123’ is a "Browser Hijacker" that was installed on your PC with a freeware software with an end-goal to authorize the installation of "adware," a malicious program, without the user’s permission.

Commonly known versions of Hao123

• Hao123Tab: It is a browser extension which replaces the default home page, new tab and search engine of the web browser to ‘www.hao123.com’. It is a ‘Potentially Unwanted Program’ that should be removed immediately if present in your web browser. This browser extension also causes redirects to malicious third-party websites when a user attempts to use Hao123 search. 

• Us.Hao123.com virus: Adding to the list ‘Us.Hao123.com’ is yet another popular version of the famous Chinese search engine that delivers various questionable contents on the user’s screen. This website will force a variety of ads and redirects, which are likely to be from third party malicious websites. If you notice your web browser's settings have been modified without your consent, then make sure to get rid of Us.Hao123.com.

• ar.hao123 and Id.Hao.123 are not the strongest of the competition when compared to other versions of Hao123. Their major objective is to broadcast the content from third-parties by presenting advertisement pop-ups. You can find these malicious websites disguising itself to look like sports, social networks, entertainment, or news websites. 

How to know if your system is infected with ‘Hao123’?

‘Hao123’ will redirect you to alternate search results rather than what you have been looking for. Thus, to reach what you have searched for you might have to go through multiple redirects and advertisements. 

Also, some of these redirects might be used to spread malware

How does ‘Hao123’ adware work?

Once the adware has successfully infiltrated a system, it would display fake security alerts, discounted coupon codes and other attractive advertisements banners in the web browser. Once a user is fooled into clicking these banners, the developer gets paid for it this technique to make money is called “Pay Per Click.”

How is adware harmful?

Although adware will not cause any harm to your files or operating system, it will certainly annoy you with frequent notifications and ad popups.

Never forget it is a malicious program, and the longer it stays on a computer, the more it weakens the firewall of the computer making way for another malware.

That’s not it Adware connects your PC to “Control and Command Centre” which is operated by the hackers and using an adware they can steal your confidential files, IP-address, your location, browser type, operating system details, and etc.

Targeted Web Browser:

1. Google Chrome.
2. Mozilla Firefox.
3. Safari.
4. Internet Explorer.

Techniques used to distribute ‘Hao123’ browser hijacker:

1. Social Clickjacking: Creators of such infections use online media such as Social Network and tempting advertisements to provoke or let us say in fooling the users to click on the ads, i.e., Update your flash player or win an iPhone X.
2. Spam emails: These hijackers can get into your computer through malicious email attachments and download links present the body of the mail. This emails usually appear to be from a reputed organization, i.e., Banks and insurance companies.
3. It can infect the computer through infected websites or malevolent websites.
4. It can also trick you by fake security alert or system updates.
5. Torrents & P2P File Sharing: Torrents and files shared on P2P networks have a high probability of being a carrier to such infections.
6. It can also infect the computer through portable storage devices like USB stick, portable hard drive or through a disk.
7. Bundling: The quickest and the most relaxed way of infecting a user’s PC with any malware is through freeware software’s, and in this case, the user is equally responsible for authorizing the installation of such malicious program without reading the terms and conditions. Unfortunately, some freeware programs do not uncover that a malicious program will also be installed with it.

Unwanted behavior shown by a system infected with ‘Hao123’ browser hijacker:

1. Due to multiple pop-ups and redirects, the web browser becomes unstable and crashes frequently.
2. Ads by ‘Hao123’ are offensive and disturbing, repeatedly showing unrelated and offensive content.
3. Also, sometimes the default home page and search engine of the web browser is substituted with pages offering ‘Hao123’ ads.
4. In some cases, users might see web browser equipped with some random add-on toolbars and extensions.
5. Also, in some cases the Hao123 ads might appear instantly after the system boots up. If this happens then possibly a corresponding webpage was injected into the AutoStart with a simple command “explorer http://en.hao123.com.”
6. ‘Hao123’ ads are usually added to the browser shortcuts on the desktop.
7. ‘Hao123’ can also launch its ads directly without hampering the shortcuts of any web browser just by altering the Windows Registry specifying a path to the default web browser. Doing such will automatically open ‘Hao123’ every time you open the default web browser. 
8. Poor system performance, slow response time as the advertisement would pop out of nowhere, this will result in slow internet speed.
9. Slow internet browsing speed or internet would stop unexpectedly.
10. The operating system would crash frequently, or computer would boot up for no reason.
11. Ads pop up even when the browser is not open.
12. New tabs open in browser to display ads or search results would always end up with displaying advertisement banners.

Steps to be followed to avoid the installation of the browser hijacker and adware

While installing a freeware software or a freeware game make sure you go through the license agreement section and read all the terms and conditions.

If reading the complete terms and condition is too much then while installing the freeware application if the installation offers you “custom and automatic installation”.

It is always recommended that you go with the custom process as this would disclose the other programs that might get installed along with it.

If you see any additional addons or toolbars checked, then remember to uncheck them this would avoid the installation of browser hijacker and adware.

ALSO READ: Facebook Hires Experts to Prevent its Platform Misuse by Users

Now, let’s have a look at the removal steps of ‘Hao123

There are two methods to eliminate Hao123.

1. Automatic Method.
2. Manual Method.

WE RECOMMEND THE AUTOMATIC METHOD

1. You have seen ads from ‘Hao123,’ but you can never be sure if this was the only one. So, in this case we always recommend the automatic method using the popular “Free Malware Removal Tool.”
2. ‘Free Malware Removal Tool’ does the fix in less than 5 minutes.
3. A malware removal tool uses advanced scanning mechanism to detect virus or infection in the system. This process is positive approach towards eliminating the infection and at the same time it will also prevent the infection from creating any copies.
4. A malware removal tool can work alongside the regular anti-virus program that you might already have in your system.
5. The major reason we recommend using the “Free Malware Removal Tool” is because it is the simplest method a user can rely on to eliminate malware. On the other hand, the manual method is completely technical.

Automatic method – Detail explanation

1. Download Free Malware Removal Tool from the official website.
2. Install it (2 mins).
3. After installation, it will automatically initiate the scanning process.
4. Finally, your computer is free of malware.

Manual Method – Detail explanation.

1. Go through the shortcuts of every web browser installed into your system, i.e., on the desktop, taskbar and also the start menu. Right-click on the shortcuts and change its properties.
   
   You will have to remove 'Hao123' from the end of shortcut target (command line). After you remove it click on apply and then ok.
   
   You need to verify the command line for any fake browser tricks.
   
   For example, if we are viewing a Google Chrome shortcut then:
   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.
   
   A fake browser may be: …\Appdata\Roamingchromium.exe.
   Also in some case, the file may be named: “chromium.exe” corresponding to chrome.exe.
2. Press Windows key + R, this open ‘run’ box.
   Here type “appwiz.cpl” and hit enter key or okay button.
   
   Now you will see all the installed programs on your system, go through the list and uninstall any program that you find suspicious.
3. Now, we need to open the Task Manager to close all the process related to 'Hao123.' 
   
   Search for the directories which hold programs related to 'Hao123.' Also, search for ransom and strange file names and end them.
4. Press Windows key + R, this will again open the ‘run’ box.
   Type in ‘services.msc’ and hit enter key or press ok.
   
   Disable any service that carries 'Hao123' in its name and disable it also disable any services that you find suspicious.
5. Press Windows Key + R and type ‘taskschd.msc’ and press ok.
   
   This will open the Windows Task Scheduler.
   If any task related to 'Hao123' is present then disable it.
6. Open the Windows registry by typing ‘regedit.exe’ in the run box and press ok.
   
   
   Search for the key/values that contain 'Hao123' and delete them.
7. Remove third-party extensions installed by 'Hao123' from browsers.
   
   • Google Chrome
   • Firefox

   1. Click on the Customize and control menu icon at the top right corner of Google Chrome.

   

   2. Select "More tools" from the menu.

   

   3. Select "Extensions" from the side menu.

   

   4. Click the remove button next to the extension you wish to remove.

   

   5. It will confirm again, click “remove” and the extension is finally out of the system.

   

   Now that we have successfully eliminated the malicious browser extension, we need to create a robust firewall to avoid any such thing that makes our system and privacy vulnerable to various online threats.

   1. Click on the “menu” button at the top right corner.

   

   2. Select “Add-ons” from the menu.

   

   3. Click the “Remove” button next to the extension you wish to get rid of.

   

   Now that we have successfully eliminated the malicious browser extension, we need to create a robust firewall to avoid any such thing that makes our system and privacy vulnerable to various online threats.
8. Finally, clear temporary files and cache files.

Tips to Prevent virus and malware from Infecting Your System:

ALSO READ: Biggest Wi-Fi Security Update of the Decade, Coming Soon.