Remove Tavanero And Other Fake Search Browser Redirect Viruses

Tavanero virus hijacks users’ browser homepage and starts displaying its own. The website is designed to deceive users into thinking that this is a legitimate search engine. However, it is owned by the attacker and is usually full of advertisements. The virus collects additional information about your online behavior.

This virus is usually bundled with other downloads. It targets Internet Explorer, Google Chrome, and Mozilla Firefox and modifies the browser settings as well as edits the browser shortcuts so they would open the attackers page.

It started with setting info as the main website but now it has more domains including,,,,,,,, and many more.

Resetting the browser settings or reinstalling it usually does not help as the virus hides deeper in the system. The only way to remove it is to either use our recommended automatic removal tool provided below or to follow the manual removal instructions.

Recommended Method: Download Browser Redirect Virus Removal Tool

Version:   All Updated:   2 days ago Compatible OS:   All
This is the most suitable program for automatically removing the threat and repairing your PC.
Works with: Windows 10, Windows 8, Windows 7, Windows Vista, Windows XP. Read instructions here
File name Size
mb3-setup.exe 56.5 MB

Click here to download alternative tool

What is browser redirect virus?

Redirect viruses are designed to change the user’s browser settings so they would open the attacker’s website as a homepage whenever you launch your browser. The viruses usually modify browser settings, install unwanted browser extensions and change system settings so they could affect your browser again in case you reinstall it.

The virus is usually distributed bundled with other programs. Even when you install a harmless program a potentially unwanted program or a virus can be bundled as an addon. Sometimes it is displayed in the setup process and you can choose not to install. However, sometimes it is installed silently, especially when bundled with less trusted programs.

The fake homepage is designed so it would look like a legitimate website. The hijackers usually profit from displaying various advertisements and fake search results on these webpages. They might also track your browsing activity and personal data.

There are hundreds of such fake websites and the domain names are constantly changing in order to avoid detection. Generally, if your browser settings have changed without you doing anything, there are chances you got an ad-ware virus. This usually happens right after you install a new program on your computer and the bundled ad-ware infiltrates your system.

Here is a list with some examples of such fake websites:

We strongly discourage you from using these websites as you might lose your personal data or get more infections through fake search results and redirects.

The only way to completely remove this infection is to either use our automatic tool provided above or to follow the manual instructions and change back the settings.

Here are a few screenshots of the browser redirect virus:


 Manual Removal Instructions:

NB: Make sure you follow the manual removal guide thoroughly. Please have in mind that the best way to protect your computer from this virus and any further infections is by using the automatic removal and protection tool as recommended above.

Make sure you remove the threat before fixing the browser settings, otherwise the virus will revert them back next time you launch your computer.

Step 1:

Start by restoring the old system settings using System Restore. The virus changed them so you need to revert to the old ones first.

Press and hold Windows () key and click R key.

Enter the following in the field:


Click OK.

Click Next.

Check Show more restore points.

If you see any restore points, restore the system. Make sure you select a point that has been created before the infection happened.

It will restore your system settings only and will not affect your files.

Even after you restore the system you will need to perform the following steps in order to completely remove the virus.

Step 2:

Remove any suspicious programs that might contain the virus.

Start by opening the Programs and Features window:

Press and hold Windows () key and click R key while holding.

Enter the following in the field:


Click OK.

You might have to wait a bit before the list of all programs is loaded as it displays a list of all programs installed on your PC.

We recommend sorting the programs by “Installed On” column (simply click on the column name in order to sort by this value).

Look for any recently installed suspicious programs that might contain the virus as a bundle or could be the virus itself. If you have never seen or used the app chances are it is an unwanted software.

Uninstall all suspicious programs by right-clicking on them and choosing Uninstall…

Repeat this process until no more suspicious programs are left.

Step 3:

Check your hosts file for any suspicious IPs that could be inserted by the virus.

Press and hold Windows () key and click R key while holding to open “Run” window.

Enter the following in the field:

notepad %windir%/system32/Drivers/etc/hosts

Click OK.

Your “hosts.ini” file will open in Notepad. If you see any suspicious IP at the end of the file you will need to remove it and save the file. Here is an example:

Step 4:

Clean up your registry entries.

Press and hold Windows () key and click R key.

Enter the following in the field:


Click OK.

Use the folder tree on the left to navigate to this location:


Check if it has any of the following entries listed:

  • HomepageLocation;
  • RestoreOnStartupURLs\1.

Delete these registry entries if you see them.

Search for additional virus entries by pressing keyboard buttons CTRL + F and entering the virus name, for example:


Click Find Next.

Delete any registry entries associated with the virus.

Repeat the search with any other virus-related names (for example, the url of the malicious homepage).

Step 5:

Clean up your DNS.

Press and hold Windows () key and click R key.

Enter the following in the field:


Click OK.

It will open your current network adapters list.

Right-click on the one you currently use (unused usually have a red X near them while the active one is usually green).

Choose Properties.

Click on Internet Protocol Version 4 (ICP/IP) (make sure the checkbox is checked near it).

Click Properties.

First, select Obtain DNS server automatically.

Then click Advanced… and go to DNS tab in the newly opened window.

Remove everything from the DNS server addresses, in order of use.

Step 6:

Delete the shortcuts for all browsers on your computer as they might have been changed by the virus.

You will be able to create them again when you completely remove the virus.

Step 7:

IMPORTANT: Now you will have to reset browser settings for each browser individually that you have installed on your computer. Alternativelly, you could simply reinstall them.

 Google Chrome:

Launch the browser and select More Tools, then click Extensions.

Check for any suspicious extensions.

Click Remove From Chrome for each unwanted or suspicious extension (the trashcan icon on the right).

Go to Settings.

Scroll to the very bottom of the settings page and click Show advanced settings…

Scroll to the very bottom again and click Reset settings.

Click Reset.

 Mozilla Firefox:

Launch the browser and go to Add-ons.

Search for any suspicious add-ons and Remove them.

We recommend going to Options (input about:preferences in your address field and press Enter) and clicking Restore to Default near the Home Page field.

You can also completely refresh the browser settings by entering the following in the address (URL) field:


Press Enter.

Click Refresh Firefox… and then click Refresh Firefox again.

 Microsoft Edge:

Since Microsoft Edge is not a separate program and is a core component of Windows 10 you should backup your computer or at least create a Restore Point before continuing.

Navigate to the following folder (where %username is your computer user name):


Clear all contents of the folder. Click CTRL + A to select everything and delete the contents.

Click Start (Windows logo).

Search for Windows PowerShell.

Right-click on the result.

Choose Run as administrator.

Paste the following command:

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}

Press Enter.

The settings should now be reset to default.

 Internet Explorer:

Press and hold Windows () key and click R key.

Enter the following in the field:


Click OK.

Enter the following command in the appeared window:

RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

Press Enter.

Check Delete personal settings.

Click Reset.

Alternatively you can run this command to delete all caches and settings:

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

After removing the virus

When you have finished removing the virus and reverting your browser settings make sure to protect your computer by installing a good antivirus suite that would identify the threats online and in programs you have downloaded. Also, never install suspicious programs. If you are installing a new software, make sure it has nothing bundled in it by following the install wizard as well as searching for user reviews online.

    1. Support says:

      Could you please explain what do you mean by “fake”? Have you tried the guide and failed to remove the threat? Have you followed it thoroughly? If for some reason this guide did not work we would really appreciate your feedback so we could update it and help you and other visitors.

Leave a Reply

Your email address will not be published. Required fields are marked *

Begin typing your search above and press return to search. Press Esc to cancel.