Microsoft security software detects and removes this unwanted software.

This adware program shows ads as you browse the web.

It can be downloaded from the program's website or bundled with some third-party software installation programs.

Find out more about how and why we identify unwanted software.

What to do now

This program poses a high threat to your PC.

Remove programs

You might need to manually remove this program:

If an uninstaller is not available, does not work properly, or you do not want to use it, you can use the following free tools to detect and remove this program and other unwanted software from your PC:

You should also run a full scan. A full scan might find other, hidden threats.

Remove browser add-ons

You may need to remove add-ons from your browser:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior


Adware:Win32/BetterSurf usually arrives with software bundlers that offer free applications or games.

When run, the installer for BetterSurf adds a plugin to Internet Explorer, Firefox, and Chrome. An example of the plugin installed into Internet Explorer is as follows:

The program installs itself into one of these folders:

And the following files will be created in one of those folders mentioned above:

  • \ch\Chrome.crx
  • \ff\Better-Surf.xpi
  • \ff\build.cmd
  • \ff\chrome\content\better-surf.js
  • \ff\chrome\content\firefox.js
  • \ff\chrome\content\overlay.xul
  • \ff\chrome.manifest
  • \ff\install.rdf
  • \ie\BetterSrf.dll

Once the Chrome plugin is installed, it creates the following folder on your PC:

  • %LOCALAPPDATA% \Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco

BetterSurf displays ads to you as you browse the Internet, both in websites and on search engine results, as in the following examples; the ads in the red box are the ones from BetterSurf:

It may also sometimes redirect you from where you wanted to go, and instead ask you to install software on your PC or ask you to complete surveys. An example of a redirection to a website that is designed to look similar to Windows to convince the user to download additional software is as follows:

Downloading and running this update will may install more unwanted applications on your PC.


Do not install applications from untrusted sources. We recommended you download applications directly from the vendor. Downloading free applications online like video players, video codecs, and free games can expose you to a large risk of installing unwanted software at the same time.

Analysis by Geoff McDonald


The following could indicate that you have this program on your PC:

  • You have one of these folders:
  • You see these pop-up ads:



  • You see this add-on in Internet Explorer:


Alert level: High
First detected by definition: 1.163.1623.0
Latest detected by definition: 1.185.3813.0 and higher
First detected on: Dec 10, 2013
This entry was first published on: Dec 05, 2013
This entry was updated on: Oct 14, 2014

This threat is also detected as:
No known aliases