Skip to main content
Skip to main content
Microsoft Security Intelligence
Published Sep 06, 2012 | Updated Sep 15, 2017


Detected by Microsoft Defender Antivirus

Aliases: TR/Midhos (Avira) Trojan.Win32.Midhos (Kaspersky) Win32/Medfos (ESET) Medfos (McAfee) Trojan/Win32.Midhos (AhnLab) Trojan.Win32.Medfos (Ikarus)


Microsoft security software detects and removes this family of threats. 

These threats install malicious Internet browser extensions and redirect your search results. This means that if you search using Google, Bing, or Yahoo, for example, the site returns normal search results. However, if you click on any of the results, instead of going to the correct website, you might be redirected to a different website.

These threats can also be used for click-fraud.

Variants of Win32/Medfos can be installed by other malware, including variants of the Trojan:Win32/Necurs family.

Find out ways that malware can get on your PC.


Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Remove browser add-ons

You may need to remove add-ons from your browser:

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us