Microsoft removes browser modifying malware from 2 million Windows computers

Posted 14 June 2017 17:48 CEST by Jan Willem Aldershoff

Microsoft has removed the Xiazai malware from more than 2 million computers since October 2015, the software giant today announced. The company also blocked 30,000 installations of the malware per month, on average. Xiazai is therefore an active threat that deserves additional attention, according to Microsoft.

Yesterday, the company released an update for its Malicious Software Removal Tool (MSRT). This built-in tool was updated to remove Xiazai from Windows systems.

The Xiazai malware is a browser modifier that appears to be an installer of legitimate software. However together with the legitimate software it installs its own payload. Once that is installed it changes the homepage in the browser and modifies browser shortcuts so that they always start with a Xiazai defined page loaded.

The modifications made by the malware remain, even after Xiazai is deleted. Microsoft Malicious Software Removal Tool, that is automatically started by Windows, removes the malware and restores all system settings. settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page