Hi.ru
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 1,407 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 155,885 |
| First Seen: | September 14, 2015 |
| Last Seen: | February 10, 2026 |
| OS(es) Affected: | Windows |
Hi.ru is a URL that has been associated with unwanted symptoms on affected computers. Computer users have reported that, after installing a new program, their website's homepage and default search engine may be changed to Hi.ru automatically. Hi.ru may load as soon as their Web browsers start up, and they may be directed to this Web page constantly while trying to browse the Web. Hi.ru is associated with PUPs (Potentially Unwanted Programs) that may be installed as Web browser extensions after installing other content on the affected computer. Content associated with Hi.ru may affect most Web browsers on the market, including the most chosen Web browsers on the Windows operating system, Internet Explorer, Mozilla Firefox, Google Chrome and – on Windows 10 – Microsoft Edge. Content associated with Hi.ru is not considered threatening. Removing this type of content will stop all symptoms related to Hi.ru immediately.
Table of Contents
Problems that may be Linked to Hi.ru
There are several problems that may ben related to Hi.ru. PUPs associated with Hi.ru may cause some of the following issues:
- PUPs associated with Hi.ru may be linked to pop-up windows and messages on affected Web browsers. These windows may include the Hi.ru website itself or content related in some way with this URL.
- PUPs associated with Hi.ru may change the affected Web browser's homepage and other default websites to Hi.ru automatically. Some changed websites may include the affected Web browser's default search engines and list of bookmarks or favorite websites.
- PUPs linked to Hi.ru may be associated with performance issues. These types of PUPs may cause affected Web browsers to become slower than normal, freeze, crash or get stuck without warning. They also may affect website loading time significantly.
- PUPs associated with Hi.ru may be associated with high volumes of advertising material being displayed on the affected Web browser, and may interrupt the computer users' activity and make it hard to use the affected Web browser normally.
To stop these problems, PC security researchers recommend removing any PUPs associated with Hi.ru. These PUPs may present themselves in the form of Web browser extensions or add-ons that may enter your computer bundled with other software.
How PUPs Associated with Hi.ru may Enter a Computer
PUPs associated with Hi.ru may be installed after computer users install a new program on their machines. While installing these programs, computer users may be prompted to install a Web browser extension or some other component offering some kind of useful service. In fact, most of these types of components are specifically designed to make money at the expense of the affected computer and may cause numerous issues on the affected Web browser. These types of PUPs may generate significant revenue through advertising and affiliate marketing, forcing computer users to view advertisements repeatedly, visit certain websites constantly and view affiliate marketing content. PUPs associated with Hi.ru also may gather data about the affected computer and the computer user's Web browsing habits, history and searches. PC security researchers strongly recommend exercising care when installing any new software. Computer users should take steps to ensure that only the content they want is installed and that no additional components are installed along with the new software.
If Hi.ru and its associated content are making it difficult to use your Web browser, you should find the PUP causing Hi.ru-related symptoms and remove it immediately with the help or a reliable security program. It may be necessary to uninstall these types of PUPs using the Windows Control Panel 'Add and Remove Program.' You also may need to undo any changes made to the affected Web browser's settings manually.
SpyHunter Detects & Remove Hi.ru
Registry Details
Directories
Hi.ru may create the following directory or directories:
| %PROGRAMFILES%\Starth |
| %PROGRAMFILES(x86)%\Starth |
| %TEMP%\HiRu |
URLs
Hi.ru may call the following URLs:
| http://hi.fo |
| http://hi.gt |
| search.hi.ru |
Analysis Report
General information
| Family Name: | Hi.ru |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
0d6e6e6282334903c00f983862d3686e
SHA1:
05050bd57caba3964bfa98d86624275a8176ea7c
SHA256:
15FC31B49A5210AA1E7D80833252B172E3ADF4678DD72D364F47702F2DC75167
File Size:
3.57 MB, 3568833 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
Show More
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | CrystalIdea Software |
| File Description | Uninstall Tool v3.4.5.5432 |
| File Version | 3.4.5.5432 |
| Legal Copyright | © CrystalIdea Software |
| Product Name | Uninstall Tool v3.4.5.5432 |
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nspad54.tmp\langdll.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nszad43.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
