Help Needed: Removing Persistent Browser Hijacker - Printable Version +- Gridinsoft Forum (https://forum.gridinsoft.com) +-- Forum: Help (https://forum.gridinsoft.com/forumdisplay.php?fid=1) +--- Forum: Malware Removal Help (https://forum.gridinsoft.com/forumdisplay.php?fid=2) +--- Thread: Help Needed: Removing Persistent Browser Hijacker (/showthread.php?tid=5) |
Help Needed: Removing Persistent Browser Hijacker - Chris Johnson - 06-19-2024 Can anyone advise on removing an annoying browser hijacker that doesn't get picked up by anti-virus software? It appears as a search engine on Chrome: 'tfrsrch.com'. It always opens a new tab with the URL 'find-browseronline.com', which is a malvertising search engine. I can't delete it as it's locked by making it be managed by the administrator even though I'm the only admin. I've tried all the antivirus software I can think of—Windows Defender, Malwarebytes, Kaspersky, etc.—but none detect anything. I've also tried deleting Chrome policies but got some error messages. This only appears to be on Chrome (which I've already reset) and not on Edge. Is there anything to be done, or do I need to do a Windows reinstall? RE: Help Needed: Removing Persistent Browser Hijacker - Shorter_513 - 06-19-2024 As far as I know, this "managed by the administrator" trick is done through changing registry settings. If you are aware of how to work with registry, consider deleting the following keys: HKEY_CURRENT_USER\Software\Google\Chrome HKEY_CURRENT_USER\Software\Policies\Google\Chrome HKEY_LOCAL_MACHINE\Software\Google\Chrome HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome HKEY_LOCAL_MACHINE\Software\Policies\Google\Update HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment In this one, remove the CloudManagementEnrollmentToken value: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} To finish off, go to the Chrome directory in the Program Files (x86), find the Policies directory and delete it. This should hopefully do the job. RE: Help Needed: Removing Persistent Browser Hijacker - Chris Johnson - 06-20-2024 (06-19-2024, 05:23 PM)Shorter_513 Wrote: As far as I know, this "managed by the administrator" trick is done through changing registry settings. If you are aware of how to work with registry, consider deleting the following keys: That took some time, but looks like it is gone! The "managed by administrator" thing disappeared and I removed the changes. Also reset the browser just for a good measure. Thank you! |