|
|
Help
Jun 17, 2022 14:32:37 GMT
Post by johnytrout on Jun 17, 2022 14:32:37 GMT
I have not asked for help for a very long time as everything was sailing along just nicely.
Now I have picked up a search bar hijacker that I just can not remove.
It is called "Custom Search Bar" I am not sure if it is Malware or not, I dont think so.
Nearly everything online wants money for their downloads. I tried a few that got rid of it, but it keeps coming back.
You guys are my last resort so please help me rid this "Custom Search Bar" for good.
|
|
|
|
Post by mikkh on Jun 17, 2022 14:50:43 GMT
|
|
|
|
Post by mikkh on Jun 17, 2022 15:03:10 GMT
On difficult to remove infections, you can either start in safe mode or run Rkill first, which cleans the memory of resident malware/virus programs that may already be running. www.bleepingcomputer.com/download/rkill/It's also worth running this to double check it's really gone. www.bleepingcomputer.com/download/junkware-removal-tool/and then run MalwareBytes to triple check. All free with no hidden agendas, apart from MalwareBytes which tries to encourage you to get the pro version - don't bother with it unless you're extremely paranoid. |
|
|
|
Help
Jun 17, 2022 20:12:07 GMT
Post by johnytrout on Jun 17, 2022 20:12:07 GMT
Thank you, I ran those programs but nothing has shifted it. It seems like it has taken over the Administrater of my machine.
Custom Search Bar is residing in my accessories page but the removal tab is greyed out. How do I get to run win10 in safe mode?
This may also help. chrome://extension-icon/nniikbbaboifhfjjkjekiamnfpkdieng/24/1
ID: nniikbbaboifhfjjkjekiamnfpkdieng
|
|
|
|
Post by mikkh on Jun 17, 2022 21:21:18 GMT
|
|
|
|
Help
Jun 17, 2022 22:14:51 GMT
Post by johnytrout on Jun 17, 2022 22:14:51 GMT
The offending one does not have a Remove tab
|
|
|
|
Help
Jun 18, 2022 8:19:05 GMT
Post by mikkh on Jun 18, 2022 8:19:05 GMT
malwaretips.com/blogs/remove-custom-search-bar/Reads a bit like a glorified advert for Hitman Pro to me, but it does mention a 30 day free trial and some of the other info looks legit and useful. You still haven't mentioned what browser you're using, which would help in removing it.
|
|
|
|
Help
Jun 18, 2022 9:00:28 GMT
Post by johnytrout on Jun 18, 2022 9:00:28 GMT
Thanks Mikkh. It is linked to Chrome. Every time I try to open Chrome I get a blank page with two small Crome icons in the middle. The main page is Custom Search Bar. There is a Custom Search Bar add on in my Extension page that will not shift as in has no Remove tab. I think it has taken over as the administrator. I can not remove it from settings either. Also I can not change it in my Privacy Settings for apps because that tab has been Turned Off and wont let me change it.
|
|
|
|
Help
Jun 18, 2022 13:03:29 GMT
Post by mikkh on Jun 18, 2022 13:03:29 GMT
|
|
|
|
Help
Jun 18, 2022 13:10:09 GMT
Post by johnytrout on Jun 18, 2022 13:10:09 GMT
I did that Mikkh, it took ages. but it came back. Could it be in the registry?
|
|
|
|
Help
Jun 18, 2022 16:12:29 GMT
Post by johnytrout on Jun 18, 2022 16:12:29 GMT
Can I show here please an article of how my problem is? This is a long shot but it is a big problem......... MESSAGE: This specific chrome extension has hijacked my chrome browser and I can't remove it. chrome://extensions/?id=nniikbbaboifhfjjkjekiamnfpkdieng It is called Custom Search Bar and it now runs my browser. I can't delete the extension because my browsers are "MANAGED BY YOUR ORGANISATION". It says so in Chrome and Edge. I don't have an organization. This is my private browsers. There should be an easy way for me to get full admin access so that I can delete these kinds of apps. They don't show up on any malware search or anti virus search. MESSAGE 2: Please try the instructions linked below - www.technipages.com/google-chrome-solve-this-extension-is-managed-and-cannot-be-removed-or-disabledMESSAGE 3: I did that and I also deleted it everywhere in the registry. It seems clear after I've done that as i can't find it in my extentions. However, I still have the "managed by your organisation" on all of my browsers desipite it being deleted. So then I relaunch the browsers and voila. It's back. This is because it's installed by my "organisation" which is not my work or Company. It's the malware. That's who is running my browsers as an organisation. So they can reinstall it whenever they want just as a company could. So, what I really want to do here is to kick out all organisation on my browsers. Should that be possible? |
|
|
|
Help
Jun 18, 2022 18:13:19 GMT
Post by mikkh on Jun 18, 2022 18:13:19 GMT
Although it targets Edge, a lot of the information and commands apply system wide, so should work.
chrome://management/
(typed into the address bar)
works because I've just tried it (came up empty on mine)
|
|
|
|
Help
Jun 18, 2022 18:40:32 GMT
Post by mikkh on Jun 18, 2022 18:40:32 GMT
I noticed while researching this that adwcleaner has several options off by default - including one that could help you...  It might be worth trying some of the others too, like the IE one where it may be trying to hide there too. You should also check the exclusions tab too, there shouldn't be anything there, but a clever piece of code could have added itself to protect it (?) |
|
|
|
Help
Jun 18, 2022 21:39:38 GMT
Post by johnytrout on Jun 18, 2022 21:39:38 GMT
Thank you.. I am away tomorrow for a few days but will definitely check this out.
Mikkh, If ever you are around Southampton, I'll stand you a beer. That worked a treat. Thanks again.
EDIT,
I'll retract that last statement. It came back! After many restarts all was going well but every now and then it rears its ugly head.
I can delete it from the registry and it clears it for a few hours... Ughhhh
I found that in the registry: HKEY_LOCAL_MACHINE > SORTWARE > POLICIES > GOOGLE > CHROME > EXTENSIONINSTALLFORCELIST
If I delte the EXTENSIONINSTALLFORCELIST, It removes the offending item but somehow it comes back after a while.
|
|
