How to Remove Skyjem

Skyjem is one of the most commonly encountered browser hijackers for Windows PCs in recent weeks, so we are actively monitoring it to provide you with the most relevant, up-to-date, and helpful information and removal instructions.

Like most other hijackers, Skyjem is basically a fake search engine designed to promote various websites, many of which might not be safe. It’s similar to boyu.com.tr (another common hijacker) and is typically enabled by rogue browser extensions like Fortify, the Searchisty Extension, and AstralQuasarel. The hijacker could also get added to the browser by a rogue app called InternetGuardian.

skyjem
The fake Skyjem search engine page.

This hijacker can enter any browser but seems to be most commonly encountered in Chrome and Opera GX. Once it attaches to the browser, it changes the default search engine to skyjem.com/j/nt/ and enforces a third-party “Managed by your organization” policy that stops you from reversing the changes it has made in the browser.

SUMMARY:

NameSkyjem
TypeBrowser Hijacker
Detection Tool

Skyjem Removal Instructions

Most hijackers are stubborn and won’t let themselves be deleted easily, but we still advise you to attempt to remove Skyjem in the conventional way. It takes a couple of minutes and can save you a bunch of time and effort if it works. And if it doesn’t, you still have the detailed instructions you’ll find further down this page:

  1. Launch the affected browser and access the settings menu.
  2. Navigate to the extensions or add-ons section, where all installed extensions are listed.
  3. Examine this list meticulously for any unfamiliar or suspicious extensions.
  4. If any dubious extensions are found, attempt to uninstall them if they have an active Remove button.
  5. Open the browser menu and proceed to Settings > Privacy and Security
  6. Open site settings and check the Notifications and Pop-up permissions. Scrutinize these settings for entries related to the hijacker or other unknown websites and block any addresses currently listed under “Allow“.

Restart your browser after making these changes. Does the issue persist? In some lucky cases, these straightforward steps resolve the problem. Most of the time, though, you’ll need to rely on the more intensive measures we’ve prepared for you next.

IMPORTANT NOTE BEFORE YOU CONTINUE

The hijacker often spreads with the help of other rogue software that can also re-introduce it into the browser in case you manage to remove it. The problem there’s no way for us to know what malware app has potentially brought Skyjem to you, so we can’t offer you specific removal instructions for it.

What we can offer instead is a powerful anti-malware solution that can clean your system from any rogue apps that may try to re-install Skyjem after you manage to delete it. The tool in question is called Spy Hunter 5 and you’ll find it linked on the current page.

How to Get Rid of Skyjem

The reason the quick removal usually doesn’t work is that hijackers like Skyjem will often introduce a custom third-party policy into the browser. This policy blocks access to many of the browser’s settings so that the user is unable to reverse any changes made to them by the hijacker.

A clear sign that such a policy is present in your browser is a message that reads “Managed by your organization” in the browser menu and atop the Settings page.

Focusing on getting rid of any rogue policies currently in your browser will be the first task of this guide.

Begin by going to the affected browser and visiting one of the following URLs:

  • chrome://policy for Chrome
  • edge://policy for Edge
  • brave://policy for Brave

In case the browser you are using isn’t among these three, just change the URL by adding its name (this is only for Chromium browsers).

The next page will provide you with information about any policies currently active in the browser Look for ones with values made of random characters. Those will typically be linked to the hijacker – you must copy them and save them into a separate document; they will be needed later.

chrome policies

There’s also some information to be gathered from the Extensions Manager in your browser, so go there again.

In case Skyjem redirects you to a different page whenever you try to open the Extensions Manager, here’s how to solve this issue:

Navigate to the extensions folder for your browser:

For Chrome on Windows, the path is typically C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions.

Here are the paths for three other popular browsers:

  • Microsoft Edge: C:\Users\[Your Username]\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
  • Opera: C:\Users\[Your Username]\AppData\Roaming\Opera Software\Opera Stable\Default\Extensions
  • Brave: C:\Users\[Your Username]\AppData\Local\Brave Software\Brave-Browser\User Data\Default\Extensions

Once you get to the respective directory, you must delete everything that’s in it.

chrome extensions folders

This action will “break” all extensions in the browser and thus bypass any blocks the hijacker extension has set up.

Other extensions, including legitimate ones, will also become broken, but you can fix them easily with a single click on the Repair button that should now become available in the browser.

Once the extension folders are deleted, go back to your browser’s extensions page and enable developer mode.

Then copy the ID numbers of any rogue add-ons and save them in the same file where you saved the hijacker policy values.

Armed with this information, you can now proceed with eliminating the rogue policies from your browser.

How to Delete Skyjem Virus Registry Keys

The Windows Registry stores low-level settings for the operating system and installed applications. The hijacker likely has entries here that enforce its policies, so you must explore the Registry and delete those entries.

Access the Registry by opening the Run dialog (Win + R), typing regedit, and pressing Enter.

Caution is required when modifying the registry because incorrect changes can affect system stability. Delete only items that you are sure are linked to the hijacker.

Once you are in the Registry Editor, press Ctrl + F and use the search box to find items related to the rogue policy values and extension IDs that you noted earlier.

If the search finds anything, delete the registry key (folder) in the left panel that contains it.

Remember: you must always perform another search after you delete a rogue item. Each search in the registry shows only a single result, so, to be sure there aren’t more rogue items left, you must search again.

A new persistence trick some hijackers employ is to restrict access to their Registry keys which prevents you from deleting it. If you get an error when attempting to remove a particular hijacker key, do this to gain the necessary permissions:

Right-click the problematic key’s parent key and select “Permissions“. Then go to Advanced > Change, type “Everyone” in the text box, and click Check Names. Click Apply and then OK.

regedit permissions 2

In the previous window, put ticks in the two “Replace…” options and apply the changes to gain full control.

regedit permissions 3

Deletion of the troublesome key should now be possible.

Other Ways to Get Rid of Skyjem Malware Policies

If registry cleanup proves insufficient, we recommend trying the following alternatives:

The first one is to access the Group Policy Editor and delete any rogue policies present there. Search for “Edit Group Policy” in the Start Menu, open the first result, and right-click on “Administrative Templates“.

Select the Add/Remove button and delete any templates not added by you. The hijacker may have inserted policies here to maintain control over your browser.

delete local group policies

Chrome users have an additional tool at their disposal. It’s called Chrome Policy Remover and you can download and use it for free. Get it from the provided link and run it with Admin permissions.

Windows may warn you about it, but there’s no need to worry, the tool is safe. Just click More Info > Run Anyway and let it perform its task of deleting all Chrome Policies.

Uninstall the Skyjem Virus Extension From Chrome, Edge, and Other Browsers

With rogue policies and registry entries removed, restoring your browser to its normal state becomes the final task that will finally rid you of the frustrating hijacker.

Start by going yet again to the Extensions page of the affected browser (browser menu > Extensions > Extensions Manager) and ensure all unwanted extensions are gone. Just click Remove and this time the rogue add-ons should get uninstalled right away.

Then open the browser menu again, go to Settings, and navigate to the Privacy and Security settings. Click Delete browsing data, select the Advanced tab, and clear your browsing data for a long enough period so that there’s no chance that anything linked to Skyjem stays behind.

delete browser data chrome

Delete cached images, cookies, and all other data types except passwords.

Review the Site Settings once more. This time check all permission types and remove any unfamiliar URLs from the “Allow” lists to prevent future issues.

chrome site permissions

Reset your default search engine to a trusted provider from the Search Engine settings tab.

chrome search engine

Then open Manage Search Engines and see if there are any URLs listed there that are unknown to you or seem problematic. If you notice anything that shouldn’t be there, delete it.

Lastly, pay a visit to the Startup and Appearance settings and delete from them any rogue URLs to ensure no unwanted pages open when launching your browser.

Uninstall AstralQuasarel to Remove Skyjem

When we were researching the Skyjem hijacker and Internet Guardian, the app that enables it, we stumbled upon a rabbit hole full of related hijackers, fake search engines, and rogue sites. It’s not surprising, since most hijackers thrive on promoting other sketchy sites and software, but it’s important to be aware of what else you might come across if Skyjem is in your browser.

Recently, several German users have reported getting the AstralQuasarel unwanted extension in their browsers, which enforces a third-party policy in the browser and changes the search engine to AstralQuasarel. Therefore, if you see this unfamiliar extension in your browser while trying to get rid of Skyjem, know you must delete it too.

One weird consequence of the presence of the AstralQuasarel in the browser (Chrome in particular) is that the user isn’t even able to uninstall the browser. Once the extension is installed, Chrome disappears from the list of installed programs in the Control Panel and from the Apps & Features list. Trying to uninstall the browser through its .exe uninstaller also doesn’t work as it simply redirects to Apps & Features.

This tells us that the AstralQuasarel extension is able to gain some pretty high-level privileges and must be removed immediately. The introduction of Skyjem to the browser might be the least of your worries if this extension is in your browser.

Like other rogue extensions, AstralQuasarel employs the “Managed by…” policies feature to take over your browser, and you won’t be able to delete it until the respective policy is deleted. We’ve shown how you can do this in the guide above. Once you perform the policy removal steps, you should be able to delete the rogue extension without any issues.

astralquasarel extension
The AstralQuasarel extension can’t be uninstalled until the third-party policy is removed from the browser.

Other rogue sites related to Skyjem are busqueda.me and moreresearch.com so if you get redirected to either of these, you are most likely dealing with the same thing. We keep monitoring the situation with this network of browser hijackers and scam sites and do our best to update this article with more relevant information.


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment