How to remove the Goodtosearch Virus

Goodtosearch.com is a browser hijacker that installs extensions without user consent and changes the default search settings forcefully, locking users to its preferred settings.

Like most browser hijackers, suer only become aware something has happened when they open their browser and are unable to remove the website. And like most scams – and Goodtosearch is a scam a 100% – the site itself is inoperable, meaning you can’t just type in the address and access it. Only infected users are rerouted.

Goodtosearch 1 1024x535

Goodtosearch Removal Instructions

Browser hijackers like Goodtosearch exploit enterprise policy features, enforcing browser settings that can’t be reversed while active. This makes removing these hijackers from Chrome quite challenging. The key lies in removing the rogue policy first, then uninstalling the extension and reversing any changes it made.

SUMMARY:

NameGoodtosearch
TypeBrowser Hijacker
Detection Tool

Ensure you follow instructions in the right order to prevent the hijacker from returning.


For those preferring manual removal, the steps here are general and not tailored to specific rogue programs. Success hinges on your ability to identify and eliminate malware. If you are feeling unsure, consider using SpyHunter, an advanced anti-malware tool available on this page.

Ready to proceed? Start by searching for Task Scheduler in the Start Menu. Open it, click Task Scheduler Library.

task scheduler

Look for tasks with suspicious names linked to the malware. Right-click questionable tasks, go to Properties, then Actions to see the program it runs. If the executed program is suspicious or its file path leads to Local or Temp folders, delete the task.

Next, use the Start Menu to search for Folder Options. Open it, go to View, enable Show Hidden Files and Folders, and click OK. Navigate to C:\Program Files. Sort folders by date. Delete any recently created ones with unfamiliar names or linked to untrusted programs. Then, delete the Policies folder in C:\Program Files (86)\Google.

delete policies folder google chrome

Go to Settings > Apps. Uninstall any applications installed around the time you noticed the Goodtosearch virus in your browser.


Click the SpyHunter direct download link from the table above or the banner further down this guide and download the program’s installer.

Run the installer and install SpyHunter on your PC by following the setup prompts. Don’t worry – there’s nothing you don’t want included in the installer.

spyhunter install 1

Once SH is installed, open the program to familiarize yourself with its interface. The tool will automatically start a full system scan to find potential threats and undesirable software – let it complete.

spyhunter scan

Once the scan finishes, you’ll get a report in the Active Scan tab with everything undesirable and potentially malicious on your PC. Click Next, and you’ll be asked if you’d like to try the free trial of the program or purchase a license in order to clear the threats.

spyhunter malware removal

Choose whichever option you prefer and provide the required details on the page that opens to either begin your free trial or start your paid subscription to the tool.

After that, click on Select All Objects and Proceed. Then click Next again and the tool will automatically delete all rogue files and resolve any other problems it detected.

spyhunter malware removal 2

And that’s it! After you clean your system with SpyHunter, there should be no rogue data remaining on your PC. It’s even likely that you won’t have to perform the guide shown here because the removal tool makes sure to clear any rogue browser data that might be enabling the hijacker.

spyhunter malware removal 3

Of course, if Qltuh is still in your Chrome or Edge, perform the steps you’ll see below to delete it, knowing that it won’t return thanks to SpyHunter.


How to Get Rid of the Goodtosearch “Managed by your organization” Policy in Chrome, Edge, and Other Browsers

To remove the Goodtosearch policy from Chrome, open Chrome. Type chrome://policy in the address bar, hit enter. Listed policies show what they enforce. Look for policies with random letters as their values, copy them, save them in a text file for later.

Visit the Chrome Extensions Manager: Chrome Menu > Extensions > Extensions Manager. Toggle on Developer Mode. Copy the ID of Goodtosearch and other rogue extensions into a text file.


If you get redirected when trying to access the Extensions Manager, go to C:\Users*YOUR_USERNAME*\AppData\Local\Google\Chrome\User Data\Default\Extensions. Delete all folders shown there. Access the Extensions Manager again. All extensions should now appear as “Corrupted”.


Press Winkey + R. Type regedit, press Enter. Go to Edit > Find, copy the rogue policy value saved earlier. Search for it in the registry. Delete found keys, repeat the search to ensure all related entries are removed.

If you encounter an error preventing you from deleting a registry key, right-click the key above it. Open Permissions > Advanced > Change.

regedit permissions 2

Type “everyone” in the text field, click Check Names, then OK. Enable “Replace owner on subcontainers and objects” and “Replace all child object permissions”, then click Apply and OK.

Search for entries linked to other policy values and rogue extension IDs saved earlier. Delete them. Finally, delete these five registry keys:

  • HKEY_CURRENT_USER\Software\Google\Chrome
  • HKEY_CURRENT_USER\Software\Policies\Google\Chrome
  • HKEY_LOCAL_MACHINE\Software\Google\Chrome
  • HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
  • HKEY_LOCAL_MACHINE\Software\Policies\Google\Update

Rogue policy should now be gone from Chrome. However, to ensure there’s really nothing left from them, we also recommend performing the next two steps.

  • Search for Edit Group Policy through the Start Menu. Open the first entry. Navigate to Local Computer Policy > Computer Configuration. Right-click Administrative Templates > Add/Remove Templates. Delete everything listed. Go back to the Start Menu, search for Folder Options, click the first result. Go to View > Show Hidden Files and Folders > Apply > OK.
  • Navigate to C:\Windows\System32. Delete the GroupPolicy and GroupPolicyUsers folders. Search for Command Prompt through the Start Menu. Right-click the result, run it as administrator. In the new window, run the command: gpupdate /force.

To ensure the “Managed by your organization” message does not reappear in Chrome, download the Chrome Policy Remover tool. Run it as Administrator, follow the prompts to remove all Chrome policies. After this, restart your PC.

How to Delete the Goodtosearch Extension From Your Browser

Finally, delete the Goodtosearch extension from Chrome.

  1. Open Chrome, go to the menu. Then Settings > Privacy and Security > Delete Browsing Data > Advanced.
  2. Set a time period covering when the redirects started. Check all boxes except Passwords, click Delete.
  3. Go to Site Settings (still in the Privacy and Security section), remove any rogue URLs in the “Allow” sections of all permission types.
    chrome site permissions
  4. Do the same in the Appearance and On Startup sections.
  5. In the Search Engine tab, choose a reputable search engine as the default. Open Manage search engines and remove any untrusted URLs.
    chrome search engine

Congratulations, you successfully removed the hijacker!


About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment