How to remove the UltraSearch Extension

Browser Hijacker
by Nathan Bookshire
September 30, 2024

UltraSearch is the latest extension by findflarex that redirects to boyu.com.tr – the most widespread browser hijacker currently. Findflarex is merely a fake publisher that operated for a while on the Chrome web store, but was removed after all its extensions were found to be malware in disguise. Now the extensions are distributed by file bundling and fake installers.

To be clear: none of this is legitimate and you shouldn’t hesitate to remove it immediately.

Ultrasearch Extension 1024x594
The UltraSearch Extension as it appears in Google Chrome

UltraSearch Extension Removal Guide

Sometimes – very rarely, but sometimes – UltraSearch is easier to remove than other times. This is due to bugs in the malware creator’s code. Most likely it won’t work, but there’s no problem with trying, so you’ll sacrifice just a few minutes and just maybe save yourself a lot more time. Try the following:

  1. Open your browser >Settings > Extensions.
  2. Locate UltraSearch and look for other add-ons it may be installed with.
  3. If the Remove button on the right isn’t greyed out, uninstall the extension.
  4. Go back to Settings > Search Engine > restore your own search engine if it was modified.

Now close the browser and open it again to see if UltraSearch returned. If it did – or you weren’t able to modify anything in the first place – start the guide below from the first step.

SUMMARY:

NameUltraSearch
TypeBrowser Hijacker
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

IMPORTANT: READ BEFORE PROCEEDING

The UltraSearch Extension is always bundled with other malware extensions and/or potentially unwanted programs. All of these require additional steps which might confuse you at points, because we can’t give you the details, just the overall methods. You still have to look on your own. Consider downloading an anti-malware program if you don’t think you can do this adequately.

How to Get Rid of the UltraSearch Extension

If you are here, then the quick steps at the beginning didn’t work for you. That’s expected, but it was worth the try. UltraSearch adds a group policy to your system, cutting you out of some settings. You need to remove this policy to have a chance to remove it. Sometimes the criminals get something wrong and the policy isn’t correctly implemented, but most of the time you’ll have to perform these additional steps.

Fortunately, we’ve faced this before. You will have a “Managed by your organization” (or managed by group policy) message on extensions and settings. That’s the lock I was talking about. Do this:

Visit one of these addresses in your browser, depending on which one you use. If you are using firefox, just ignore this step and move forward.

  • chrome://policy for Chrome
  • edge://policy for Edge
  • brave://policy for Brave

If you are using another browser based on Chromium, just substitute the name as seen above. If you don’t know what I’m talking about, just try and ignore this step if something like the screenshot below doesn’t show up.

You will be taken to a hidden settings page where you can see all the active policies in your system. This is the easiest way to identify what UltraSearch has changed.

chrome policies

Unless you are on a work PC that has an active policy (your admin will know this) copy any policy values you see into a text document, because you’ll need them soon.

Go to Settings > Extensions. Can you access the menu or are you redirected to Google? If you are redirected, the next step will help with this. Do it even if you’re not redirected. Go to the directory you are using depending on the browser:

  • Google Chrome: C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
  • Microsoft Edge: C:\Users\[Your Username]\AppData\Local\Microsoft\Edge\User Data\Default\Extensions
  • Opera: C:\Users\[Your Username]\AppData\Roaming\Opera Software\Opera Stable\Default\Extensions
  • Brave: C:\Users\[Your Username]\AppData\Local\Brave Software\Brave-Browser\User Data\Default\Extensions

These are the extensions in the manager. Delete all of them to eradicate UltraSearch and any other malware. You can restore proper extensions later, don’t worry.

chrome extensions folders

Nexts, return to the Extensions Manager and enable Developer Mode – copy the ID of any rogue extensions and save it in a text doc.

Anti-virus offerOFFERWe tested that Spyhunter successfully removes parasite* and we recommend using it. Manual removal without a program may take hours, it can harm your system if you are not careful, and parasite may reinstall itself at the end if you fail to delete its core files.
Download SpyHunter (Free Remover)
7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

How to Delete the UltraSearch Virus From Your Registry

Now that you have the IDs of the extensions and the policy values, it’s time to remove these things or UltraSearch will return.

Press the windows Key > type “Registry Editor“> Right-click >”Run as Administrator

Go to the Edit > Find > now paste in the search any value or ID from the text doc you created > Find Next.

Delete anything that is found. Click enter after every time because there may be multiple times where and ID/Policy is encountered. Do this until the search can no longer find anything of the stuff you save in the doc.

If a key can’t be deleted because it’s restricted:

Right-click the parent key of the one you must delete and select Permission > Advanced > Change, type “everyone” in the text field > Check Names.

regedit permissions 2

Apply > OK, and check the two new Replace options in the previous window. Then Apply > OK again.

regedit permissions 3

Get Rid of UltraSearch Malware Policies: Alternative Methods

If you can’t manage to do the previous steps properly there are two other ways to achieve the same result:

Press the winkey > search for Group Policy Editor > open it.

Right-click on Administrative Templates > Add/Remove Templates > remove all entries that appear.

delete local group policies

Then the next alternative is exclusive to the Chrome Browser. You can run the Chrome Policy Remover tool. It will delete all policies which are present in your system. But again – this is exclusive to Chrome. It won’t touch the other browsers.

Uninstall UltraSearch From Chrome, Edge, and Other Browsers

You are now free to change your settings back to the way they were before the malware.

Go back to the Extensions tab > Remove anything you don’t like.

Settings > Privacy and Security > Delete browsing data and clear your data for a period since when the hijacker appeared In Advanced clear all data types. Leave only your passwords if you want.

delete browser data chrome

Privacy and Security > Site Settings. Look at your permissions and remove any sites associated with UltraSearch. I recommend adding them to the Blocked list.

Search Engine >change the engine to whatever pleases you. Manage Search Engines > remove maxask.com or boyu.com.tr or anything else a sane person wouldn’t use.

chrome search engine

Check your On Startup and Appearance tabs to ensure no rogue URLs are set to open when you launch your browser or open a new tab.

Congratulations on removing UltraSearch!


About the author

blank

Nathan Bookshire

View all posts

Leave a Comment