Potterfun is a rogue search engine added to browsers by hijacker extensions, such as ZoomFind and SwiftSeek. Like other rogue search engines, this one is solely designed to make money through ads and by gathering user data without actually being helpful to the user.
An important note I must make here is that the Potterfun hijacker search engine (URL: https://potterfun.com/q/) should not be confused with Potterfun.com – a legitimate and safe website for Harry Potter fans.
The problem with potterfun.com/q/ is that you won’t be able to remove it from your browser unless you also take care of any unwanted policies and extensions that have been added without your permission. The following guide can help you with that, but you must follow it carefully and complete all steps included in it.
Potterfun Removal Steps
I advise you to first attempt a more straightforward removal method that might resolve the issue promptly. The advanced and detailed removal guide will be shown further down, but, for now, it might be worth trying the conventional way to clear your browser:
- Open Chrome or whatever the affected browser is and access its main menu.
- Navigate to the Settings page and then to Extensions (or Add-ons) to see a list of all the installed extensions.
- Carefully review the list and look for ZoomFind, SwiftSeek, or any other unfamiliar or suspicious entries that might be linked to Potterfun. If you find such items, click the Remove key below them is such a key is available.
- Next, proceed to Settings > Search Engine and choose a search provider that you can trust (Google, Bing, etc.)
Once you’ve made these changes, restart your browser and see if the issue has been taken care of.
In some lucky cases, this preliminary cleanup will be enough and you won’t need to go any further. And if this isn’t enough, the next detailed guide will let you take care of it.
SUMMARY:
OFFERI have thoroughly researched the rogue Potterfun search engine and found a way to remove it fully, along with any unwanted extensions that might be enabling it. However, if there’s malware in your system that’s responsible for bringing you this hijacker (which is often the case), that malware must be removed too or Potterfun might return.
I don’t know what software you’ve downloaded recently, so I can’t offer specific instructions to remove it. However, the Spy Hunter 5 removal tool, which you will find on this page, can take care of whatever brought this hijacker to you, so I strongly recommend that you use it to clean your system.
How to Get Rid of the Potterfun Search Engine in Chrome
Rogue policies added to the browser are key to the persistence of hijackers like Potterfun. If there’s a message in the browser menu and on its Settings page that reads “Managed by your organization”, then such a policy is in your browser, and you must first remove it before going after the hijacker itself.
Start by going to this URL if you are a Chrome user:
-
chrome://policy
If you’re using Edge, go to:
edge://policy
For other Chromium browsers, just change the name in the URL.
This will show you what policies are in the browser, including the one added by the hijacker.
Pay attention to the policy values. You must look for ones that look like random sequences of letters and numbers.
Put these suspicious values in a text document and save them. You’ll need them for subsequent steps.
Then revisit the Extensions section, where you need to gather more relevant data.
It’s common for hijackers to prevent direct access to this Extensions Manager page. They do it by redirecting you elsewhere (for example, to a regular Google page).
This is super frustrating, but the solution is easy:
Each browser stores its extensions in specific directories on your computer.
For instance, Chrome’s extensions are found in the C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions folder.
Here are the extensions folder locations for other commonly used browsers:
You just need to go there and delete everything contained in that folder.
This action damages both the rogue and the legitimate extensions and should allow you to go to the Extensions Manager.
As for the add-ins you want in your browser can be repaired very easily, but let’s leave that for later.
Once you go to the Extensions page, look for the Developer Mode option and turn it on. Then look for an ID number under each rogue extension you wish to remove.
If the ID isn’t visible, click the extension, and it should be available on the next page.
Copy and save those IDs in the same file as the rogue policy values. It’s finally time to do some cleaning up.
How to Delete Potterfun Virus Policies
Now you must search for the policy values and extension IDs in the Windows registry and delete any relevant keys. Here’s how:
Press the Windows key, type “Registry Editor” > right-click > Run as administrator > Yes.
Then use the Find function under the Edit menu to search for the first suspicious policy values.
When the search locates a matching entry, delete the entire key (folder) on the left side of the Registry Editor window that contains the rogue entry.
Run another search, delete the next relevant item, and proceed like that until the search no longer finds anything.
Then move on to the next policy values and also the extension IDs you saved. You must ensure all keys linked to them are removed from your Registry.
It’s possible you are denied access to certain keys which blocks you from deleting them. It’s a common hijacker persistence mechanism, which you can override in the following way:
Right-click the key that must be deleted or the parent key that contains it.
Select Permissions > Advanced > Change. Then type “everyone”, click Check Names > OK.
In the previous page, enable the two new options that start with “Replace…“, then click Apply and OK.
This will let you delete any stubborn keys you may encounter.
Two Other Methods to Remove Potterfun Malware Policies
If you’re uncomfortable editing the registry or if the issue persists, I can two alternative ways to eliminate rogue policies from your browser:
The first one uses a Windows utility called Group Policy Editor. Access it by typing “gpedit.msc” into the Start Menu and hitting Enter.
Navigate to Administrative Templates under Computer Configuration, right-click it, and select the Add/Remove option.
Then I suggest that you simply delete everything that’s in the following list.
I doubt you’ve intentionally added any policies there, so it should be okay to delete all items, which should also get rid of all policies in your browser.
The second alternative solution is specific to the Google Chrome browser and doesn’t work with other browsers:
Download the Chrome Policy Remover on your PC and, if you have an antivirus and it flags it as a threat, whitelist it. The tool is verified as safe, so no need to worry.
Then right-click it and open it with Admin rights. If Windows Security also shows a warning, click More Info > Run Anyway to launch it.
After that, the Chrome Policy Remover will automatically take care of any existing Chrome policies and remove them fully. You can now proceed to the final part of this guide.
How to Remove Potterfun.com From Chrome
By this point, provided you’ve diligently followed all the previous steps, there should be no rogue policies left in your browser that are locking its settings. At last, it’s time to restore your browser to its preferred state.
Open the browser, go to the Extensions or Add-ons section once more, and click the Remove button under Potterfun, ZoomFind, SwiftSeek, or any other unwanted extensions you might see there.
Then go to Settings > Privacy and Security and click the Delete browsing data option.
Make sure you are at the Advanced tab and check all the available data types: cached files, cookies, and other data that the hijacker might have used to maintain its presence.
Leave only that Passowords box unchecked. Then set the time period to All Time, and click Delete.
You must also go to the Site Settings in the Privacy and Security tab.
There, you must carefully check each permission category and see if there are unfamiliar or suspicious sites there, including https://potterfun.com/q/, that are given the respective permission.
See any such sites? Click the three dots next to them and then click Block.
Check the Search Engine settings to confirm that your default search engine is set to a trusted provider.
Then open Manage Search Engines and if you see potterfun.com/q/ or another unfamiliar URL there, delete it.
The last two sections I recommend checking are On Startup and Homepage. Ensure the browser isn’t set to load unwanted pages upon launch or when you open a new tab.
And that’s it, if you followed all the steps correctly, Potterfun or any rogue extensions linked to it should no longer be present in the browser.
I just need to remind you once again that you must also ensure there isn’t any malware or potentially unwanted programs on your PC related to Potterfun.
If you think you’ve recently downloaded anything sketchy, I recommend uninstalling it. And if you need help with this removal, I recommend SpyHunter 5, which is linked on this page.
Leave a Comment