Kinsearch is another of the malware extensions that have been hitting Chrome users for over a month. These are created and managed by findflarex.com, which is not a search engine by itself, but rather a sort of intermediary URL that redirects to boyu.com.tr – the primary hijacker that’s been promoted for the last few months.
Weirdly enough, all of this is disclosed in Kinsearch’s Chrome web store page, which may confuse you since this surely can’t be legal. I frankly don’t know either why these things aren’t removed at all by Google’s team. My understanding is that whoever is making these is hitting a legal grey area. The extensions themselves are not really part of a scam, they provide a simple alternative to Google through extensions (which is incredibly dumb).
The malware – the browser hijacker – is just using these extensions as components. The actual crime is that you guys don’t know how Kinsearch got on your PC and this was done without your knowledge or consent. But since this can’t be directly tracked to findflarex or the extensions, this keeps on keeping on.
Kinsearch Removal Instructions
While performing the Kinsearch guide we will ask you at one point to record the IDs of the extensions you may encounter the following extensions together with Kinsearch. We know some of their IDs, and we will list them here, but they can change at the whim of whoever created them.
Keep an eye out for these and anything else that realistically shouldn’t have been installed in your browser:
- Kinsearch ID – kgakbkikdoadphgjioklbanaafmpecaa
- ISEEK ID – dgekdkjlgaojdgiipdplocmpecmdgpih
- SEEKSE ID – nfbeadmbpampkpcclpeipiljogoabpij
There will also be a ‘Funny Tool Redirect‘ extension which is what prevents you from accessing the extensions tab in Chrome. We don’t know its ID. Don’t worry about that, we’ll take care of it, it’s part of the guide. We’re noting it here just in case you get confused. Another possible on is CelestialQuasaror.
SUMMARY:
How to Get Rid of Kinsearch’s Chrome Managed by Policy
The first thing we gotta do is tackle the browser policy placed by Kinsearch and its browser hijacker. This policy is made for work purposes and is just abused here. You won’t be removing an integral part of Windows or something. It’s just a setting that shouldn’t have been placed on you in the first place.
Open Chrome and enter chrome://policy into the address bar.
—
Side Note: our research shows Kinsearch and Boyu.com.tr target Chrome users exclusively. But it’s still possible you are infected if you are using some of the other Chromium-based browsers, like Edge or Brave (but not Firefox). If you are using Edge or Brave all the steps are the same, just adjust the URL accordingly e.g., edge://policy.
—
A list of policies affecting your browser will appear once you access chrome://policy. Pay attention to which policies have random strings of letters and numbers. Open a text editor and copy these values for later.
Next, locate and remove any rogue extensions contributing to the hijacker problem. Navigate to your browser’s menu, find the Extensions section, and open the Extensions tab.
Enable Developer Mode in the upper right to get a detailed view of all installed extensions. Identify any suspicious extensions that can’t be removed directly, meaning their remove button is greyed out. Take note of their IDs and add these to your text file alongside the policy values. If restrictions block you from accessing this page, perform the step in yellow below.
If you can’t access the Extensions tab, do this:
- Access your C: drive. Follow the path Users > your user folder > AppData > Local > Google > Chrome > User Data > Default > Extensions. If you can’t find AppData, click the three dots near View and Sort > Options > View >Show Hidden Files and Folders. AppData will appear then. Proceed onwards.
- Locate folders that match the policy values and extension IDs you’ve noted. Delete them.
- Consider deleting all extension folders within this directory If you’re not sure which folders to delete, or just move them to a new folder. You’ll be able to restore everything from your browser later if you so wish.
It’s time to use the Registry Editor to remove the policy that’s blocking you. Press Win + R, type regedit, and hit Enter. In the new windows, press Ctrl + F and search for the policy values you saved earlier. Delete any matching keys found. Repeat this search-and-delete process for each extension ID you’ve identified.
Also delete these keys if they exist:
- HKEY_CURRENT_USER\Software\Google\Chrome
- HKEY_CURRENT_USER\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Update
Blocked from deleting a rogue registry key? Follow these steps.
Right-click the folder above the one you wish to delete and select Permissions.
Click Advanced, then Change. Enter “everyone” in the object name field, check the names, and click OK.
Ensure the boxes for “Replace owner on subcontainers and objects” and “Replace all child object permissions” are checked.
Apply these changes, then attempt to delete the rogue registry key again.
Ensure no rogue policies remain. Two additional actions are necessary.
First, search for “Edit Group Policy” in your Start Menu. Open it, expand Local Group Policy > Computer Configuration, right-click Administrative Templates, and choose Add/Remove Templates. Remove all templates to clear any group policies set by the rogue extension.
Secondly, use the Chrome Policy Remover tool. Download and run this tool as an administrator. It executes a script that removes all currently enabled Chrome policies, helping to restore your browser settings to normal. — Unfortunately, as the name suggests, though, that’s only for the Chrome browser, it doesn’t do anything for Edge or Brave.
How to Uninstall the Kinsearch Extension From Chrome
To completely rid your browser of the Kinsearch extension and any remnants, you’ll have to clean up your browser’s settings, which is what we’re doing in this step. Open your browser and navigate to Settings. Focus on the following sections:
In Extensions, remove Kinsearch and any other rogue extensions that came with it. If you had to delete the extensions folders earlier, all extensions will now appear broken/corrupted. Remove the ones from the malware, and just restore the extensions you want to keep.
In the Privacy and Security section, clear your browsing data from a period before the hijacker appeared. Ensure your passwords data remains intact if desired.
Within Site Settings, revoke permissions for suspicious URLs. Under Appearance and On Startup, remove any unwanted URLs.
Lastly, in the Search Engine settings, verify that your default search engine is a reliable one like Google or Bing and remove any dubious search engines from the Manage Search Engines section.
Even after these steps, perform a full system cleanup to make sure nothing else is in your computer – you will notice we only performed steps that involved the Chrome browser. A rogue program may be installed as well, although this generally isn’t the case. But there are settings and policies that can restore the hijacker. If this happens, we recommend using SpyHunter. This will help detect and eliminate any remaining malicious software that could cause the hijacker to reappear.
Leave a Comment