AISEARCHS is a rogue browser add-on developed by Findflarex that can be installed in Chromium-based browsers (Google Chrome, MS Edge, Brave, Opera, etc.). It is a browser hijacker, similar to Hsearchs and Porseek, that makes boyu.com.tr the default browser search engine and redirects all user searches to it.
Boyu is a fake search engine site designed solely to earn money through paid promotions, but you won’t be able to remove it from your browser as long as AISEARCHS is installed.
AISEARCHS Extension Removal Instructions
AISEARCHS might appear like a regular Chrome extension, but its removal is surprisingly difficult and convoluted. Hitting “Uninstall” won’t get the job done here, mainly because you won’t be allowed the luxury of an uninstall button.
Like other findflarex hijackers, AISEARCHS will leverage the policies feature of Chrome (or another Chromium browser) and use it against you. It will add its own set of instructions to the browser settings and seal them behind a rogue policy that can be very frustrating to remove if you don’t know what you are doing.
The good news is that we know what we are doing, and soon you will too, once you become familiar with our AISEARCHS removal tutorial.
SUMMARY:
You might see “Managed by your organization” in your browser. This means the hijacker’s policy now controls your browser settings. It locks them to prevent settings changes or deletion of the malicious extension. Your first step is to identify and disable these policies. This is where the challenge begins. But don’t worry, once you disable them, the rest is actually very easy.
Important Note Before You Continue:
This guide will let you remove AISEARCHS, but if it was delivered to your system by some kind of rogue program, the hijacker might get reinstalled.
Unfortunately, we have no way of knowing what rogue software brought you AISEARCHS and can’t provide specific instructions. For this reason, we recommend using SpyHunter – a powerful malware-removal solution that excels at eliminating rogue apps that might be linked to the hijacker.
How to Get Rid of AISEARCHS Chrome Policies
First, you must gather some info about the AISEARCHS policies before you can remove them:
Open the policies page in your browser by visiting one of the following URLs:
- chrome://policy for Chrome
- edge://policy for Edge
- brave://policy for Brave
If you are using a different browser, just change the name in the URL.
This opens a list of active policies in your browser and that’s where you should find your first clue. Rogue policies often show random strings of letters and numbers in their Value column. These are usually tied to the hijacker. Copy the suspicious values into a text file. This information is crucial for later steps.
The next clue is in the Extensions Manager of your browser which you can access through the main browser menu.
Many newer hijackers will redirect you to Google when you try to open the Extensions page as a way to be even more frustrating to remove.
If this happens with AISEARCHS, just go to C: > Users > [Your Username] > AppData > Local > Google > Chrome > User Data > Default > Extensions and obliterate everything there. Just delete all folders in that location.
Once on the Extensions Manager page, enable Developer Mode to get more info about each extension. Note down the ID of AISEARCHS and the IDs of any other unwanted add-ons that refuse to be deleted.
At the time of writing, the ID of this hijacker extension is obpafcgbgafmdgjppicijeomfnflegjo
Registry Cleanup
You’ve now gathered the necessary policy info. Next, you’ll have to use it to delete the rogue policy from your system’s registry:
Open the Registry Editor as administrator after searching for it in the Start Menu.
Use the search function (Ctrl + F) to find and delete any registry keys tied to the rogue policy values or extension IDs you noted earlier. Make sure to search again after each deleted key because there might be others left.
Some keys might resist deletion – yet another recent hijacker trick. Here’s how to overcome it:
- Right-click on the parent folder of the stubborn key.
- Open Permissions > Advanced.
- Click the Change button at the top, then type “everyone” in the next window.
- Click “Check Names” > “OK”.
- Enable the two “Replace…” options in the previous window.
- Click Apply, then OK.
- Try deleting the stubborn key again. Persistence here is key. Don’t give up.
We also recommend seeking out and deleting the following Chrome registry keys – they often contain hijacker instructions:
Additional Steps to Delete AISEARCHS Policies
Use the Start Menu to search for “Edit Group Policy” and open the first thing. Under Local Group Policy > Computer Configuration, right-click Administrative Templates and choose Add/Remove Templates. Remove any templates listed.
We also recommend downloading and running the free Chrome Policy Remover tool. Just download it, run it as Administrator, and click More Info > Run if you get a warning. It will then automatically delete any leftover policy settings.
How to Uninstall AISEARCHS From Your Browser
With the policies and extensions handled, the final step is to clean your browser settings. Open your browser’s Settings menu and check each section to ensure no traces of the hijacker remain.
In the Extensions tab, remove any remaining suspicious extensions. Obviously, AISEARCHS must go, but so you should also delete any other add-ons you don’t trust or recognize.
In Privacy and Security, clear your browsing data for a period before the hijacker appeared. This helps remove any associated data. If you prefer, keep your saved passwords, but all other types of data should better be deleted.
Then visit Site Settings below and review each type of permission. Remove any unfamiliar URLs like findflarex.com or boyu.com.tr from the lists of allowed sites.
Check the Search Engine tab to make sure your default search engine is one that won’t redirect you to malware. Google, Bing, DuckDuckGo are all safe choices.
In the Manage Search Engines section, remove any dubious entries. The hijacker’s fake search engine might still be here.
Finally, check the On Startup and Appearance tabs. Delete any suspicious URLs you see.
That ought to be enough but we still advise you to run a comprehensive system scan with a reliable anti-malware program. As we said earlier, SpyHunter is perfect for the case, but if you want, you can use a different tool as long as it can get the job done.
How Did I Get AISEARCHS?
Before we leave you, a quick reminder of the ways users typically get AISEARCHS and other hijackers like it. You probably already know not to download stuff from sites for pirated content like Steamunlocked, but that’s not the only distribution vector for hijackers.
Many users don’t realize that legitimate software like certain game emulators or mods for popular games like Minecraft and Roblox could also be a source of browser hijackers. Users regularly report getting something unwanted after installing Noxplayer, MuMu, or MEmu. This doesn’t mean these programs are bad, but it does mean you need to be careful during their installation.
Check the setup settings and pay attention to any optional installs that you can disable. And if you think you are too forgetful to do that, at least consider using something like Unchecky, which automatically unchecks optional installs in the setup wizards you run.
Ultimately, even if AISEARCHS is not the most problematic thing you could get on your PC, it’s still most certainly a type of rogue software. The way it gets distributed, the behavior it displays once installed, and the difficult removal process that it requires are all clear signs this software isn’t something you’d want.
For these reasons, you must not only get rid of it ASAP but ensure you never get it, or something similar to it, in the future. The best way to achieve this is to use your own vigilance and common sense in combination with a reliable anti-malware tool that can give you the heads-up in case something unwanted gets past your observant eye.
Leave a Comment