I noticed conversations on various forums about a puzzling Chrome and Edge extension called CelestialQuasaror. Users can’t remove it because of a “managed by your organization” note in their browsers. Needless to say, this is yet another hijacker that uses the policies future in Chromium browsers to take over by locking the browser settings so that users can’t change them.
The hijacker then replaces the default search engine and redirects user searches through Maxask – a fake engine used for artificial site promotion. Some users also end up on Bing or Yahoo but every search passes through Maxask.com.
This raises concerns. What data might be tracked or intercepted during these redirects? The tactic is deceptive, invasive, and frustrating, and can get you exposed to scams and malware. In other words, the hijacker must go, and we’ll show you how to escort it to the exit.
CelestialQuasaror Extension Removal Tutorial
The message “Managed by your organization” in your browser is a likely consequence of the CelestialQuasaror installation. It means that the browser hijacker has imposed a rogue policy and seized control. Your browser settings are now under its command, so changing or removing the malicious extension becomes a challenge.
The first step to reclaiming control requires pinpointing and disabling the rogue policy. The process of doing this can be confusing, but the step below will guide you through it.
SUMMARY:
Name | CelestialQuasaror |
Type | Browser Hijacker |
Detection Tool |
Before Proceeding: A Crucial Warning
This guide will assist you in removing the browser hijacker. If the hijacker was installed via rogue software, it might reappear. However, we can’t provide specific steps to remove that other app since we have no way of knowing what it is.
Therefore, we highly recommend utilizing a strong malware removal tool like SpyHunter (available on this page). This tool excels at detecting and eliminating rogue programs linked to the hijacker.
Get Rid of CelestialQuasaror Extension Policies
To begin, gather specific details about the hijacker policies. These details reside within your browser:
Accessing the Policies Page
Each browser has a unique URL to view active policies. Chrome users type chrome://policy
. Edge users type edge://policy
. Similarly, just replace the browser name for other Chromium-based browsers. Go to the respective URL to view what policies are in your browser.
Identifying Suspicious Policies
Carefully examine the active policies. Watch for entries with random strings of letters and numbers in the Value section. Copy these suspicious values into a text document so you can easily access them later.
Checking Extensions
The next step involves inspecting the Extensions Manager. Access this through the browser’s main menu. Hijackers might redirect you to a search engine like Google instead of the Extensions page. This diversion complicates the process. If this occurs, manually delete all extension folders that you’ll find in C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\Extensions
. Adjust the path according to your browser.
On the Extensions Manager page, enable Developer Mode. This action reveals more detailed information about each extension, including their IDs. Note the hijacker’s extension ID and any other unwanted extensions that resist removal. Save them in a text file.
Deleting Rogue Policies from Your System
Armed with the necessary information, proceed to remove the policies at the system level:
- Using the Registry Editor: Open the Registry Editor with administrator privileges (you can do that by searching for it in the Start Menu). Use the search function (Ctrl + F) to locate and delete registry keys associated with the rogue policy values or extension IDs noted earlier. Thoroughness is essential, so perform one more search after each deletion to ensure there aren’t more related keys.
- Handling Stubborn Keys: Some registry keys might resist deletion and give you an access error/permissions. This tactic is common with newer hijackers. If this happens, right-click the parent key > Permissions > Advanced > Change. Type “everyone” in the text field > Check Names > OK. Then put ticks in the two “Replace…” options, save the changes, and exit. Then you can delete the rogue key.
In addition, visiting and cleaning the Policy Editor. Search for “Edit Group Policy” in the Start Menu and click the first thing. Navigate to Local Group Policy > Computer Configuration. Right-click on Administrative Templates > Add/Remove and delete everything you see in the following list.
Lastly, consider using the free Chrome Policy Remover tool. Run this tool as an administrator. It automatically eliminates lingering rogue policies.
How to Uninstall CelestialQuasaror From Chrome
With policies and extensions addressed, all you’ve got to do now is clean your browser settings thoroughly. Ensure no remnants of the hijacker remain:
Removing Unwanted Extensions: Open the Extensions tab. Remove any suspicious extensions. CelestialQuasaror must go along with any other add-ons you don’t recognize or trust.
Clearing Browsing Data: In Privacy and Security settings, clear browsing data for a period that extends to a time before you got CelestialQuasaror in the browser. Keeping saved passwords is recommended, but it’s best to delete all other data types to prevent lingering issues.
Reviewing Site Permissions: Visit Site Settings in the Privacy and Security tab. Review each permission type carefully. Remove unfamiliar URLs from allowed site lists.
Verifying Search Engines: Check Search Engine settings to ensure your default search engine is trustworthy. Google, Bing, or DuckDuckGo are reliable options. In the Manage Search Engines section, remove questionable entries. The hijacker’s fake search engine might still be present.
Checking Startup and Appearance Settings: Finally, review the On Startup and Appearance settings. Identify and remove any suspicious URLs you may find in them.
These steps should suffice. However, running a comprehensive system scan with a reliable anti-malware program is advisable. SpyHunter is the tool we recommend, but any robust software capable of thorough system scans should be adequate. This final step ensures your system is clean and free from potential threats. Peace of mind follows this final check.
Is CelestialQuasaror Malicious?
According to our research on the topic of this rogue extension, we didn’t find any information about it being harmful. Like most hijackers out there, CelestialQuasaror won’t actually damage any part of your system or browser. Instead, the main issue linked to it is the redirects to maxask.com. Fake search engines like it are well-known for aggressively promoting sites with questionable reputations that may get you scammed or infected with malware.
This is not to say that the people behind CelestialQuasaror or Maxask are intentionally trying to put your virtual security at risk. It’s just that they are prepared to promote pretty much any site and content as long as they are getting paid for their promotional services.
That’s how most such browser hijackers and fake search engines work – they advertise various sites by spamming the user with redirects to them or by flooding the top spots in their SERPs with promoted links. The problem is that the hijacker creators care little about whether the advertised pages may potentially get you scammed or get your system attacked by a Trojan or Ransomware.
And then there’s also the obvious frustration factor of having all your searches be redirected to some obscure page that hardly provides the best search results for your query. All in all, there’s no reason whatsoever to keep this rogue app attached to your browser even if it’s not a direct threat to your safety.
Leave a Comment