Goodtosearch.com is a browser hijacker that installs extensions without user consent and changes the default search settings forcefully, locking users to its preferred settings.
Like most browser hijackers, suer only become aware something has happened when they open their browser and are unable to remove the website. And like most scams – and Goodtosearch is a scam a 100% – the site itself is inoperable, meaning you can’t just type in the address and access it. Only infected users are rerouted.
Goodtosearch Removal Instructions
Browser hijackers like Goodtosearch exploit enterprise policy features, enforcing browser settings that can’t be reversed while active. This makes removing these hijackers from Chrome quite challenging. The key lies in removing the rogue policy first, then uninstalling the extension and reversing any changes it made.
SUMMARY:
| Name | Goodtosearch |
| Type | Browser Hijacker |
| Detection Tool |
Ensure you follow instructions in the right order to prevent the hijacker from returning.
Often, hijackers like Goodtosearch sneak into browsers through other rogue apps or malware. If you recently downloaded something dubious and the hijacker appeared, it’s crucial to clean your system thoroughly.
For those preferring manual removal, the steps here are general and not tailored to specific rogue programs. Success hinges on your ability to identify and eliminate malware. If you are feeling unsure, consider using SpyHunter, an advanced anti-malware tool available on this page.
Ready to proceed? Start by searching for Task Scheduler in the Start Menu. Open it, click Task Scheduler Library.
Look for tasks with suspicious names linked to the malware. Right-click questionable tasks, go to Properties, then Actions to see the program it runs. If the executed program is suspicious or its file path leads to Local or Temp folders, delete the task.
Next, use the Start Menu to search for Folder Options. Open it, go to View, enable Show Hidden Files and Folders, and click OK. Navigate to C:\Program Files. Sort folders by date. Delete any recently created ones with unfamiliar names or linked to untrusted programs. Then, delete the Policies folder in C:\Program Files (86)\Google.
Go to Settings > Apps. Uninstall any applications installed around the time you noticed the Goodtosearch virus in your browser.
If you didn’t manage to clean your system manually or don’t think you can do it on your own we recommend using SpyHunter, a powerful anti-malware tool you’ll find on this page that can make a quick work of any malicious files. If you are interested, this is how to use it:
Click the SpyHunter direct download link from the table above or the banner further down this guide and download the program’s installer.
Run the installer and install SpyHunter on your PC by following the setup prompts. Don’t worry – there’s nothing you don’t want included in the installer.
Once SH is installed, open the program to familiarize yourself with its interface. The tool will automatically start a full system scan to find potential threats and undesirable software – let it complete.
Once the scan finishes, you’ll get a report in the Active Scan tab with everything undesirable and potentially malicious on your PC. Click Next, and you’ll be asked if you’d like to try the free trial of the program or purchase a license in order to clear the threats.
Choose whichever option you prefer and provide the required details on the page that opens to either begin your free trial or start your paid subscription to the tool.
After that, click on Select All Objects and Proceed. Then click Next again and the tool will automatically delete all rogue files and resolve any other problems it detected.
And that’s it! After you clean your system with SpyHunter, there should be no rogue data remaining on your PC. It’s even likely that you won’t have to perform the guide shown here because the removal tool makes sure to clear any rogue browser data that might be enabling the hijacker.
Of course, if Qltuh is still in your Chrome or Edge, perform the steps you’ll see below to delete it, knowing that it won’t return thanks to SpyHunter.
How to Get Rid of the Goodtosearch “Managed by your organization” Policy in Chrome, Edge, and Other Browsers
To remove the Goodtosearch policy from Chrome, open Chrome. Type chrome://policy in the address bar, hit enter. Listed policies show what they enforce. Look for policies with random letters as their values, copy them, save them in a text file for later.
Visit the Chrome Extensions Manager: Chrome Menu > Extensions > Extensions Manager. Toggle on Developer Mode. Copy the ID of Goodtosearch and other rogue extensions into a text file.
If you get redirected when trying to access the Extensions Manager, go to C:\Users*YOUR_USERNAME*\AppData\Local\Google\Chrome\User Data\Default\Extensions. Delete all folders shown there. Access the Extensions Manager again. All extensions should now appear as “Corrupted”.
Press Winkey + R. Type regedit, press Enter. Go to Edit > Find, copy the rogue policy value saved earlier. Search for it in the registry. Delete found keys, repeat the search to ensure all related entries are removed.
If you encounter an error preventing you from deleting a registry key, right-click the key above it. Open Permissions > Advanced > Change.
Type “everyone” in the text field, click Check Names, then OK. Enable “Replace owner on subcontainers and objects” and “Replace all child object permissions”, then click Apply and OK.
Search for entries linked to other policy values and rogue extension IDs saved earlier. Delete them. Finally, delete these five registry keys:
- HKEY_CURRENT_USER\Software\Google\Chrome
- HKEY_CURRENT_USER\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Update
Rogue policy should now be gone from Chrome. However, to ensure there’s really nothing left from them, we also recommend performing the next two steps.
- Search for Edit Group Policy through the Start Menu. Open the first entry. Navigate to Local Computer Policy > Computer Configuration. Right-click Administrative Templates > Add/Remove Templates. Delete everything listed. Go back to the Start Menu, search for Folder Options, click the first result. Go to View > Show Hidden Files and Folders > Apply > OK.
- Navigate to C:\Windows\System32. Delete the GroupPolicy and GroupPolicyUsers folders. Search for Command Prompt through the Start Menu. Right-click the result, run it as administrator. In the new window, run the command: gpupdate /force.
To ensure the “Managed by your organization” message does not reappear in Chrome, download the Chrome Policy Remover tool. Run it as Administrator, follow the prompts to remove all Chrome policies. After this, restart your PC.
How to Delete the Goodtosearch Extension From Your Browser
Finally, delete the Goodtosearch extension from Chrome.
- Open Chrome, go to the menu. Then Settings > Privacy and Security > Delete Browsing Data > Advanced.
- Set a time period covering when the redirects started. Check all boxes except Passwords, click Delete.
- Go to Site Settings (still in the Privacy and Security section), remove any rogue URLs in the “Allow” sections of all permission types.
- Do the same in the Appearance and On Startup sections.
- In the Search Engine tab, choose a reputable search engine as the default. Open Manage search engines and remove any untrusted URLs.
Congratulations, you successfully removed the hijacker!
Leave a Comment