We created this page in response to ISEEK – a rogue extension for the Google Chrome browser that chain-redirects to findflarex.com and then to boyu.com.tr. It also locks the browser’s settings behind a ‘managed by organization’ state reserved for enterprises and work environments. For reference, Boyu is the primary fake search engine that browser hijackers like ISEEK have used in the last 3 months.
We’ve witnessed several ‘new’ extensions by Findflarex abuse the Chrome Web Store’s lax policies. All of these extensions to date are a copy-paste variants of the same thing like ISEEK. To name a few, these include Searchisty, Ksearchy, Funny Tool Redirect, and Surfsee. There are no functional differences with ISEEK, and actually in many cases, the scammers forget to change the name in the EULA and use an older extension’s name.
However, newer variants of this hijacker tend to be more difficult to remove and require additional steps to fully clean your browser from them. Therefore, we ensure to keep up and constantly update our articles to provide the most effective removal guides for these hijackers.
ISEEK Extension Removal Guide
The main method used by ISEEK and similar hijackers to make themselves difficult to remove is to leverage the Chrome enterprise policy feature. The hijacker introduces a third-party policy to the browser and this locks you out of being able to reverse the changes it has made. A “Managed by your organization” note in the browser indicates the presence of such a policy. Therefore, our first goal with this guide is to help you unblock your browser.
SUMMARY:
The ‘Managed by’ policy we keep talking about can be deleted relatively easily. From there on it’s just a matter of knowing the right settings to tweak back.
However, it’s important to note that hijackers are often delivered into the PC by some form of malware or rogue program that got installed on the PC. If any such software is on your machine, you’ve got to remove it too, else the hijacker and its policy will likely return. Therefore, we recommend you first complete the next system cleanup steps before moving on to the policy and hijacker removal.
IMPORTANT!: Some malware programs are very sneaky and difficult to delete manually. If the next steps aren’t enough to clean your PC, we strongly advise using a reliable removal tool such as SpyHunter, the anti-malware program available on this page.
First, open the Windows Start Menu by pressing your Winkey. Type and open Task Scheduler, click Task Scheduler Library folder on the left. Take your time to right-click each listed task, go to its Properties, and check its Actions tab to learn about what actions it performs.
If you find anything suspicious, especially related to Chrome or running from your Local or Temp folders (no normal programs do this), delete the task (right-click > delete).
Go to the Start Menu again, search for and open Folder Options, go to View, and check Show Hidden Files and Folders. Click OK to save the changes.
Go to C: > Program Files. Sort the folders by date modified, and look at the names of the folders. Is there anything you don’t recognize? Backup it by copying it somewhere, then delete the folder, if it’s a name you are not familiar with.
Also go to C: > Program Files (86) > Google and delete the Policies folder.
Now everything should be ready to get to the main part.
How to the Remove the ISEEK Extension’s “Managed” Policy From Chrome
The key to removing hijackers like ISEEK is to unblock your browser from their rogue policies. This can be done in several ways:
Open the Group Policy Editor by searching for “Edit Group Policy” in the Start Menu and clicking on the first thing. Go to Local Computer Policy > Computer Configuration, right-click Administrative Templates, select Add/Remove Templates, and delete everything there.
Open Chrome, then go to Chrome://policy (type it in the URL bar and press Enter). If you are using a different browser, replace “Chrome” with that browser’s name (e.g. “Edge://policy”).
After the previous step, there shouldn’t be any policies left there, but in case there are any, look at their values. If those values consist of random letters, copy them and save them for later use in some text file.
Then open the browser menu, go to Extensions > Manage Extensions, and click the Developer Mode button in the top-right to enable it.
IMPORTANT!: If you can’t access the Extensions Manager, do this:
Go to this location in your system: C:\Users\*YOUR_USERNAME*\AppData\Local\Google\Chrome\User Data\Default\Extensions.
The folders you see there represent the extensions in your Chrome browser. Since you aren’t allowed to open your extensions manager, you can’t see which folder contains its data.
As of the time of writing, the ID and extension folder name of ISEEK is dgekdkjlgaojdgiipdplocmpecmdgpih, but we still recommend that you simply delete all extensions folders.
This will corrupt all extensions in your browser and make them unusable, but you can always repair the ones you actually want to keep.
Copy the ID of the ISEEK extension and of any other extensions you want to remove. Now it’s time to go to your Registry Editor, look for rogue entries related to the hijacker extension, and delete them:
Go to your Registry Editor (search it in the Start Menu > right-click > Open as Administrator). Then click Edit > Find, copy-paste a saved ID in the search box, and click Find Next.
Delete any key that is found with the IDs you saved. Search over and over until you cannot find any more IDs.
IMPORTANT!: Do this extra step if you aren’t allowed to delete a particular Registry key:
Right-click on the mother key that’s above the one you must delete, go to Permissions > Advanced, and click Change.
Type “everyone” next to “Object”, click Check Names, then click OK.
Put checkmarks next to “Replace owner on subcontainers and objects” and “Replace all child object permissions“, and then click Apply and OK.
Now, go to each of the following locations in the Registry Editor’s left panel and delete the Chrome key (if such a key is available):
- HKEY_CURRENT_USER\Software\Google\Chrome
- HKEY_CURRENT_USER\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
Also go to this Registry Editor location and delete the Update key: HKEY_LOCAL_MACHINE\Software\Policies\Google\Update.
There are a couple of additional steps we recommend performing to ensure there’s truly nothing left: Go to C: > Windows > System32 and delete the GroupPolicy and GroupPolicyUsers folders.
Then type cmd in the Start Menu, right-click on the first item, and open it as Administrator. Type “gpupdate /force” and press Enter to execute it. This resets the group policies on your PC.
Finally, download and run the Chrome Policy Remover tool (you must run it as Administrator, then click More Info > Run Anyway). This will run an automatic script that will delete any remaining third-party policies from Chrome.
How to delete the ISEEK Extension from your settings
We overkilled it in the previous part to make sure you 100% removed the policy. All that’s left to do now is to delete the rogue extension from your browser settings and reverse the modifications it made. Here’s how to do that:
- Open Chrome, go to Settings> Extensions > remove the ISEEK extension. Do the same with any other extensions that you do not trust.
- Then go to the browser menu again and open Settings > Privacy and Security > Clear Browsing Data.
- Click the Advanced tab, check all boxes with the exception of Passwords, set an appropriate time period that goes back to before the ISEEK infected the browser, and then click Clear Data.
- In Privacy and Security click on Site Settings. Go through each permission type, check its “Allowed” section, and remove from it any sites that you didn’t intentionally allow.
- Then check the Appearance and On Startup sections and delete any weird sites on them, like Boyu.com.tr or findflarex.com.
- In the Search Engine tab, change back the default search engine tool to the one you like, and click on Manage Search Engines.
We also recommend that you go to C:\Users\*YOUR_USERNAME*\AppData\Local\Google\Chrome\User Data\Default\Extensions. As of the time of writing, the extension ID for ISEEK is “dgekdkjlgaojdgiipdplocmpecmdgpih“. Delete it if there’s such a folder left.
Once you’ve performed each of these steps, restart the computer. Congratulations on removing ISEEK!
What Is the ISEEK Chrome Extension?
Like we explained at the start, ISEEK is just one of many nearly identical browser hijacker extensions, all coming from the same fake company – findflarex. The fact that the ISEEK and other extensions like it have an actual page on the Chrome Web Store might make some users think that these are actually legitimate browser add-ons, but that’s very far from the truth.
We did some investigating to figure out how threatening ISEEK is and whether there’s anything legitimate about it and what we came across is a Terms of Use linked on its Chrome Web Store page.
We visited it and actually took the time to read what’s in the terms of use. Lo and behold, the creators of this hijacker blatantly admit that they are in no way responsible if the rogue extension happens to redirect you to a scam page or a site that distributes malware. Is there any need to further discuss if this extension is something you don’t want on your PC? We doubt it.
At the same time, it seems findflarex have found a way to circumvent Google’s requirements for the extensions allowed into the Chrome Store, so their hijackers, including ISEEK, continue to be present there. As of writing, you can find the ISEEK extension in Chrome’s Web Store, but these things get deleted and a new one pops up every week. We assume the scammers themselves delete the extensions to avoid admin scrutiny, then start over.
One important thing worth noting is that pretty much no one gets ISEEK and its siblings directly from the Web Store. Most of the time, such hijackers are attached to mods for games like Minecraft and Roblox, game ROMs for console emulators like MuMu and MEmu, and, of course, cracked games downloaded from pirate sites like Steamunlocked.
Needless to say, if you want to keep your PC and browser clean in the future, you must avoid downloading low-quality or illegal software.
Leave a Comment