Once again, the Chrome Web Store quality control seems to have been tricked by yet another browser hijacker. This time the rogue extension is called JDISearch, and it’s like the 6th or 7th iteration of the same hijacker developed by findflarex and designed to enforce the fake boyu.com.tr search engine onto as many browsers as possible.
We don’t know how or why these so obviously fake extensions are allowed into the Chrome Web Store, but we know that most users don’t get them from there. Instead, hijackers like JDISearch find their way onto users’ browsers through file bundles. They are generally attached to game modes for Minecraft or Roblox, emulators like Noxplayer, or pirated software downloaded from sites like Steamunlocked.
In any case, JDISearch and its numerous siblings – SEEKSE, UKASEE, and others – are definitely something you don’t want on your browser. Not only are they annoying, but they can also expose you to unsafe content, so here’s how to get rid of this particular hijacker.
JDISearch Extension Removal Instructions
Removing the JDISearch browser hijacker isn’t just a matter of hitting “uninstall.” The process involves tackling the root issues that complicate its removal. This hijacker digs deep into your browser’s system, embedding itself through restrictive policies.
If you see a message that reads “Managed by your organization”, it means the browser’s settings are locked by the hijacker-imposed policy. Disabling the rogue policies is your ticket to regaining control. Once your browser is free, you can rid it of this pesky extension and the fake search engine it has enforced as your default one.
SUMMARY:
Name | JDISearch |
Type | Browser Hijacker |
Detection Tool |
——————————IMPORTANT – READ BEFORE YOU PROCEED!—————————
Browser hijackers like JDISearch generally enter users’ PCs by being bundled with some other software. This means even if you remove the hijacker, it might get reinstalled by that other software. Additionally, depending on what program brought this hijacker to you, it’s possible that there’s some sort of malware in your PC.
Therefore, we strongly recommend uninstalling any suspicious newly installed programs by going to Start Menu > Settings > Apps.
However, this may not always be enough, especially if you are dealing with actual malware, so we recommend using the advanced removal tool from this page, SpyHunter, to perform a full system cleanup and delete any threats that might be lurking in your computer.
How to Get Rid of JDISearch Chrome Policies
You’ll only be able to restore your browser’s normal state once the rogue JDISearch policy is removed from it. Here’s what you need to do:
Step 1: Identify JDISearch Policies
You first need to identify the browser policies that JDISearch has tampered with.
Chrome users should type “chrome://policy” into the address bar. Edge users should replace “chrome” with “edge” in the URL.
Once you’re on this page, scrutinize the listed policies and pay attention to their values. Policies with random strings of letters and numbers as their values? Those are likely your culprits, probably tied to the hijacker. Copy these suspicious policy values into a text file. This info will be your reference later, so keep it handy.
Now, it’s time to take a closer look at the extensions installed in your browser. It might seem like a bit of a chore, but this step is critical.
Open your browser’s menu, go to the Extensions Manager, and enable Developer Mode. This will show you more details about each extension. Spot any rogue extensions that refuse to be deleted? Take note of their IDs. You’ll need this information soon.
If you can’t access the Extensions page, don’t worry and do the following:
Navigate through your directories to find the extensions folder. Usually, it’s located at C: > Users > [Your Username] > AppData > Local > Google > Chrome > User Data > Default > Extensions.
Inside, you’ll see subfolders. Some of these should match the policy values and extension IDs you saved earlier. If you can’t identify the hijacker-linked folders, deleting all folders in this directory might be necessary. No need to stress – legitimate extensions can always be reinstalled later without any hassle.
Step 2: Clean the Registry
After handling the extensions, it’s time to dig into the Registry Editor. This part might sound a bit daunting, but if you do everything as instructed, you should be fine.
Open the Registry Editor by pressing Win + R, typing “regedit,” and hitting Enter.
Use the search function (Ctrl + F) to locate and delete any registry keys linked to the rogue policy values or extension IDs you saved.
If a stubborn registry key refuses to go, adjust permissions: Right-click the parent folder, select Permissions, choose Advanced, and type “everyone“. Then select Check Names > OK. Back in the previous window, enable both “Replace…” options, and click Apply > OK.
Then, try deleting the stubborn key again. Persistence here will pay off.
We also recommend navigating to and deleting the keys shown in the image below:
Step 3: Clean the Group Policy Editor
With the Registry Editor tasks done, it’s smart to double-check for any lingering group policies that JDISearch might have set up.
Open the Group Policy Editor by searching “Edit Group Policy” in your Start Menu.
Navigate to Local Group Policy > Computer Configuration. Right-click on Administrative Templates, then choose Add/Remove Templates.
Remove any templates you find. This will help clear out any remaining group policies that the hijacker may have implemented. No loose ends should be left behind.
Step 4: Run the Chrome Policy Remover
To simplify the process, consider using a specialized tool to remove Chrome policies. Honestly, this can save you a ton of time and it’s totally free.
Run the tool as an administrator and click More Info > Run Anyway if you get a Windows warning (as of the time of writing, the tool is absolutely safe). The program will automatically run a script that clears all active Chrome policies.
Essentially, this resets your browser’s policy settings to their original state. It’s like hitting the reset button on all the policy changes JDISearch made.
How to Delete JDISearch Virus Extension From Your Browser
Finally, after all these steps, it’s time to clean up your browser settings. Any lingering traces of the JDISearch hijacker need to go.
Open your browser’s Settings menu and carefully review the following sections:
Start in the Extensions tab and remove JDISearch along with any other suspicious extensions.
Next, head to Privacy and Security. Clear your browsing data, focusing on the period before the hijacker’s arrival. It’s okay to keep your saved passwords intact if that’s your preference.
Then go to Site Settings below, check each type of permission, and remove any strange URLs, such as findflarex.com or boyu.com.tr, in the Allow section.
While you’re at it, visit the Search Engine tab and make sure your default search engine is reliable – Google or Bing is a safe bet. In the Manage Search Engines section, remove anything that seems dubious. The fake boyu.com.tr search engine will likely be here too.
Lastly, check the On Startup and Appearance tabs for suspicious URLs and delete them.
To wrap everything up, perform a full system scan using a reputable anti-malware program. This step might seem like overkill, but we are trying to give you the best security advice. A thorough scan will help you identify and eliminate any remaining threats that might try to bring the hijacker back.
Is JDISearch Harmful?
We’ve said it before about other hijacker extensions from findflarex.com, and we’ll say it again about JDISearch. The extension itself doesn’t do anything particularly problematic. It just changes the search engine tool of your browser, spams you with annoying notification pop-ups, and redirects your searches through boyu.com.tr. Unpleasant, but not the end of the world.
The real danger, though, is the content that this hijacker may get you exposed to. The “Terms of Use” page for all findflarex extensions (yes, there’s such a page!) explicitly states that the organization behind these extensions can’t be held responsible if their software displays illegal and unsafe third-party content.
In other words, it’s fully possible that JDISearch redirects you to a phishing scam page or a site filled with malware downloads if this generates income for the hijacker’s creators.
Needless to say, the sooner you get rid of this software, the better. Which reminds me – if you haven’t completed our JDISearch removal guide, go ahead and do this now to secure your system and browser.
Leave a Comment