How to remove NebulaNanoel Extension from Chrome and other browsers

Home ยป Browser Hijacker ยป How to remove NebulaNanoel Extension from Chrome and other browsers
Updated
July 2 2024
Author
Nathan Bookshire

We created this page to address a malware infection with a fake extension called NebulaNanoel. If you are reading this, you are probably bombarded with redirects to sites like Boyu and fake bing searches. There is also another extension that serves the same purpose as this one. It’s called Fortyfy. The NebulaNanoel extension specifically targets chrome users but we designed the guide to be compatible with other browsers in case this changes.

At any rate, the guide below is guaranteed to work. We tested it.

NebulaNanoel is missing from the Chrome web store.
NebulaNanoel is completely illegitimate and does not appear in the Chrome Web Store.

NebulaNanoel Extension Removal Guide (for Chrome)

We hope you did not press allow for any push notifications if you were asked to do so. This gives NebulaNanoel further leverage to tamper with your system. But we will deal with this later.

Note: We are showing Chrome for the guide, but the same applies for other Chromium-based browsers like Edge and Brave, if it turns out they are infected as well. For example when we tell you to type chrome://extensions, just substitute your browser name for โ€œchromeโ€ (e.g. edge://extensions) and itโ€™s the same.

SUMMARY:

Name NebulaNanoel
Type  Browser Hijacker
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

First off, the NebulaNanoel extension enforces an active policy. Modern hijackers use this to prevent you from removing any URLs and search engines they want to redirect you to. 

They do so through a โ€œmanaged by organizationโ€ state typically reserved for work networks that donโ€™t want you to have full admin privileges. We need to remove such a state before we can make changes.

Start up Chrome and enter chrome://management/ in the address bar. If anything is enforced on you, you are locked out of some settings.

blank

Take notice of what shows up on that screen and donโ€™t do anything yet.

The next stop is to check whether you have in your browser any suspicious extensions. Type and enter chrome://extensions/ in the address bar. 

blank

Look for anything you havenโ€™t seen before and/or it has the โ€œRemoveโ€ button greyed out. Such extensions drive the redirects. Donโ€™t even read their โ€œdetailsโ€ tab, just exercise common sense and remove anything you donโ€™t like. If itโ€™s legitimate, you can put it back on later. If anything showed up in the previous step, you can look for it here.

At the top right of the Extensions page turn on “Developer Mode.” You will now be able to see the dedicated ID of any extension. blankHighlight and copy the ID of anything infected with Ctrl+C. Store the IDs in a text editor, you will need them later.

blank

The last places to check are your Search Engine and On Startup tabs. 

Type and enter chrome://settings/ in the address bar. You want to look at the tabs I highlighted.

blank

Look, Iโ€™m not going to state obvious stuff here, but take a look at what these are set set as. If a search engine canโ€™t be removed and has โ€œdetailsโ€ next to the name, then it is enforced by an โ€œorganizationโ€ again. Similarly, The On Startup tab can be set to a specific page or tab – take note of these. 

After we remove the managed by organization state, youโ€™ll have to go back to these settings to fix them. You just canโ€™t right no while they are locked.

Anti-virus offerOFFERSome threats reinstall themselves if you don’t delete their core files. We recommend downloading SpyHunter to remove harmful programs for you. This may save you hours and ensure you don’t harm your system by deleting the wrong files.
Download SpyHunter (Free Remover*)
*7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

Remove NebulaNanoel with the Group Policy Editor

Type Edit Group Policy in the Windows Start Menu, open it, and expand the Computer Configuration entry.

  1. Right-click on Administrative Templates and click Add/Remove Templates.
  2. If you see any items in the list that shows up, select them and select Remove.
  3. Restart the PC, then Chrome. See if the settings you saw earlier are still locked. If they arenโ€™t you should change the settings and remove the NebulaNanoel extension. After that we recommend going through the registries (the step below) or it may return.

Deleting NebulaNanoel from the Registry

If you clean the Group Policy Editor NebulaNanoelโ€™s entries should be gone. But that doesnโ€™t mean anything it installed aside from itself is gone as well, since not all malware use the managed organization state. We urge you to check the registries. Take note of all the extensions IDโ€™s you wrote down earlier. Now is the time to search for them.

  1. First, go into your browser and visit one of the following URLs depending on what browser you are using: chrome://policy for Chrome.
  2. See if there is a policy with a Value that consists of letters and/or numbers.
  3. If there is, copy its value and story it for later.
  4. Now go to your Registry (type regedit in the Start Menu, right-click the Editor > Run as administrator).
  5. Press Ctrl + F and paste and ID you wrote until now, one by one. If you find anything, delete it. You canโ€™t mess up badly here. You will only delete whatever this ID does – which is part of the malware.
  6.  Repeat the search, delete the next item, rinse and repeat until no more search results are shown.

Now that the Registry is also cleaned, your browser should no longer be locked by any rogue thrid-party policies. Restart your PC and check if the browser is free. If it’s not, you’ve probably missed something. We recommend downloading an anti-malware program.

Clean up NebulaNanoelโ€™s leftover parts from Chrome

These are some additional steps to clean up Chrome. If you are on another browser, the steps are the same, only certain names and placements might be different. But the method should be consistently the same throughout.

  1. Start Chrome and navigate to Extensions, and Remove anything unwanted you couldnโ€™t earlier. 
  2. Open the Chrome menu again, and go to Settings > Privacy and Security.
  3. Select Delete browsing data > Advanced, leave only Passwords unchecked, and click Delete Data.
  4. Go to the Privacy and Security tab โ€”> Site Settings โ€”> Notifications. We recommend checking Don’t allow sites to send notifications under Default Behavior. I frankly donโ€™t know who would want to receive notifications and why this isnโ€™t the default setting.

Also go through the settings in the earlier steps and restore these to the defaults. Iโ€™m talking about stuff in Search Engine and On startup. If anything there was changed, you should now be free to modify it.

blank

Nathan Bookshire

Leave a Reply

Your email address will not be published. Required fields are marked *


Is Your PC Secure?

Protect your PC & prevent malware with SpyHunter (Try Free For 7 Days*)

Download SpyHunter Now
(Windows)