How to delete Searchisty Extension from Chrome

The Searchisty extension is yet another rogue extension we detected recently, together with FortyFy and NebulaNanoel. All of the mentioned extensions are created by malware actors to enforce an active managed by organization state on the browser, to make the redirects and changes immutable. 

So in other words, it ties your hands and makes it harder to remove anything. Thus the Searchisty extension and its siblings are not legitimate and provide no value – not to you anyway. Its description states it changes the search engine to findflarex.com but in reality this domain is more of a gateway. Further redirects go to Boyu currently, but this may change to something else. That’s why findflarex is there, this is called a redirect chain.

Searchisty 1
Searchisty as seen in Chrome’s extensions.

Note: the managed by organization state is not unique to the Searchisty extension or even Chrome for that matter. It’s not a malware by itself. It’s a real function in Windows used for work networks and/or parental controls. It’s designed to take away from the user the freedom to change some settings. In this case the function is just abused by the malware.

How to remove Searchisty Extension 

Note: The guide below refers to Searchisty for brevity and avoid confusing you, but that’s not all it contains. It was created to remove everything that infected you, search engines, registries, malicious task scheduler entries, and the folders where some infected files reside. These will involve other malware – I already mentioned Fortyfy and Boyu, for example. So even if you think a step is useless or that you can skip it, we warn you to still do it.  Even if something doesn’t directly appear to concern you – it does.

NameSearchisty
TypeBrowser Hijacker
Detection Tool

How to remove “Managed by your organization” for Searchisty on Chrome

There’s more than one way you can do this, and although we are talking about Chrome, bear in mind, you can actually do most of this on another infected browser as well. We’ll also provide an automatic solution, but that is limited to Chrome only.
If for any reason you are overwhelmed, use the anti-malware solution we recommend in our ads.

Clean the Policy Editor From Searchisty Policies

Custom policies on Chrome are visible in the Policy Editor, where they are also available to delete. To do it, navigate to the following templates:

  1. Type and access Edit Group Policy” in the windows Start Menu. Expand the Computer Configuration folder, and right-click on Administrative Templates.
  2. Then click Add/Remove and see if there are any policies listed in the new window. If you see any policy (that you didn’t add yourself), select it, and click Remove. Restart your PC to apply the changes.
  3. Now, open chrome and type chrome://management. If the page says it’s not managed by anything, you are in the clear and the lock is gone. Scroll down to the step called  “Remove Searchisty’s Changes to Chrome.” You need to perform it after this.

But if on the other hand there is still something showing up in the management page, you’ll have to perform a more thorough cleanup. You will do this in the next step. 

Delete the Searchisty Extension From the PC Registry
To clean the Registry from Searchisty extension, you first need its dedicated ID. This relates to each rogue extension you’ve got in your browser, whether it’s Searchisty or something else. First, go to chrome://policy.

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

Look for policies with a long sequence of random letters or letters and numbers as their Value. If you see one, copy it somewhere for later.

Go to Settings > Extensions. Turn on Developer Mode and look at each extension you have one by one. As an example mentioned earlier in the article, Fortyfy is currently installed with Searchisty.

Copy the ID of any suspicious extension in the browser.

Now, it’s time to clean the Registry from Searchisty and the other malware:

  1. Press Winkey + R, type regedit, and hit Enter.
  2. Click Yes to open the Registry Editor, and then press Ctrl + F.
  3. Paste in Search any policy value you copied from earlier and click Find. Search and delete each result until the search doesn’t show anything with these values.
  4. Next, do the same with the Searchisty extension’s ID and delete all related Registry Entries for it and any other extensions.
  5. Lastly, go to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies” in the Registry Editor, and see if there’s a folder there for the infected browser. If there is, expand it, and delete any policies saved under it.

The next step is the last you’ll need to perform. Its purpose is to revert all settings to their original values.

Remove Searchisty’s Changes to Chrome

You’ll now be able to reverse any browser changes that the Searchisty extension made in the browser. You should check the following settings, because that’s what Searchisty modifies:

  1. Go to Extensions in Chrome. Remove the unwanted extensions that were earlier locked. 
  2. Go to SettingsPrivacy and Security, → Delete Browsing data > Advanced, and delete all types of data except your saved passwords.
  3. Site Settings, → the Site Permissions section on the right, check the “Allow” list of each permission type for Searchisty or other rogue URLs, and delete them.
  4. Open Appearance and restore your preferred new tab page address if it has been changed by the hijacker.
  5. Next, go to the Search Engine tab, restore your preferred search engine, and click the Manage Search Engines option. There, look through the list of tools and remove from it Searchisty or any other suspicious ones.
  6. Also check the Startup tab and delete from it Searchisty or any other rogue URL that might be there.

Congratulations for following the guide! We firmly believe that if you performed everything correctly, the Searchisty extension won’t return. If, however you need more thorough instructions on the same subject, check out our generic managed by organization tutorial that was designed to be much more heavy-hitting. That one will probably do the trick for you. Good luck from us!


About the author

blank

Nathan Bookshire

Leave a Comment