How to Remove Skyjem

Skyjem is one of the most commonly encountered browser hijackers for Windows PCs in recent weeks, so we are actively monitoring it to provide you with the most relevant, up-to-date, and helpful information and removal instructions.

Like most other hijackers, Skyjem is basically a fake search engine designed to promote various websites, many of which might not be safe. It’s similar to boyu.com.tr (another common hijacker) and is typically enabled by rogue browser extensions like Fortify, the Searchisty Extension, and AstralQuasarel. The hijacker could also get added to the browser by a rogue app called InternetGuardian.

This hijacker can enter any browser but seems to be most commonly encountered in Chrome and Opera GX. Once it attaches to the browser, it changes the default search engine to skyjem.com/j/nt/ and enforces a third-party “Managed by your organization” policy that stops you from reversing the changes it has made in the browser.

Skyjem Removal Guide (Chrome, Opera GX, Edge, and more)

The key to removing Skyjem from your browser is finding the InternetGuardian software that enables it and uninstalling it. Then, it’s also advisable to check your browser for any rogue policies and delete them, and also restore the browser’s settings if they’ve been altered. The guide below shows how to do all of that.

Name	Skyjem
Type	Browser Hijacker
Detection Tool	We tested that SpyHunter successfully removes parasite* and we recommend downloading it. Manual removal may take hours, it can harm your system if you re not careful, and parasite may reinstall itself at the end if you don't delete its core files. Download SpyHunter (Free Remover) OFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

How to Get Rid of Skyjem.com by Uninstalling InternetGuardian

The goal here is to find the InternetGuardian files and remove them from your PC alongside the rogue program. Normally, you can just search for Apps & Features in the Start Menu, open the first result, find the program in the list, and uninstall it from there. However, users report that this doesn’t work, so here’s the solution:

1. First, type Task Scheduler in the Start Menu and press Enter to open it.
2. Then open the Task Schheduler Library folder and look for any tasks related to InternetGuardian.
3. We recommend investigating all tasks by right-clicking them, and going to Properties > Action to see what process or program they run.
4. If any task seems related to InternetGuardian, right-click it and delete it.
5. Type Folder Options in the Start Menu, open it, then go to View. Enable the Show Hidden Files and Folders option and click OK.
   
6. Then press Ctrl + Shift + Esc to open the Task Manager and if it’s in a compact mode, click More Details to view the full list of processes.
7. Now look for a process named “IGuardian.exe” (or something similar), right-click it, and click End Task.
8. Now quickly go to C:\Program Files, look for the InternetGuardian folder, and open it.
9. Delete everything in that folder except a file named WinDivert64.sys.
10. If you are having trouble deleting some of the files, download and install Lock Hunter, then right-click the problematic file, select “What’s locking it” from the context menu, and then click Delete it! in the next window.
11. Once all files in the InternetGuardian folder except WinDirect64.sys are removed, open the Task Manager again, go to Startup, and disable all startup items (you can re-enable the ones you want later).
12. Now restart your PC and as soon as the machine boots back up, go back to C:\ Program Files and delete the entire InternetGuardian folder. If you aren’t allowed to do that, use Lock Hunter again.
    
13. Next, type “%Temp%” in the Start Menu, press Enter, and then select and delete all files in the Temp folder that opens.

After you do this, it’s possible that Skyjem gets automatically removed from the browser. In case it’s still there, proceed with the next sections of this guide.

Delete Skyjem Policies

If you are still unable to get rid of Skyjem, then the hijacker has probably imposed its custom policy onto your browser, preventing you from reversing the changes it has made to its settings. Here’s how to deal with this:

1. Search for Edit Group Policy in the Start Menu and press Enter.
2. Expand Computer Configuration, right-click on Administrative Templates, and remove any policies that might be listed in the next window.
   
3. Then go to the affected browser and in the address bar, type the browser’s name followed by ://policy (for example – chrome://policy) and hit Enter.
4. After that, look for policies with Values with random letters and numbers and copy the respective value in a notepad file.
   
5. Also go to the browser’s extensions page, click the Developer Mode button, copy the IDs of any rogue extensions you want to remove, and save them in the same notepad. One example of a extension that might be enforcing the Skyjem hijacker is called AstralQuasarel (more on that later), but there could be others too.
6. Now type regedit in the Start Menu, open the first result as administrator, press Ctrl + F and search for the rogue policy value in the Registry.
7. Delete everything you find (you must repeat the search each time you delete an item to see if there are more). Then do the same with the other policy values and extensions IDs.
8. Once all of this is done, go to each of the following locations in the registries, and if there you find sub-keys (Registry folders) with the name of the affected browser, delete them:
   • HKEY_CURRENT_USER\Software
   • HKEY_CURRENT_USER\Software\Policies
   • HKEY_LOCAL_MACHINE\Software
   • HKEY_LOCAL_MACHINE\Software\Policies
9. After that, open File Explorer and navigate to C: > Windows > System32.
10. There, delete the GroupPolicy and GroupPolicyUsers folders.
11. Next, open the Start Menu, type cmd, right-click the Command Prompt icon, and click Open as administrator.
12. Type “gpupdate /force” in the Command Prompt window and then press Enter.
13. Once the command is executed, close the Command Prompt, restart your PC, and open Chrome to see if the enforced Skyjem policy is gone.

This should take care of any rogue policies in your browser. If you’re on Chrome and the Skyjem policy isn’t removed yet, you can download the Chrome Policy Remover, open it as Administrator, and press Enter to run its script. This will automatically delete any remaining rogue policies.

Remove Skyjem Leftovers From Your Browser

Once the rogue policy is removed, don’t forget to also clean your browser from any rogue extensions Skyjem has introduced and any settings changes it has made:

1. Open your browser, go to its menu, and then go to Extensions. Delete any unwanted extensions that you suspect are linked to the hijacker.
2. Then go to Settings from the browser’s menu, select Privacy & Security > Clear Browsing Data, select all types of data except Passwords, and delete it.
   
3. Then scroll to the Site Settings section > Permissions, check each permission type, and remove from it skyjem.com/j/nt/ or any other rogue URLs.
4. Also look for rogue URLs in the Appearance and Startup tabs and delete them.
5. Finally, check the Search Engine section, ensure your default search engine is the one you want, and then open Manage Search Engines.
6. There, look for any unfamiliar search engine tools that are allowed in your browser and delete them.
7. If there are still traces of Skyjem in your browser, select the Reset Settings tab from the left, then click the Restore settings option, and click Reset Settings in the next window.
   

This should take care of all unwanted changes made by Skyjem in your browser and get rid of the hijacker for good.

If even after performing all the steps in this section your Chrome browser is still under the effects of Skyjem, we recommend deleting the Chrome browser settings directory. Note this will erase all personal settings for the browser such as passwords, bookmarks, etc.

To do this, go to C: > Users > *YOUR ADMIN USER FOLDER* > AppData > Local and delete the Google folder.

Uninstall AstralQuasarel to Remove Skyjem

When we were researching the Skyjem hijacker and Internet Guardian, the app that enables it, we stumbled upon a rabbit hole full of related hijackers, fake search engines, and rogue sites. It’s not surprising, since most hijackers thrive on promoting other sketchy sites and software, but it’s important to be aware of what else you might come across if Skyjem is in your browser.

Recently, several German users have reported getting the AstralQuasarel unwanted extension in their browsers, which enforces a third-party policy in the browser and changes the search engine to AstralQuasarel. Therefore, if you see this unfamiliar extension in your browser while trying to get rid of Skyjem, know you must delete it too.

One weird consequence of the presence of the AstralQuasarel in the browser (Chrome in particular) is that the user isn’t even able to uninstall the browser. Once the extension is installed, Chrome disappears from the list of installed programs in the Control Panel and from the Apps & Features list. Trying to uninstall the browser through its .exe uninstaller also doesn’t work as it simply redirects to Apps & Features.

This tells us that the AstralQuasarel extension is able to gain some pretty high-level privileges and must be removed immediately. The introduction of Skyjem to the browser might be the least of your worries if this extension is in your browser.

Like other rogue extensions, AstralQuasarel employs the “Managed by…” policies feature to take over your browser, and you won’t be able to delete it until the respective policy is deleted. We’ve shown how you can do this in the guide above. Once you perform the policy removal steps, you should be able to delete the rogue extension without any issues.

Other rogue sites related to Skyjem are busqueda.me and moreresearch.com so if you get redirected to either of these, you are most likely dealing with the same thing. We keep monitoring the situation with this network of browser hijackers and scam sites and do our best to update this article with more relevant information.