The SurfSee Chrome extension is a browser-hijacker class malware we recently researched after being informed by reader comments. Like other recent offenders that redirect to Boyu.com.tr (like FortyFy and Searchisty) it uses Windows’ built-in ‘managed by organization‘ state to enforce its desired settings on the victims of the scam. To be clear, all recent hijackers operate the same way and target the same redirect chain, so this is nothing new.
The good thing about this is that we can guarantee the guide below works. Just stick with it. This isn’t some ‘engagement’ talk to make you stay on the page. It really works, and we’re really here to help.
With that out of the way we’ve got only one other thing to notify you about. The guide refers to the malware as SurfSee and as a single entity, but it covers aspects that are it, strictly speaking. Rather, these aspects concern with other malware components like Boyu, for example. There’s not point helping you remove only the SurfSee extension if the other hijacker components will restore it back in a while. So the removal guide covers everything. But we refer to everything as SurfSee for less confusion.
Here’s how to remove the SurfSee Extension
First, we are obligated to tell you that you do everything at your own risk and we can’t carry blame if you mess anything up.
Second, we’ll show you how to make a restore point at the beginning of the guide, so don’t be worried, you can just revert.
Third, if you follow everything to the letter, nothing bad will happen, and you’ll walk away malware-free.
Now, let’s start.
Let’s remove the SurfSee extension’s ‘Managed by your organization’ feature on Chrome
There are several ways you can go about this, but I’ll give you only the one which is manual (so no downloads of any kind) and is the easiest in my opinion. Before that, create a Restore point you can roll back to if anything happens.
Press the Windows key on your keyboard and type Restore. “Create a restore point” should come up right away. After you open it, click Create, name your point and finish up.
OK, you are done with the preparation. Now, it’s time to go to the Policy Editor. Custom policies are visible there, and handily it’s also the easiest place to delete them. Navigate to the following menu:
- Like with the restore point, type “Edit Group Policy” after pressing the windows key. Go into the first result and open the Computer Configuration folder, then right-click on Administrative Templates.
- Click Add/Remove. There should be a policy listed for Google Chrome. Select it, and click Remove. You will need to do a reboot to apply these changes.
- The next thing to do is open Chrome, and copy-paste chrome://management in the address bar. the page should say it’s not managed by anything anymore. You will now be free to change anything related to SurfSee in the browser.
Note: I don’t know under what circumstances the above can fail, but if it does, either download the anti-malware program we recommend, and give it a go, or alternatively download this tool. It should automatically remove the chrome policies. Just run delete_chrome_policies.bat as an administrator and that’s that.
Remove the SurfSee extension’s Changes to Chrome
The SurfSee extension’s changed are now free to change. Quick note: you may run into other weird extensions like FortyFy and Searchisty, and possible more down the line. You will now need to record them for later. It’s important to do this.
- Go to the Extensions tab in Chrome’s settings. See if there are any extensions out of place or with weird descriptions like “Changes the default search engine” or that supposedly offer protection.
- Deactivate them first and, then toggle the Developer mode in the upper right of the page. You should now be able to see every extension’s ID. Copy-paste the ID of any suspect extension in a word processor.
- Go to Settings → Privacy and Security, → Delete Browsing data > Advanced. Delete all data in there except for your saved passwords (your choice on this).
- Site Settings, → the Site Permissions section on the right, check the “Allow” list of each permission type. Look for SurfSee in here and possibly any rogues search engine you were redirected to. Delete permissions for the unsafe URLs.
- Open Appearance. If your new tab page is set for some search engine, change it back to whatever you prefer.
- In the Search Engine tab —> Manage Search Engines . If the engine was changed, reset it to whatever you prefer.
- Also check the Startup tab and delete from it SurfSee or any other rogue URL that might be there.
Now then, granted you removed the policies, this is the best time to clean your system registry from other malware installed with SurfSee. The next step is the last you’ll need to perform. Its purpose is to revert all settings to their original values.
- Press Winkey + R, type regedit, and hit Enter.
- Click Yes to open the Registry Editor, and then press Ctrl + F.
- Paste in Search any policy value you copied from earlier and click Find. Search and delete each result until the search doesn’t show anything with these values.
- Next, do the same with the SurfSee extension’s ID and delete all related Registry Entries for it and any other extensions.
If you made it until the end of this page, I can only salute you and hope you did everything correctly. Reboot your PC. Good luck from us and we hope we were helpful! If you run into any trouble, leave us a comment, and possibly download the anti-malware tool we promote. This will help us a lot to keep the website afloat!
If you have a hard trouble following the truncated version of these managed by organization tutorial, you can find a longer version here.
Leave a Comment