Tech for Techs
Virus, Malware, Spyware => Virus Removal => Topic started by: James on November 05, 2015, 01:54:30 PM
Symptoms:
- SafeSearch is listed as the default search engine in Google Chrome
- When trying to change default search engine in Google Chrome you are unable to make a change and get the following message: "This setting is enforced by your administrator."
Resolution
- Close all open instances of Google Chrome. Ensure that it's not running in the background.
- As a system administrator, navigate to: C:\Windows\System32\GroupPolicy\Machine or C:\Windows\System32\GroupPolicy\User
- Locate the file "Registry.pol" and open it with Notepad. When opened it should look something like:
QuotePReg [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r E n a b l e d ; ; ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r N a m e ; ; ; S a f e S e a r c h ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r S e a r c h U R L ; ; z ; h t t p : / / w w w . s a f e s e a r . c h / w e b / ? t y p e = s s - c h - d s - i x & q = { s e a r c h T e r m s } ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r I c o n U R L ; ; T ; h t t p : / / w w w . s a f e s e a r . c h / i m a g e s / f a v i c o n . i c o ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r S u g g e s t U R L ; ; Œ ; h t t p : / / f f . s e a r c h . y a h o o . c o m / g o s s i p ? o u t p u t = f x j s o n & c o m m a n d = { s e a r c h T e r m s } ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; D e f a u l t S e a r c h P r o v i d e r N e w T a b U R L ; ; F ; h t t p : / / w w w . s a f e s e a r . c h / ? t y p e = c h - n t ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; M e t r i c s R e p o r t i n g E n a b l e d ; ; ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e ; S a f e B r o w s i n g E x t e n d e d R e p o r t i n g O p t I n A l l o w e d ; ; ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ E x t e n s i o n I n s t a l l W h i t e l i s t ; 1 ; ; B ; g b i c p o p j a a i p n h c o n h l f m b k j b c f d h k k l ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ R e c o m m e n d e d ; H o m e p a g e L o c a t i o n ; ; X ; h t t p : / / w w w . s a f e s e a r . c h / ? t y p e = 2 0 1 5 1 0 0 2 - c h - i x ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ R e c o m m e n d e d ; H o m e p a g e I s N e w T a b P a g e ; ; ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ R e c o m m e n d e d ; R e s t o r e O n S t a r t u p ; ; ; ] [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e \ R e c o m m e n d e d \ R e s t o r e O n S t a r t u p U R L s ; 1 ; ; X ; h t t p : / / w w w . s a f e s e a r . c h / ? t y p e = 2 0 1 5 1 0 0 2 - c h - i x ]
- Verify that the file references the extension ID. "www.Safesear.ch" should be listed in the file.
- Delete the "Registry.pol" file.
- Open Google Chrome and verify that you are able to change your default search engine. Delete the SafeSearch search engine from the list.
- Run virus scans to clean other infections, and spyware from the system.