How to Fix a Virus Enforcing Google Chrome’s Search Engine And Proxy

By | February 6, 2016

If you’ve become infected by malware, quite often the virus will hijack your registry, enforcing a group policy that requires you to use their search engine, and prevents you from changing it. If Google Chrome states “this setting is enforced by your system administrator”, and you’re not using a work or school computer, you may be a victim of this virus.

In addition, the virus may also enforce a proxy via group policy as well. Group policy is intended as a tool for system administrators, however in this case it is exploited by the creators of the virus to control the settings of systems they infect.

 

Note: It is strongly recommended that you do a complete virus scan and removal before beginning this process. The virus may attempt to undo the changes you make if you have not removed it entirely. Be sure to check the task scheduler for unintended entries.

Step 1: Press the windows key and r, and type Regedit

Step 2: left click file, then export. Change “export range” to all. Save a backup as regbackup to your desktop. If you make a mistake, you can double click the backup to undo any changes.

Step 3: Go to HKEY_LOCAL_MACHINE/SOFTWARE/Policies. Delete all subfolders.

pathtotake

The correct path to take in registry

Step 4: Go HKEY_CURRENT_USER/Policies. Delete all subfolders

Step 5: Reboot your computer

Step 6: Verify that you can change the settings that were previously locked.

If the problem is fixed, you’re done and can delete the backup. Otherwise, continue on.

Step 7:  Open an elevated command prompt.

If on windows 8, 8.1, or 10, right click the start button, and select “Command Prompt(Admin)”.

If on Windows 7, do a search for CMD, then right click it, and select “Run as Administrator”

Step 8: Type the following commands in command prompt(including the quotes):

RD /Q /S “%WinDir%\System32\GroupPolicyUsers”

RD  /Q /S “%WinDir%\System32\GroupPolicy”

gpupdate /force

Step 9: Reboot your computer.

Step 10: Verify that you can change settings. Delete the backup you created in step 2.