Download Google Chrome

How to Remove Chrome Browser Hijacking and Malware

Experiencing a hijacked Chrome browser can be incredibly frustrating. If your Chrome homepage has unexpectedly changed, or if you’re bombarded with unwanted ads and pop-ups, you may be dealing with Chrome malware or browser hijacking. This guide will help you identify signs of a hijacked browser and provide comprehensive solutions for removing malware across different platforms.

Quick Fixes to Try First

  1. Check for unknown extensions immediately: chrome://extensions
  2. Reset Chrome settings: chrome://settings/reset
  3. Run Windows Defender or macOS XProtect scan
  4. Update Chrome to the latest version

Identifying Signs of Browser Hijacking

  • Homepage changed without permission
  • Default search engine modified to Yahoo, Bing, or an unknown search engine
  • New toolbars or extensions appeared
  • Unexpected pop-up ads or redirects
  • Browser running slowly
  • New tabs opening to ad sites automatically
  • Cannot change homepage or search back to normal
  • Unknown bookmarks or favorites added
  • Browser settings being reset repeatedly
  • Fake security warnings or tech support scams

Solutions for Windows

Remove Suspicious Extensions

  1. Visit chrome://extensions
  2. Review all extensions carefully
  3. Remove any you don’t recognize or didn’t install
  4. Look for extensions with generic names like “Search Helper” or “Browser Protector”
  5. Disable developer mode if enabled unexpectedly

Use Chrome Cleanup Tool

  1. Go to chrome://settings/cleanup
  2. Click “Find” under “Find and remove harmful software”
  3. Let the scan complete (may take several minutes)
  4. Remove anything found
  5. Restart Chrome

Reset Chrome Settings

  1. Go to chrome://settings/reset
  2. Click “Restore settings to their original defaults”
  3. Confirm reset
  4. This removes extensions, clears cookies, and resets homepage/search

Remove Suspicious Programs

  1. Open Control Panel > Programs > Uninstall a program
  2. Sort by “Installed On” date
  3. Remove recently installed unknown programs
  4. Look for malware names like Search Conduit, MyWebSearch, Babylon, Ask Toolbar, Delta Search, Sweet Page
  5. Also check Settings > Apps > Installed apps

Run Malwarebytes (Free)

  1. Download from malwarebytes.com
  2. Run a full system scan
  3. Quarantine and remove threats
  4. Restart computer

Run Windows Defender Full Scan

  1. Go to Windows Security > Virus & threat protection
  2. Choose Scan options > Full scan
  3. Run the scan (may take 1+ hour)

Check Windows Startup Programs

  1. Open Task Manager > Startup tab
  2. Disable suspicious entries
  3. Look for unknown publishers

Check Hosts File

  1. Navigate to C:\Windows\System32\drivers\etc
  2. Open “hosts” file with Notepad (as admin)
  3. Remove any suspicious redirects
  4. The file should only have localhost entries and comments

Check Browser Shortcuts

  1. Right-click Chrome shortcut > Properties
  2. Check “Target” field
  3. It should only be the path to chrome.exe
  4. Remove any URLs or extra parameters after .exe

Clear DNS Cache

  1. Open Command Prompt as admin
  2. Run: ipconfig /flushdns
  3. Restart browser

Solutions for macOS

Remove Suspicious Extensions

  1. Visit chrome://extensions
  2. Remove unknown extensions

Reset Chrome on Mac

  1. Visit chrome://settings/reset
  2. Restore defaults

Check Applications Folder

  1. Open Finder > Applications
  2. Look for unknown apps
  3. Drag suspicious apps to Trash
  4. Empty Trash

Remove Login Items

  1. Go to System Preferences > Users & Groups > Login Items
  2. Remove suspicious startup items

Check Launch Agents

  1. Open Finder, press Cmd+Shift+G
  2. Navigate to ~/Library/LaunchAgents
  3. Also check /Library/LaunchAgents and /Library/LaunchDaemons
  4. Remove files from unknown sources

Run Malwarebytes for Mac

  1. Free version available
  2. Scans for Mac-specific adware
  3. Removes browser hijackers

Use CleanMyMac or Similar

  1. Use malware removal feature
  2. Finds hidden malware components

Solutions for Linux

Remove Extensions

  1. Visit chrome://extensions same as other platforms

Reset Chrome

  1. Delete ~/.config/google-chrome folder
  2. Reinstall Chrome if needed

Check for Malware

  1. Install ClamAV: sudo apt install clamav
  2. Update database: sudo freshclam
  3. Run scan: clamscan -r /home

Manual Cleanup – All Platforms

Fix Homepage

  1. Visit chrome://settings
  2. Under “On startup”, select your preferred option
  3. Set a specific page if needed

Fix Search Engine

  1. Visit chrome://settings/searchEngines
  2. Remove unknown search engines
  3. Set Google (or preferred) as default
  4. Look for: search.yahoo.com, bing.com (if unwanted), or unknown search domains

Clear All Browsing Data

  1. Press Ctrl+Shift+Delete (Cmd+Shift+Delete on Mac)
  2. Select “All time”
  3. Check all boxes including cookies, cache, site data
  4. Clear data

Disable Notifications

  1. Visit chrome://settings/content/notifications
  2. Block all or remove suspicious sites
  3. Fake notification permission often used by hijackers

Checking for Chrome Policies (Enterprise Hijacking)

Check for Managed Settings

  1. Go to chrome://policy
  2. If policies are listed, the browser may be managed
  3. “Managed by your organization” should not appear on a personal computer

Remove Chrome Policies (Windows)

  1. Open Registry Editor (regedit)
  2. Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
  3. Also check: HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome
  4. Delete suspicious keys
  5. Also check: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update

Remove Policies (Mac)

  1. Open Terminal
  2. Run: defaults read com.google.Chrome
  3. Delete policy files in /Library/Managed Preferences

Solutions for Mobile Devices

Android

  1. Go to Settings > Apps > Chrome > Clear Data
  2. Check Settings > Apps for suspicious apps
  3. Remove unknown apps
  4. Factory reset if the infection is severe

iOS

  1. Delete Chrome and reinstall
  2. iOS sandbox prevents most malware
  3. Check for unknown device profiles: Settings > General > Profiles

Prevention Tips

  • Only install extensions from Chrome Web Store
  • Read extension reviews and permissions before installing
  • Don’t click “Allow” on random notification requests
  • Avoid downloading software from unknown sites
  • Keep Chrome and OS updated
  • Use reputable antivirus software
  • Don’t click suspicious email links
  • Be cautious of “free” software bundles
  • Read installation screens carefully (uncheck bundled software)
  • Enable Chrome Safe Browsing: Settings > Privacy > Security > Enhanced protection

When to Completely Reinstall Chrome

If malware persists after all steps:

  1. Export bookmarks and passwords to Google account (sync)
  2. Uninstall Chrome completely
  3. Delete all Chrome folders:
    • Windows: %LOCALAPPDATA%\Google\Chrome
    • Mac: ~/Library/Application Support/Google/Chrome
  4. Restart computer
  5. Download fresh Chrome from google.com/chrome only
  6. Reinstall
  7. Sign in to restore data
  8. Only install trusted extensions

By following these steps, you can effectively remove Chrome hijacking and malware, restoring your browser to its original, secure state. Stay cautious in the future to prevent similar issues.

Related Guides

Google Chrome Features Review: Speed, Security, Extensions, and PrivacyGoogle Chrome is designed to be fast, secure, and highly customizable. This…Chrome Security Best PracticesIntroduction Ensuring your browsing experience is secure is crucial, especially with the…How to Run Chrome in Safe ModeIntroduction Running Google Chrome in safe mode is an effective way to…Chrome Privacy Settings GuideIntroduction Protecting your privacy while browsing is essential in today's digital age….