Your browser is being managed by your organisation.

[Dragon12dk]

Hi there.

I got a new PC about a month ago and noticed after setting it up that it has "Your browser is being managed by your organisation." labeled on my browsers. it doesn't seem to call any malicious polic ys but I'd still like for it to go away. I hope you can help me confirm its not a virus, and hopefully help me get rid of the label.

 

[struppigel]

Hello Dragon12dk,

I am Karsten and will help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.

• Read my instructions thoroughly, carry out each step in the given order.
• Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
• If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
• Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
• Back up important files before we start.
• Note: On weekends I might be slow to reply

-------------------------------------------------------------------

1. Malwarebytes AdwCleaner

• Please download Malwarebytes AdwCleaner and save the file to your Desktop.
• Click Scan Now and wait for completion of the scan.
• Ensure anything you know to be legitimate does not have a check mark under the corresponding tab.
• Click Quarantine.
• Follow the prompts and allow your computer to reboot.
• After the reboot, a log will open. Copy the contents of the log and paste in your next reply.

-- File, folder and registry backups are made for items removed using this program. Should a legitimate file, folder or registry item be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of the log.

2. ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your Anti-Virus software. For instructions, please refer to the following link.
• Double-click esetonlinescanner.exe to run the programme.
• Click Get started
• Review and accept the Terms of use
• Click Get started
• Choose what information you would like to share or not
• Click Continue
• Click Full Scan
• Select Enable ESET to detect and quarantine potentially unwanted applications
• Click Start scan
• Once completed click Save scan log and save it to your Desktop as ESETScan.txt
• Click Continue then finally click Close
• Copy and paste the ESETScan.txt file contents in your reply

 

[Dragon12dk]

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-03-2021
# Duration: 00:00:15
# OS: Windows 10 Pro
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

Deleted kfgaibfbmkjgmimhbbaikfnpkkjkpoan

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Honey - jid1-93CWPmRbVPjRQA@jetpack

***** [ Firefox URLs ] *****

Deleted White dunes, blue lagoons 02:23:14&bName=
Deleted White dunes, blue lagoons 02:23:14&bName=

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2067 octets] - [03/04/2021 01:34:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########




_______________________________________________________________________________________________________________________________




03/04/2021 02.04.06
Files scanned: 306239
Detected files: 2
Cleaned files: 2
Total scan time 00:24:02
Scan status: Finished
C:\$Recycle.Bin\S-1-5-21-1193567576-3767886847-1314068752-1012\$RRGLL10.exe a variant of MSIL/h2oPartener.A potentially unwanted application cleaned by deleting

C:\$Recycle.Bin\S-1-5-21-1193567576-3767886847-1314068752-1012\$RVTRDJB.exe a variant of Generik.JIQKESS potentially unwanted application cleaned by deleting

 

[struppigel]

1. Browser Reset

Before proceeding, please refer to the following instructions on how you can backup your Favourites/Bookmarks.

• Firefox: Backup Firefox Bookmarks
• Chrome: Backup Chrome Bookmarks

Using the relevant instructions below, please reset your installed browsers.

• Firefox: Reset Firefox
• Chrome: 1. Turn off syncing 2. Chrome - Reset browser settings

2. Farbar Recovery Scan Tool (FRST) Scan

• Double-Click FRST64.exe to run the programme.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Attach the logs in your next reply.

Please restart your system and tell me if you still see the "Your browser is being managed by your organisation" message.

 

[Dragon12dk]

It seems to have disappeared. Appreciate the help man

 

[struppigel]

There are still leftovers.

Remove Chrome Extension

• Please open Chrome.
• Enter the following line into the address bar
  chrome://extensions/
• For the following extensions click the button Remove and follow the prompts
  • Adaware Web Protection

2. Farbar Recovery Scan Tool (FRST) Script

Copy the following text including "Start::" and "End::"

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1193567576-3767886847-1314068752-504\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1193567576-3767886847-1314068752-503\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1193567576-3767886847-1314068752-500\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1193567576-3767886847-1314068752-1012\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
FF NewTab: Mozilla\Firefox\Profiles\jyvqx1mh.default-release -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-04-02 02:23:14&bName=
FF NewTab: Mozilla\Firefox\Profiles\ksuv4ccd.default -> hxxps://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-04-02 02:23:14&bName=
CHR Extension: (Adaware Web Protection) - C:\Users\Samplle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnooggpliipegmffiolegeppbgkclbpi [2021-04-02]
C:\Users\Samplle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnooggpliipegmffiolegeppbgkclbpi
EmptyTemp:
End::

Run FRST64.exe and click on Fix.
A log (Fixlog.txt) will open on your desktop. Attach the log to your next reply.

 

[Dragon12dk]

Here you go

 

[struppigel]

Looks good to me. Are there any outstanding issues?

 

[Dragon12dk]

No Sir. thank you for the help!