User profile for user: caldsamu
caldsamu Author
User level: Level 1
4 points

Cannot delete malicious browser extension, shows being managed by organization

Hello,


I am currently trying to help a friend with a browser extension issue she is having with Chrome on her Macbook. Chrome is showing an extension called "StandartHelper", this extension does not have any option for it to be removed.

When searching in the browser it will first search chrome then about three seconds later after displaying results, it is rerouted to a yahoo result page.


When searching in the bar it does not show "Google Search" but instead "Provider Search"


The profile settings do say that "This extension and profile are being managed by your organization". It is a university email address that she is using with her account (and it does say that the extension was installed by said university managing the profile and device), but it is signed in on a personal computer.


Things we have tried:


  1. There are no profiles installed on the computer
  2. Ran multiple scans of MalwareBytes, CleanMyMacX and Guard.io, all have shown no results from scan
  3. Have reset all settings in Chrome and used the Chrome policy reset application as well as deleting and reinstalling Chrome
  4. Checked for any suspicious applications and Activity Monitor, none were there except for some Oracle Java files in the library which we did delete
  5. The StandartHelper file was also showing within "Full Disk Access" in Security preferences, but was not ticked, and we have minused it off of the list


She was having issues with the same redirect in Safari but MalwareBytes was able to remove that issue.


We did check to see if the issue is happening with a different Gmail account, these still show that the device is managed by organization, but no extensions were shown on the other profile.


I should also mention that her firewall has been off for probably two years and she is not very savvy, so it is probably some sort of malware, but we have no idea what else to try to fix it.


I know this is more of a Chrome issue rather than Mac but I'm just looking for any other options. We are willing to factory wipe and reinstall OS if someone thinks that will resolve the issue.


Any support for this issue would be greatly appreciated,



Thanks

MacBook Pro (2021)

Posted on Sep 13, 2023 12:26 AM

Reply
Question marked as Top-ranking reply
User profile for user: HWTech
HWTech
User level: Level 9
67,928 points

Posted on Sep 13, 2023 7:25 PM

First, avoid using any anti-virus app other than MalwareBytes. Definitely avoid using CleanMyMac which has a notorious reputation to the regular forum contributors since it causes so many problems with macOS.


Second, you should confirm with the university whether this is their profile. Maybe they have some required rules/procedures and this is a necessary component to utilize the university's service. Did they perhaps provide an app for the user to automatically setup up the Mac to access those services (and email)? Or did the university IT staff configure this Mac to access university resources? If so, they may have installed a management profile.


If it is not from the university, then try booting into Safe Mode to see if you can remove the extension.


Check the "Profiles" section of the System Preferences/Settings. Is the profile listed there and can you remove the profile here?


Have you tried installing another browser to see if the same thing occurs? Another test would be to create another macOS user account and see if you have the same issue with the new macOS user account.


View in context

Similar questions

3 replies
Question marked as Top-ranking reply
User profile for user: HWTech
HWTech
User level: Level 9
67,928 points

Sep 13, 2023 7:25 PM in response to caldsamu

First, avoid using any anti-virus app other than MalwareBytes. Definitely avoid using CleanMyMac which has a notorious reputation to the regular forum contributors since it causes so many problems with macOS.


Second, you should confirm with the university whether this is their profile. Maybe they have some required rules/procedures and this is a necessary component to utilize the university's service. Did they perhaps provide an app for the user to automatically setup up the Mac to access those services (and email)? Or did the university IT staff configure this Mac to access university resources? If so, they may have installed a management profile.


If it is not from the university, then try booting into Safe Mode to see if you can remove the extension.


Check the "Profiles" section of the System Preferences/Settings. Is the profile listed there and can you remove the profile here?


Have you tried installing another browser to see if the same thing occurs? Another test would be to create another macOS user account and see if you have the same issue with the new macOS user account.


Reply
User profile for user: ku4hx
ku4hx
User level: Level 7
23,682 points

Sep 13, 2023 4:13 AM in response to caldsamu

If her device is "managed by an organization", she'll need to get that organization to make the requested changes/fixes.


You can do this maybe: Create a bootable installer for macOS - Apple Support

Since you said wiping the drive is acceptable.


But, your friends need to be wary of "tampering" with equipment she doesn't own. In my company, that was a firing offense. If she does own the equipment, you can do anything you want with her property.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Cannot delete malicious browser extension, shows being managed by organization

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up