How to Remove Skyjem.com Malware

Skyjem.com is disguised as a legitimate search engine, and in fact, it replaces the default settings of the search tool right after its installation. It is unfortunate for users that Skyjem.com becomes part of their browser program without their approval. Therefore, computer security analysts prefer to include it in the intrusive threat family of potentially unwanted program (PUP). Being on this class does not mean that Skyjem.com is only an unwanted type of software. On top of that, PUP is a threat that makes ones browsing habit too annoying. It can execute pop-ups and redirects that drive the browser pages to different kinds of unnecessary websites.

How does Skyjem.com infect the computer?

The methods that attackers are using to distribute Skyjem.com are varying. Hence, it was observed that they gain a higher infection rate via a technique called software bundling. This is a tactic where Skyjem.com is integrated to freeware or shareware and designed to simultaneously load both the main program and Skyjem.com in a single installation process. The installation of Skyjem.com is, however, concealed because it runs the setup in the background, behind the computer user’s sight.

Screenshot of Skyjem.com

One more thing that helps in the internet-wide propagation of Skyjem.com is a malicious advertising campaign. Web users may encounter this kind of misleading advertising when visiting websites, which entails the illegal publication of copyrighted media like software, videos, or audio files. The pop-up attempts to deceive the user with an outdated software context and advises them to download the update as soon as possible. However, the downloading only gives way for Skyjem.com to enter the computer and infiltrate the Google Chrome browser.

To give you a better picture of how the scheme works, here is our experience:

While obtaining a trial game from a freeware site, a file named setup.msi was downloaded instead of the legitimate installer. During the initial execution, Windows displays a file security warning, indicating that the publisher is Siam Computer (MD Kamrul Hassan). Hence, upon running the program, we discovered that it is Secure Downloader malware, originally published by Internet Guardian.

Screenshot of Setup.msi File

Update: July 15, 2024

Skyjem.com was able to penetrate our Google Chrome browser again after installing a supposed 7-Zip program. To be exact, the malicious file is 7z2201-x64.msi that was downloaded into our computer while we were trying to obtain an Apk file from a not-so-legitimate source. Upon the execution of the supposed 7-Zip program, we already noticed that it was developed by an Unknown Publisher and does not have a valid digital signature.

Getting rid of Skyjem.com

Obviously, Skyjem.com is an illicit type of Google Chrome browser extension that masquerades as a search tool as part of its tricky behavior. The fact is, this unwanted program can cause not just annoyances, but also identity theft because it was designed to collect browsing details from internet software. Thus, removal of Skyjem.com is highly suggested. Please execute the procedures below in exact order to properly get rid of the threat.

Skyjem.com Removal Procedure

In this section, we will provide effective guidelines to get rid of the threat from an infected computer. To automatically remove Skyjem.com, you may download the recommended scanner. For comprehensive instructions, please execute the manual step-by-step procedures.

 

Instant Removal : Scan the computer with antivirus program

Combo Cleaner is a trusted computer security and optimization tool equipped with a powerful virus and malware detection engine. This program can get rid of Skyjem.com browser hijacker and similar threats, whether it has infected PC, Mac, Android, or iOS.

1. Download the application from the following page:

2. Save the file to your preferred location.

3. Double-click the downloaded file and install with the default settings.

4. At the end of the setup process, click Finish to run Combo Cleaner.

5. To begin checking for threats like Skyjem.com, click on the Start Scan button. Wait for this scan to finish.

Screenshot of Combo Cleaner PC

6. At the end of the scan process, click on Remove all threats to delete Skyjem.com, including all harmful objects from the computer.

To fully optimize the features of antivirus and privacy scanners, users may have to upgrade to the premium version.

Please continue with the succeeding removal procedures if you are comfortable manually getting rid of the browser hijacker and malicious items linked to it.

Manual Removal : Steps to get rid of Skyjem.com

The steps below will guide you to manually remove Skyjem.com without having to purchase a recommended virus scanner. We have tested the procedures; hence, the attackers may make modifications overtime. As a result, terms, names, and images in the guide may differ from what users are seeing recently.

The procedure may require you to close the browser or restart the computer; therefore, we are suggesting to Bookmark or Print this page.

For Windows PC Users

Below is a systematic instruction that is very useful in getting rid of the browser hijacker from a compromised PC. In order to totally eliminate the threat, it is vital to follow the process in an exact manner.

You must be logged in to Windows with an Administrator account to be able to execute some of the tasks. Check here to know if you are currently using an account with Admin rights. 

Step 1 : Scan with AdwCleaner and Reset Chrome Policies

In addition to the procedure, we suggest scanning the computer with AdwCleaner tool. Possibly, there are some traces of Skyjem.com on the browser that were not deleted during the preceding steps. This tool will scan the computer and check for presence of malicious applications.

1. Follow the link below to download the tool called AdwCleaner.

2. When the download has completed, please close all running programs on the computer, especially browsers affected by Skyjem.com.

3. Browse the location of the downloaded file and double-click on adwcleaner.exe to start running the tool.

4. If Windows displays a prompt saying, "Do you want to allow this app to make changes to your device?" click Yes to proceed.

5. On the AdwCleaner dashboard, click on Settings.

Screenshot of AdwCleaner Policies

6. While in the Settings window, please turn On the Reset Chrome Policies and Reset IE Policies.

Screenshot of AdwCleaner Scanner

7. Go back to the Dashboard and click the Scan Now button.

8. AdwCleaner searches the computer for malicious programs, extensions, plug-ins, adware, and any items that may be associated with Skyjem.com.

9. Clean or Remove all suspicious and harmful items identified after the thorough scan.

10. AdwCleaner will then prompt an option to run another repair, which will reset Winsock and other settings. Please click the Run Basic Repair button.

Screenshot of Basic Repair

11. A message will appear stating that "All processes will be closed..." Please click Continue.

Image of Basic Repair Message

12. After the cleanup procedure, rebooting the computer is required to finalize the removal of Skyjem.com as well as other detected threats.

Step 2 : Uninstall an Unwanted Program from Windows

1. On your keyboard, press Windows Key + R. Type the appwiz.cpl command and click OK.

Screenshot of Run Command

2. The Program and Features window will open. Arrange the list in a chronological manner, with recently installed applications on top. To do this, click on the 'Installed On' column.

Screenshot of Program and Featires

3. Select Skyjem.com or a recently installed suspicious entry from the list.

You must also remove the Internet Guardian, IGuardian, or Secure Downloader program.

4. Click on Uninstall to remove it from the Windows system.

Step 3 : Check for Malicious Shortcut Link

The following procedure is essential to see if the Google Chrome shortcut link is being used by Skyjem.com to launch the malicious extension each time that you run the Google Chrome browser.

1. Right-click on the icon you always click to open Google Chrome.

2. Select Properties from the drop-down list.

Screenshot of Chrome Shortcut Link

3. The Google Chrome Properties window will open. Go to the Target section and check if there are any added strings (in red letters). As shown in the image below, the full target string to open Google Chrome is:

"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\ProgramData\Google\Chrome\Extension\script-folder\"

  • Please take note of the location where the malicious script is located. Deleting the said script is necessary to stop Skyjem.com from loading.
  • The "script-folder" in this procedure is just a representation; it could possess any name or random characters.

Screenshot of Google Chrome Target

4. In our case, the modified shortcut link is running the manifest.json script file each time that the icon is clicked to launch Google Chrome. Therefore, we will need to delete the added strings and retain only the default Google Chrome shortcut link as follows:

"C:\Program Files\Google\Chrome\Application\chrome.exe"

  • The installation folder may vary depending on the Windows version or installation setup.

5. Click Apply, and then click OK to close the window.

The next procedure is applicable only if there is an added string in the Google Chrome shortcut link. Disregard the next step if it is clean.

Delete the malicious script file

1. Open Windows File Explorer. You can use the keyboard shortcut Windows Key + E.

2. On the top menu, click on View > Show > Hidden Items. This will expose all hidden files associated with Skyjem.com.

Screenshot of Hidden Items

3. Now, go to the directory or file location of the malicious script that you have observed earlier.

4. Select all the files in this directory or simply choose the folder itself.

Screenshot of Deleting Malicious File

5. Click the Delete icon to get rid of the files or folder. Please close the File Explorer window.

6. Next, on your desktop, right-click on Recycle Bin and click on Empty Recycle Bin to completely delete the files.

Step 4 : Get Rid of Skyjem.com Extension from Google Chrome

It is vital to remove any malicious extensions from Google Chrome to stop browser disturbances such as search hijacking, page redirects, and unwanted pop-ups. Below is a simple instruction to get rid of malicious extensions.

1. Open Google Chrome browser.

2. Type or copy and paste the following in the address bar and press Enter on the keyboard.

chrome://extensions/

Screenshot of Chrome Extensions in PC

3. Find Skyjem.com or relevant entry and remove it from Google Chrome.

- Other names to look for: Internet Guardian, IGuardian, or Secure Downloader

Cannot Remove Skyjem.com Because "Your Browser is Managed by your Organization", Do the following:

Delete Chrome Policy from the Windows Registry

1. On your keyboard, press Windows Key + R. Type regedit in the field and click OK to open the Registry Editor.

Screenshot of Running Regedit

2. The first thing you should do is make a backup copy of the Windows Registry. Go to File > Export. Save the Registry file (.reg) to your preferred location. You may import this file to restore the registry in the event that an error occurs after making changes.

Saving Windows Registry

3. One at a time, go to the following registry and delete the Keys (in bold letters).

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome HKEY_LOCAL_MACHINE\Software\Policies\Google\Update HKEY_CURRENT_USER\Software\Policies\Google\Chrome HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment

4 . Right-click on the Key, and then select Delete from the choices.

Screenshot of Chrome Registry

5. Please close the Windows Registry Editor. You may now delete the Skyjem.com extension.

Deleting a Locked Chrome Extension

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, copy or take note of the malicious extension's ID code.

Screenshot of Chrome Developer Mode in PC

3. Open Windows or File Explorer.

4. Unhide files by going to top menu, View > Show > and select Hidden Items.

5. Locate the following folder:

C:\Users\(Your Username)\AppData\Local\Google\Chrome\User Data\Default\Extensions

6. After opening the Folder, find the item that matches the Extension ID and delete it.

7. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete Skyjem.com.

Step 5 : Re-check with Sophos Home Antivirus

To remove Skyjem.com automatically, scanning the computer with this powerful antivirus tool is recommended. This scanner does not just uncover known threats like viruses or malware, it is also effective in discovering browser hijacker like Skyjem.com that slows down online browsing activities.

1. Please click on the link below to download the program.

2. After downloading, locate the file SophosInstall.exe in the Downloads folder.

3. Install by double-clicking on the file.

4. If it prompts "Do you want to allow this app to make changes on your device?" please click Yes.

5. Next, it will display the Terms and Conditions page. Click the Install button to begin.

Screenshot of Terms by Sophos Home

6. Run the installation with the default settings. Please note that an internet connection is required in order to download important updates.

7. After finishing the installation, you must login to the dashboard. If you already have a Sophos account, please login. Otherwise, please enter your details and click on the Create Account button.

8. Once you are in the Sophos Home console, click the Scan button to start checking the computer for Skyjem.com components.

Screenshot of Sophos Home

9. Scanning may take a while; please wait for this process to finish.

10. After scanning the computer, Sophos Home will start cleaning or deleting files infected with Skyjem.com.

11. You may now close Sophos Home. The computer is now free from Skyjem.com, as well as associated malware and viruses.

For Mac OS Users

This section contains a comprehensive guide for Mac users. It will help you remove malicious Skyjem.com browser hijacker along with harmful files that come with it. Procedures on this page are written in a manner that can be easily understood and executed by Mac users.

Step 1 : Delete Suspicious Google Chrome Extension on Mac

Most adware and unwanted programs use a program called a browser extension to take over the settings of internet applications on Mac. Therefore, we highly recommend checking and removing the extension that is closely related to Skyjem.com.

1. Open the Google Chrome browser on your Mac.

2. Then, copy and paste the following in the address bar. Next, press Enter on the keyboard:

chrome://extensions

Screenshot of Chrome Address Bar

3. Find Skyjem.com or a relevant entry and remove it from Google Chrome.

If unable to remove Skyjem.com because browser is "Managed by your Organization", follow these steps:

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, take note of the browser Extension ID.

Screenshot of Malware Extension

3. Open Finder on your Mac and on top menu, click Go > Go to Folder and go the following directory:

~/Library/Application Support/Google/Chrome/Default/Extensions

Screenshot of Finder

4. Once you opened the directory, find the folder that matches the Extension ID and delete it.

5. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete Skyjem.com.

Step 2 : Delete Skyjem.com from Mac Applications

1. Go to Finder.

2. On the menu, click Go and then, select Applications from the list to open Applications Folder.

3. Find Skyjem.com or any unwanted program.

Screenshot of Deleting App

4. Drag Skyjem.com to Trash Bin to delete the application from Mac.

5. Next, go to the Dock, right-click on the Trash icon, and click on Empty Trash.

Step 3 : Delete Malicious Files that have installed Skyjem.com

1. Go to your Finder. From the menu bar, please select Go > Go to Folder.

2. Input the following string and press Enter on the keyboard.

~/Library/LaunchAgents

Screenshot of Go To Folder

3. You will now see a hidden folder named LaunchAgents. Take note of the following files inside the folder:

  • com.Skyjem.com.plist
  • unknown.service.plist
  • unknown.system.plist
  • unknown.download.plist
  • unknown.update.plist

4. The term unknown is just a representation of the actual malware name. Attackers may use the following file names:

- Skyjem.com, (random characters).plist

If you cannot find the specified file, please look for any unfamiliar or suspicious entries. It may be the one causing Skyjem.com to be present on your Mac. Arranging all items to see the latest ones may also help you identify recently installed unfamiliar files.

5. Please click on "Show items as..."

Screenshot of LaunhAgents Folder

6. To arrange the items in chronological order, click Date Modified.

7. Drag all suspicious files that you may find to Trash.

Take note of all the suspicious files, as you may also delete the same item in another folder as we go on.

8. Please restart the Mac computer.

9. Open another folder using the same method as above. Copy and paste the following string to easily locate the folder:

~/Library/Application Support

Screenshot of Go to Folder

10. Select any suspicious items that you have noted previously. Drag them to the Trash.

11. Repeat the process in the following non-hidden folders (without ~):

/Library/LaunchAgents
/Library/LaunchDaemons
/Library/Application Support

12. Lastly, go to your Finder > Go and open the Applications folder. Look for subfolders with the following names and drag them to Trash.

- Skyjem.com, (random characters)

Optional : For locked files that cannot be removed, do the following:

1. Go to Launchpad > Other folder, open the Activity Monitor.

2. Select the process you want to quit.

3. In the upper part of the window, click the Stop button.

Screenshot of Force Quit

4. Click on Force Quit button.

5. You may now delete or remove the locked file that belongs to Skyjem.com homepage hijacker.

Step 4 : Double-check with Malwarebytes for Mac

Use Malwarebytes for Mac to do another scan to make sure the machine is already clear of viruses, malware, and adware. This efficient anti-malware application allows you to detect things that other security software was unable to recognize.

1. Download Malwarebytes for Mac from the link below.

2. Locate the downloaded Malwarebytes-Mac.pkg and install it with the default settings.

3. Run Malwarebytes for Mac. It will check for updates and download the most recent version if one is available. This is necessary for finding recent malware threats, including Skyjem.com.

4. Once you are on the Malwarebytes dashboard, please click on the Scan button to start scanning your Mac computer.

Screenshot of Malwarebytes Dashboard

5. After the scan, Malwarebytes for Mac will display a list of identified threats, and Skyjem.com is surely part of it. Be sure to select all items in the list. Then, click the Remove button to clean the computer.

If Needed: Fix the Homepage and Search of Google Chrome

1. Open the Google Chrome browser. Type or copy and paste the following on the address bar. Then, press Enter on the keyboard:

chrome://settings

Screenshot of Chrome Settings Page

2. Go to the left sidebar and click On Startup.

3. Select "Open a specific page or set of pages" in the right panel.

Chrome On Startup Screenshot

4. Locate the unwanted Homepage URL, click on More Actions icon (3-dot), and select Remove or Edit.

5. If you choose Edit, enter the desired web address as your home page, replacing Skyjem.com. Click Save.

6. To set the default search engine, go to the left sidebar, and this time, select Search Engine.

Screenshot of Search Settings

7. Click on the Manage search engines and site search button in the right panel.

8. Find the unwanted Search Engine in the list. Click on More Actions icon, and then click Delete.

9. Go back to the left side bar and click Search Engine.

Default Search Engine Screenshot

10. In the right panel, choose a valid entry from the "Search engine used in the address bar."

You can now restart the Google Chrome browser to see if the unwanted homepage and search engine related to Skyjem.com are gone.

System Compatibility Notice

Logo of Windows and Mac

We made sure that our guide to remove Skyjem.com is compatible with most Microsoft operating systems (Windows 7, Windows Vista, Windows 8, Windows 10, and Windows 11), as well as Mac OS. To avoid complexities, the commands used in the procedures are common, usable, and tested. If you found compatibility issues while using this guide, kindly approach us via message form or the comment section below, and we will make sure to respond and make necessary adjustments.

Watch the Tutorial Video

Skyjem.com Search Hijacker Removal Guide

About the author

Discussion

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Scroll to Top