Chrome Keeps Redirecting to Weird Sites: A Penicuik Fix Guide

Chrome or Edge in Penicuik keeps redirecting to weird sites and pop-up ads? How to find the browser hijacker, clean it out, and keep it gone for good.

13 July 2026 7 min read Cybersecurity Alex M.
Chrome Keeps Redirecting to Weird Sites: A Penicuik Fix Guide

A very familiar Penicuik virus removal job walks through the workshop door most weeks: an otherwise healthy laptop where Chrome or Edge has started redirecting every other search to a "shopping deals" page, a fake news site, or a pop-up demanding attention. The homepage keeps changing on its own. The default search engine isn't Google anymore. Extensions the owner never installed have appeared in the toolbar. This isn't quite a virus in the traditional sense — it's a browser hijacker, and it's one of the most common infections we see on Penicuik and Loanhead machines.

The good news is that browser hijackers are a lot less scary than ransomware and, done properly, can usually be cleared without wiping the PC. The bad news is that the "obvious" fix — uninstalling the browser and reinstalling it — very rarely works, because the hijacker doesn't actually live in the browser. This guide walks through what actually needs to happen.

What a Browser Hijacker Actually Is

A browser hijacker is a piece of software (often installed as a browser extension, sometimes as a small Windows app) whose job is to redirect your web traffic through pages that pay whoever wrote it. Most are commercial adware rather than criminal malware — the payload is unwanted ads, sponsored search results, and pop-ups rather than stolen bank details. Some of the nastier ones will also change your default search engine, force-install extra extensions after every browser restart, or track what you type into forms. Either way, they're worth removing.

They almost never get in through a "hack". The usual route is a bundled installer: someone downloads an unofficial PDF converter, a driver updater, or a codec pack from the top Google result, clicks Next through the installer without reading, and quietly agrees to install a "search assistant" and a browser extension at the same time. Our post on signs your PC has a virus covers the wider symptom picture; browser hijacking is the specific version where everything except the browser feels fine.

1. Check Your Browser Extensions First

Open Chrome, click the three-dot menu, then Extensions → Manage Extensions. Look at everything installed. Anything you didn't add yourself and don't recognise — turn off first, then remove. Common offender names we see on Penicuik bench jobs include "PDF Toolbox", "Search Manager", "Deals Finder", "Video Downloader Plus", "Quick Search Bar", and anything with the word "coupon" in it. Do the same for Edge (three-dot menu → Extensions) and Firefox (menu → Add-ons and themes).

Chrome will sometimes grey out the Remove button on a hijacker extension and show a message that it's "installed by your administrator" or "managed by your organisation" — on a home PC that's almost always a hijacker abusing a Windows policy setting rather than a real administrator. Don't panic, but don't try to force it here — that setting needs sorting at Windows level (Step 4).

2. Reset the Browser Properly

Once the visible extensions are gone, do a proper reset rather than trusting the browser is now clean. In Chrome: Settings → Reset settings → Restore settings to their original defaults. This puts the homepage, default search engine and startup pages back, disables anything left in extensions, and clears cookies used for tracking. Edge has the same option under Settings → Reset settings. Firefox has a Refresh Firefox button on its troubleshooting page.

Resetting keeps your bookmarks and saved passwords but wipes the settings the hijacker was using to steer you. If a reset button is greyed out or the reset "completes" but nothing changes, that's another sign the hijacker has planted itself outside the browser — again, Step 4 territory.

3. Scan for the Windows-Side Installer

Because most hijackers arrive with a small helper program on Windows itself, a browser-only clean-up leaves the installer sitting on the machine, quietly re-adding the extension every time it launches. Open Settings → Apps → Installed apps and sort by install date. Look for anything installed near the day the redirects started, anything you don't remember installing, and anything with a generic name like "PDF Helper", "Driver Support", "PC Cleaner" or "Search Protect". Uninstall them.

Then run two on-demand scans, in this order: Malwarebytes (as a second opinion) and Microsoft Defender's Offline scan (Settings → Privacy & security → Windows Security → Virus & threat protection → Scan options). Malwarebytes catches adware and PUPs that Defender ignores; the Defender Offline scan runs from outside Windows and catches things that hide from a running scan. Between the two, we clear the majority of Penicuik hijacker jobs.

4. Deal With the Sneaky Bits: Policies and Scheduled Tasks

This is the part that catches people out. Modern hijackers know that most users will reset the browser or reinstall Chrome, so they plant themselves in two Windows features designed for corporate admins:

  • Chrome/Edge policies — registry keys under HKLM\SOFTWARE\Policies\Google\Chrome or the Edge equivalent that force-install extensions, lock the homepage, or block the user from removing them. On a home PC these should be empty; anything sitting there is almost always the hijacker.
  • Scheduled tasks — a small task that runs every hour or at every logon and simply re-runs the installer if it's been removed. They usually have vague, official-looking names like "System Update Helper" or "Chrome Optimisation Service".

Clearing these safely takes a bit of care — deleting the wrong registry key or scheduled task can cause other problems — and it's the point at which most customers stop and bring the machine in. If you're comfortable with regedit and Task Scheduler you can inspect them yourself; if not, our virus and malware removal or software troubleshooting team handles this on the bench in about an hour, and we can also do it over remote support if the machine is otherwise usable.

5. A Bench Example From Penicuik

A recent EH26 job: a laptop where Chrome kept opening a fake "Amazon deals" tab every twenty minutes or so, and the default search had switched from Google to something called "SafeFinder". The owner had already reinstalled Chrome twice and run a Norton scan that came back clean. The extension list looked innocent. The hidden cause was two-fold: a "PDF Toolbox" extension that Chrome was flagging as installed by an administrator, and a scheduled task called "Update Assistant" that ran every logon and re-injected it. Once the registry policy was cleared, the scheduled task removed, and Malwarebytes finished a scan, the laptop was clean and stayed clean.

What stood out on that job — and it's the pattern on most of these — is that the underlying laptop was fine. Nothing was slow, nothing had been encrypted, no data was at risk. Compare that with our ransomware protection guide, where the whole point is preventing catastrophic file damage. Browser hijackers are annoying rather than dangerous, but they're a strong indicator that the machine's software habits (downloads from ad-heavy sites, ignored consent boxes) need a small course correction.

Keeping It Gone

Once the machine is clean, a few small habits keep it that way. Download software from the vendor's own site rather than the first Google result — a lot of top ad slots for names like "VLC" or "7-Zip" are impersonators bundling adware. During any installer, read the small print and untick anything about "recommended offers", "search assistants" or "start pages". Keep browser extensions minimal — every one you add is a permission to read every page you visit. And when a pop-up on a website tells you your Chrome is out of date and offers to update it, close the tab; real browser updates never come from a website. Our related pieces on spotting tech support scams and phishing scams cover the wider social-engineering side of this in more depth.

Neighbourhood Notes

Browser hijackers turn up on Penicuik, Loanhead, Roslin and Bonnyrigg laptops in about the same proportion as anywhere else in Midlothian — this isn't a local problem, it's a category of infection that follows anyone who downloads a lot of add-on tools from ad-heavy sites. That said, we do notice it more on machines used by more than one person: family PCs where one member installs a "helper" program and everyone else inherits the redirects. If the same laptop is shared in your household, splitting into separate Windows user accounts is often the single most effective preventative fix, and it takes about ten minutes to set up.

The Short Version

If Chrome or Edge in Penicuik keeps redirecting to strange sites or dumping pop-up ads, don't reinstall the browser and don't factory-reset the PC. Remove any extensions you don't recognise, reset the browser to defaults, uninstall recently-added Windows programs you don't remember installing, and run Malwarebytes plus a Defender Offline scan. If the redirects come back, the hijacker has planted itself in Chrome policies or a scheduled task — that's the point to bring it in, and it's a straightforward bench job from there.

Last updated: 13 July 2026

Frequently Asked Questions

Common browser-hijacker questions we get on Penicuik virus removal jobs.

Yes — Penicuik, Loanhead, Roslin, Bilston and the wider EH26 area are all inside our regular catchment from the workshop off Parkhead Drive. Most browser-hijacker jobs are a single bench session that covers the extensions, the browser reset, the Windows-side installer, and the sneaky policy and scheduled-task bits. If the laptop is otherwise usable, we can often do it over remote support without needing you to drop it off.

Not quite. Most hijackers are classed as adware or PUPs (Potentially Unwanted Programs) rather than viruses — they don't damage files, encrypt data or steal passwords in the way ransomware or a banking trojan does. They're still worth removing because they clutter the browser, slow it down, and can quietly track what you type into forms. Traditional antivirus tools often ignore them, which is why a proper clean-up needs both Malwarebytes and Defender.

Usually not. Reinstalling Chrome keeps your profile and settings by design, so a hijacker that lives in the profile or in Windows policy settings survives the reinstall and comes straight back. The proper fix is to reset the browser to defaults, remove the Windows-side installer that keeps re-adding the extension, and clear any policies or scheduled tasks the hijacker planted.

In most cases yes — as long as the machine can still browse the web (even if it's redirecting), we can connect over remote support, clear the extensions and policies, run the scans, and confirm it's staying clean. Some deeper infections need a Defender Offline scan that reboots the PC, in which case a workshop visit is faster overall. We'll tell you which category yours falls into before starting.

Chrome or Edge Redirecting on Your Penicuik PC?

Browser hijackers, adware and PUPs cleared properly — extensions, policies, scheduled tasks and the lot. Bench or remote, one session, done.