How to remove Chrome extension Installed by enterprise policy GPO

Many adware or potentially unwanted programs (PUP) install extensions inside your Chrome browser using enterprise policy so you cannot remove them through Chrome extensions settings (chrome://extensions/.). More specifically, these extensions are managed and installed by enterprise policy GPO so they cannot be uninstalled easily using Chrome settings.

Probably these extensions are installed on your computer after you download and install other free software from the Internet.

Note: You must always pay attention when you install software on your computer.

chrome-enterprise-policy

If you want to remove any extension installed by Enterprise policy follow the step below:

 

How to remove Chrome extensions installed by enterprise policy GPO

Step 1. Uninstall the unwanted extension from your Control panel.

1. To do this, go to:

  • Windows 8/7/Vista: Start > Control Panel.
  • Windows XP: Start > Settings > Control Panel

start-control-panel

2. Double click to open

  •  Add or Remove Programs if you have Windows XP
  • Programs and Features if you have Windows 8, 7 or Vista.

add-remove-programs_thumb1_thumb1

3. In the program list, find and remove/Uninstall any unknown or unwanted application. e.g. (Media Player, Media Server 1.1, Video Player, BlOuckTheAdAppp, etc.)

uninstall-media-player-1.1_thumb1

 

Step 2: Find from Chrome the ID of the unwanted extension & then Delete the Malicious Registry Key.

1. Open Google Chrome and go to chrome menu image and choose "Settings".

wzc01nom_thumb4_thumb_thumb

2. Choose “Extensions” from the left pane.

yugakqk5_thumb1

3.  At “Extensions” window enable (check) the “Developer Mode” option.

chrome-developer-mode

4. Note the ID displayed under the extension that you want to remove and leave the chrome extensions window open.

td25z4iz

 

Prevent the unwanted extension to be installed (loaded) automatically from Windows registry.

*Notice: Some extensions that have been installed by Enterprise policy don’t put additional entries in Windows registry. So, follow this step only as a precaution.

5. Open Registry Editor.

To do that open the “Run” command* and in the search (run) box, type “regedit” and press “Enter”.

* How to open the “Run” command:

Windows XP:

Click on the “Start” button and choose “Run”.

windows-xp-run

Windows 7, Vista

Click on the “Start” button and click on the “search”box.

windows-7-vista-run

Windows 8:

Right-click on the bottom left corner and select “Run”.

windows-8-run

 

6. Inside Registry Editor, click on “Edit” menu and choose “Find”.

registry-edit-find_thumb

 

7. In the “Find What” box, type: ExtensionInstallForcelist

3w1nlmqj_thumb

8. Now look at the right pane on “ExtensionInstallForcelist” key found and delete any value that its Data value matches the Extension ID found from Chrome Extensions window.

image_thumb4

9. Press the “F3” button on your keyboard to find the next “ExtensionInstallForcelist key on your registry and repeat the same procedure (delete the extra values on the right pane). *

* Note: In a Windows XP based computer the “ExtensionInstallForcelist” key is found 3 (three) times in these locations in the registry:

  1. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{9A8EC6CB-DD83-4E3E-9829-71ED9CEAC021}Machine\Software\Policies\Google\Chrome\ExtensionInstallForcelist
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist
  3. HKEY_USERS\S-1-5-21-606747145-746137067-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{9A8EC6CB-DD83-4E3E-9829-71ED9CEAC021}Machine\Software\Policies\Google\Chrome\ExtensionInstallForcelist

10. Repeat this step to find and delete all registry keys for any other extension that is has installed by enterprise policy in Chrome. (e.g. YouTubeAdBlocker, MediaPlayer, etc.)

11. Close “Registry Editor”.

 

Step 3. Locate & Delete Malicious Folder(s) used in Chrome Policies.

1. Open Google Chrome and at the “URL Address Bar” type: chrome://policy  & press “Enter”.

chrome-policy_thumb3

2. At “Policies” window press the “Show Value” button.*

*Note: If you cannot find any policies here continue to the next step.

gctlftzm_thumb1

3. Now “Copy” the path of the malicious folder extension.

e.g. “C:/ProgramData/dgoiddfiaigjfjblblmidmpgokkegkld

gybhmzrk_thumb2

4. Open Windows Explorer and  “Paste” the copied path in the address bar.

qi4zxvue_thumb2

5. Press “Enter” to navigate to that path:

uddggnac_thumb1

6. Click with your mouse at the parent folder: e.g. “C:\ProgramData

ydou3mlp_thumb1

7. Finally delete the malicious folder (e.g. “dgoiddfiaigjfjblblmidmpgokkegkld”) from there.

25voovhy_thumb1

8. Repeat this step for any other policy value found in Chrome Policies and then continue to the next step.

 

Step 4: Delete “Registry.Pol” file.

Notice: You must enable the hidden files view to perform this  task. To do that, go to:

    1. Start > Control Panel > Folder Options. Click the "View" tab.
    2. Click "Show hidden files, folders, and drives" &
    3. Uncheck the "Hide protected operating system files"
    4. Press  "OK"

 

1. Open Windows Explorer & navigate to the following path: C:\Windows\System32\GroupPolicy

system32-grouppolicy_thumb1

2. In “C:\Windows\System32\GroupPolicy” folder you will find the two (2) following folders:

  1. Machine
  2. User

Registry.pol3_thumb1

3.  Open both folders (Machine & User) and delete any file named “Registry.pol” in them.

e1fkmvyl_thumb1

 

Step 5. Delete Chrome Extensions Installed by Enterprise Policy with CCleaner.

1. Download and run CCleaner.

2. At “CCleaner” main window, choose "Tools" on the left pane.

ccleaner-tools

3. In "Tools" section, choose "Startup".

ccleaner-startup

4. Choose the "Chrome” tab.

s11s5pm3

5. Right-click at the unwanted extension in the list and choose “Open Containing Folder

5vfpnkbn

6. Note the folder name where the unwanted extension is running from:

wkjtpkhg

7. Press the “Up” button to navigate to the parent folder.

C:\Documents and Settings\<USERNAME>\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions

zdbvmibo

Windows 8,7 & Vista Users: Click at the parent folder:

C:\Users\\<USERNAME>\AppData\Local\Google\Chrome\User Data\Default\Extensions\

hpai4kgj

8. Delete the unwanted folder.

mvyf4n0t

9. Then at “CCleaner”  select and delete the unwanted extension from the list.

remove-chrome-extension-ccleaner_thu

10. Finally look at “Scheduled Tasks” tab and delete from there any unwanted or suspicious entry found.*

* Personally, I prefer to delete from “Scheduled Tasks” any task (entry) that executes any application from the user’s “Downloads” folder or from the “C:\Users\<USERNAME>\AppData\” folder.

e.g.

    • Yes    Task    AmiUpdXp    Amonetizé Ltd    C:\Users\Admin\AppData\Local\SwvUpdater\Updater.exe
    • Yes    Task    FacebookUpdateTaskUserS-1-5-21-2273408809-1896761900-1418304126-1000Core    Facebook Inc.    C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
    • Yes    Task    FacebookUpdateTaskUserS-1-5-21-2273408809-1896761900-1418304126-1000UA    Facebook Inc.    C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
    • Yes    Task    {338F2208-C868-43CC-9A39-79727B6B23E2}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Downloads\psetup (1).exe" -d C:\Users\Admin\Downloads
    • Yes    Task    {474AEF97-0C09-4D25-8135-CDA13E8C1338}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\Admin\Downloads\Shockwave_Installer_Slim (9).exe" -d C:\Users\Admin\Downloads
    • Yes    Task    {C05DDE9D-C140-41E5-B35F-33181D34FAFA}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a C:\Users\Admin\Downloads\WindowsPhone.exe -d C:\Users\Admin\Downloads

4bjfv4uz_thumb1

11. Close CCleaner.

Step 6: Clean remaining Adware using “AdwCleaner”.

1. Download and save “AdwCleaner” utility to your desktop.

download-adwcleaner-home_thumb1_thum

2. Close all open programs and Double Click to open ”AdwCleaner” from your desktop.

3. Press “Scan”.

adwcleaner-scan_thumb1_thumb_thumb2

4. When the scan is completed, press “Clean” to remove all the unwanted malicious entries.

adwcleaner-clean_thumb1_thumb_thumb2

4. Press “OK” at “AdwCleaner – Information” and press “OK” again to restart your computer.

adwcleaner-information

5. When your computer restarts, close "AdwCleaner" information (readme) window and continue to the next step.

 

Step 7. Remove potentially unwanted programs (PUPs) with Junkware Removal Tool.

1. Download and run JRT – Junkware Removal Tool.

ooiklzrb_thumb3_thumb

2. Press any key to start scanning your computer with “JRT – Junkware Removal Tool”.

rbqt5vao_thumb1_thumb

3. Be patient until JRT scans and cleans your system.

e3folbue_thumb_thumb

4. Close JRT log file and and then reboot your computer.

nt3i1nap_thumb_thumb

 

Step 8. Clean your computer from remaining malicious threats.

Download and install one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO:

Malwarebytes™ Protection
Removes Spyware, Adware & Malware.
Start Your Free Download Now!

1. Run "Malwarebytes Anti-Malware" and allow the program to update to it's latest version and malicious database if needed.

2. When the "Malwarebytes Anti-Malware" main window appears on your screen, choose the "Perform quick scan" option and then press "Scan" button and let the program scan your system for threats.

ahefjplu_thumb2_thumb_thumb_thumb_th

3. When the scanning is completed, press “OK” to close the information message and then press the "Show results" button to view and remove the malicious threats found.

020b1u5u_thumb1_thumb_thumb1_thumb1_

4. At the "Show Results" window check – using your mouse's left button- all the infected objects and then choose the "Remove Selected" option and let the program remove the selected threats.

sjs1rbdr_thumb1_thumb_thumb1_thumb1_

5. When the removal of infected objects process is complete, "Restart your system to remove all active threats properly"

edrodtk1_thumb1_thumb_thumb1_thumb1_

6. Continue to the next step.

Advice: To ensure your computer is clean and safe, perform a “FULL SCAN” with “Malwarebytes’ Anti-Malware in Windows “Safe mode“.*

*To get into Windows Safe mode, press the “F8” key as your computer is booting up, before the appearance of the Windows logo. When the “Windows Advanced Options Menu” appears on your screen, use your keyboard arrows keys to move to the Safe Mode option and then press “ENTER“.

Step 9. Clean unwanted files and entries.

Use “CCleaner” program and proceed to clean your system from temporary internet files and invalid registry entries.*

*If you don’t know how to install and use “CCleaner”, read these instructions.

Step 10. Restart your computer for changes to take effect and perform a full scan with your antivirus program.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: