It is worrying to learn that some unwanted programs these days are connected to a computer virus, where, aside from unwanted installation, the threat is also capable of altering the Windows restrictions. There have been reports that adware or browser extensions were able to apply a restriction in order to prevent users from deleting the threat. One example is the malicious changes made to Windows Group Policy where it renders the internet program to be “Managed by your organization.” Our previous procedures to get rid of this restriction were merely focused on the browser alone, without taking into consideration that Windows in general is being targeted by the unwanted program or adware.
In cases like this where the operating system is affected, there is no way for computer users to remove the unwanted extension as long as the malicious policy is being enforced on the infected computer. Therefore, we made these new procedures to tackle deeper problems and resolve them via the step-by-step elimination of malicious files and processes. This guide will simultaneously remove the malicious browser extension and the entries that enforce the “Manage by your organization policy.”
Steps to get rid of Extension and Managed by your Organization (Chrome and Edge)
This procedure will remove both the unwanted browser extensions from Google Chrome and Microsoft Edge internet software. Deleting the associated files and processes will also remove the policy that makes the browser program fall under the “Managed by your Organization” restriction. Please make sure to carry out each step to ensure complete removal of the associated malware and files.
Quick Fix – Scan the PC with Combo Cleaner for Windows
Combo Cleaner is a trusted PC security and optimization tool equipped with powerful virus and malware detection engine. This program can get rid of adware through this procedure.
1. Download the application from the following page:
2. Save the file to your preferred location.
3. Double-click the downloaded file CCSetup.exe and install with the default settings.
4. At the end of the setup process, click Finish to run Combo Cleaner.
5. The tool will update the signature file, please wait for this process to complete.
6. To begin checking for threats, click on the Start Scan button. Wait for this scan to finish.
7. At the end of the scan process, click on Remove all threats to delete the adware including all malicious objects from the computer.
Free features of Combo Cleaner for Windows include Disk Cleaner, Big Files finder, Duplicate files finder, and Uninstaller. To use antivirus, privacy scanner, and to delete identified threats, users have to upgrade to a premium version.
Please continue with the succeeding removal procedures if you are comfortable manually getting rid of the threat and malicious items linked to it.
Step 1 : Edit the Windows Registry
1. Go to Windows search bar and type regedit. Next open the Registry Editor.
2. The first thing you should do is to make a backup copy. Go to File > Export. Save the Registration file (.reg) to your desired location.
3. Next, go to the following registry respectively to delete browser items:
HKEY_CURRENT_USER\Software\Google\Chrome
HKEY_CURRENT_USER\Software\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\Software\Google\Chrome
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\Software\Policies\Google\Update
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment
4. Select and expand Google and then, Right-click on Chrome/Update/Enrollment and select Delete from the choices. This will delete the Google Chrome entry.
5. Go to the registry key below and delete the value named CloudManagementEnrollmentToken.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
6. Now, go to the Microsoft Policy entry as shown below. Right-click on Edge and select Delete from the choices.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge
7. You may now close the Windows Registry Editor and proceed to the next steps.
Step 2 : Uninstall Unwanted Programs
1. On Windows search bar, type add or remove and open the Add or Remove Programs.
2. Under Apps & Features section, please look for suspicious items and uninstall them.
Step 3 : Find and Delete Malicious Files
1. Open Windows File Explorer.
2. On top Menu, click on View.
3. Select Hidden items to show hidden files and folders.
4. Next, go to the following location:
C:\Users\[Your User Account]\Appdata\Local\Google\
C:\Users\[Your User Account]\AppData\Local\Microsoft\
5. Delete the Chrome and Edge folder respectively.
6. Next, proceed to the following folder:
C:\Users\[Your User Account]\Appdata\Roaming\
7. Delete recently added suspicious items. The malware files are normally in executable format as Screen Saver (.scr), Application (.exe), or Visual Basic (.vbs) files that have random names.
8. If the file is open or in use, and cannot be deleted, please take note of the program name.
9. Next, open Task Manager. Right-click on the Taskbar and select Task Manager from the pop-up list. You can also use a keyboard shortcut Ctrl + Shift + Esc.
10. Once Task Manager is running, Go to Processes tab and find the offending file or program.
11. Right-click on the name and click End Task.
12. You may now go back to File Explorer and proceed on deleting the file.
13. Repeat the above process on the following folders:
- C:\Users\[Your User Account]\Documents\
- C:\Users\[Your User Account]\Appdata\LocalLow\
- C:\Users\[Your User Account]\AppData\Local\Temp\
- C:\Users\[Your User Account]\Appdata\LocalLow\Microsoft\CryptnetURLCache\Content\
- C:\Program Files (x86)\Company\NewProduct\
- C:\Program Files (x86)\[Suspicious Items]\
14. Go to the following folder:
C:\Users\WDAGUtilityAccount\AppData\Roaming\WinHost\
15. Delete Winhoster file or any recently added malicious items.
Step 4 : Delete the Existing Group Policy
1. While still on Windows File Explorer, please go to the stated folder:
C:\Windows\System32\
2. Delete the following folders:
- GroupPolicy
- GroupPolicyUsers
3. Go to Windows search bar and input cmd and run the Command Prompt.
4. On the Command Prompt window, type the following strings:
gpupdate /force
5. If it states that “Policy update has completed” You may now close the window.
Step 5 : Delete Other Unwanted Files and Process
1. Press Ctrl + Shift + Esc on keyboard to open Task Manager. Alternatively, you can right-click on Windows taskbar and select Task Manager from the list.
2. Look for suspicious Processes name and right-click to show the options. Select Open file location from the list.
3. After opening the designated folder, right-click on the file and Delete it.
During the process of deleting files associated with Google Chrome or Microsoft Edge, there are chances that it may become inaccessible or corrupted. If that happens, please Uninstall the affected internet program and run a fresh install.
