Remove “Installed by enterprise policy” extension from Chrome

If you are seeing pop-up ads with Google Chrome, and in your extension list there is an extension with the “Installed by enterprise policy” text, then your browser is infected with an adware program. The “Installed by enterprise policy” was created by Google to help the developers, however cyber criminals are using this type of policy to install malicious extension onto Google Chrome. The reason why they are doing this is that because the “Installed by enterprise policy” extensions are managed and cannot be removed or disabled via Chrome’s Extensions page.


The “Installed by enterprise policy” extension are usually adware programs that displays pop-up ads, advertisement banners and sponsored links within Google Chrome.
Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed the malicious “Installed by enterprise policy” extension without your knowledge.”
The “Installed by enterprise policy” adware infection is designed specifically to make money. It generates web traffic, collects sales leads for other dubious sites, and will display advertisements and sponsored links within your web browser.
The “Installed by enterprise policy” extension it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.
The “Installed by enterprise policy” Chrome extension is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation an adware program. When you install these free programs, they will also install the malicious “Installed by enterprise policy” Chrome extension as well. Some of the programs that are known to bundle the “Installed by enterprise policy” extensions include “Youtube Downloader HD”, “Fast Free Converter”, “Video Media Player 1.1″ and “DVDX Player 3.2″.
When installed, the “Installed by enterprise policy” Chrome extension display pop-up advertisements, in-text ads and and as you browse Internet, it will show coupons and other deals available on different websites.

If a Chrome user will try to remove the malicious extension, he will see on the Chrome’s extension page the following message next to the unwanted extension, and underneath there will be a message that will say: “This extension is managed and cannot be removed or disabled“.
Cyber criminals are using the “Installed by enterprise policy” because the malicious extension that are installed with this policy cannot be remove by Chrome users by simply clicking the Trash Can icon.

You should always pay attention when installing software because often, a software installer includes optional installs, such as this “Installed by enterprise policy” extension. Be very careful what you agree to install.
Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don’t trust.

How to remove “Installed by enterprise policy” Chrome extension (Virus Removal Guide)

This page is a comprehensive guide, which will remove “Installed by enterprise policy” extension from Google Chrome, and any other adware program that may have been installed during the the setup process.
Please perform all the steps in the correct order. If you have any questions or doubt at any point, STOP and ask for our assistance.

OPTION 1: Manually remove the “Installed by enterprise policy” extension from your registry and computer
OPTION 2:Restore Windows to an earlier time to remove the “Installed by enterprise policy” from Windows 8, Windows 7, Windows Vista and Windows XP

OPTION 1: Manually remove the “Installed by enterprise policy” extension from your registry and computer

STEP 1: Uninstall the program that has installed the “Installed by enterprise policy” extension on Google Chrome

In this first step, we will try to identify and remove any malicious program that might be installed on your computer.

1. To uninstall the program that has installed the “Installed by enterprise policy” extension on Google Chrome program, click the Start button, then click on the Control Panel menu option.
   
   If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for “control panel” .Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control Panel from there.
   
2. When the Control Panel window opens click on the Uninstall a program option under Programs category. This option is shown by the arrow in the image below. If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
   
3. When the Programs and Features or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and uninstall AlllCheapPeruiCe 5.2, YoubeAdBlocker 1.2, TheBlooccker 1.3, Video Player, Plus-HD 1.3, BetterSurf, CouponMeApp, TubeAdblOCkER, BLoCkTheADApp 3.2, WatchItAdBlocake, Media Player 1.1, Savings Bull, Start Savin, Websteroids, ScorpionSaver, HD-Plus 3.5 and any other recently installed unknown program from your computer.
   To check the most recently installed programs, you can click on the “Installed On” column to sort your program by the installation date. Scroll though the list, and uninstall any unwanted or unknown programs
   
   Depending on what program has installed the “Installed by enterprise policy” adware infection, the above program may have a different name or not be installed on your computer. If you cannot find any unwanted or unknown programs on your machine, then you can proceed with the next step.

If you are having issues while trying to uninstall the “Installed by enterprise policy” program, you can use Revo Uninstaller to completely remove this unwanted program from your machine.

---

STEP 2: Find the name of the “Installed by enterprise policy” malicious extension and write down its ID

1. Click the Chrome menu   button on the browser toolbar, select Tools and then click on Extensions.
   
2. In the Extensions tab, to find the ID of the “Installed by enterprise policy” malicious extension, enable the “Developer mode” by putting a check-mark in its box as seen below.
   Next, you we will need to write down the ID and the name of the “Installed by enterprise policy” malicious extension, then we can close Google Chrome.
   
   In our case the malicious extension name is: YoutubeAdBlocker 1.2 and it’s ID is: hfgknhajhghfgnmdbfickicmhnkcce, however in your case the name and ID of the “Installed by enterprise policy” might be different.

---

STEP 3: Delete the malicious registry key that keeps re-installing the “Installed by enterprise policy” extension in Google Chrome

1. If you are using Windows 7, Windows Vista or Windows XP, click on the Start button, then in the search box, type: regedit.exe and click on Regedit as seen below.
   If you are using Windows 8, drag your mouse to the right edge of your screen, then type in the the search box: regedit.exe and click on Regedit.
   
   Alternatively, you can press the Windows Key + R to open the Run box, then type regedit.exe to open the Windows Registry Editor.
   NOTE: Depending on your version of Windows, and how it’s configured, you may see a User Account Control dialog box where you’ll need to confirm that you want to open Registry Editor.
2. The Registry Editor window should now open, and we will need to click on Edit and select Find next from the drop down menu.
   
3. In the Find next box type the ID of the “Installed by enterprise policy” malicious extension that you have written down in the previous stage, then click on Find next.
   
   After the search will be performed, the Registry Editor should show you a registry key in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist as seen below.
   Right-click on the registry key (usually represented by a number), and from the menu select Delete.
   
4. A confirmation window should now pop-up and you will need to click on Yes to confirm that you want to delete this malicious registry key.
   
   Now, we can close the Windows Registry Editor.

---

STEP 4: Remove the “Installed by enterprise policy” malicious folder from your computer

1. Open Google Chrome, type in the omnibox (Address Bar) to chrome://policy/, then in the Policies window click on Show Value.
   
   As you can see below there’s a path on your computer pointing to an extension update file. It is very important find the folder with the ID of the unwanted extension and delete it. Otherwise, it can reinstall itself.
   
   In our case the “Installed by enterprise policy” malicious folder is located in C:/ProgramData/YoutubeAdblocker, however the path may be different in your case.
2. The Program Data folder is usually hidden, so to see the malicious folder we will need to enable the Show hidden files, folders and drives option.
   To view the hidden files and folders, click on the Start button, and click on Computer. Next ,click Organize and choose Folder and Search Options.
   If you are using Windows 8 from the Control Panel, type “folder” in the search box and select Folder Options.
   
   Click the View tab, select Show hidden files, folders and drives, then click on Apply and then OK.
   
3. Browse to the “Installed by enterprise policy” malicious folder that we’ve previously found with the chrome://policy/ command. In our case is C:/ProgramData/YoutubeAdblocker, however your path may be different.
   After you have found the “Installed by enterprise policy” malicious folder, right click on it, and then select Delete to remove the folder.
   
4. Unwanted extension’s files are stored in Chrome’s default extensions folder as well. You need to delete the directory corresponding to the noted ID.If you are using Windows Vista, Windows 7 or Windows 8, browse to : %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions (e.g C:\Users\Your-Username\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\Extensions). Or if you are using Windows XP, browser to: %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension.
   Then, search the folder which has the ID which of the “Installed by enterprise policy” malicious extension, then right-click on it and select Delete.
   
   In our case the “Installed by enterprise policy” malicious Chrome extension was hfgknhajhghfgnmdbfickicmhnkcce, however in your case is most likely different.
5. Finally, we will need to browse to %windir%\system32\GroupPolicy\ (e.g. C:\Windows\system32\GroupPolicy), and from there delete the Machine and User folders.
   

---

STEP 5: Scan your computer for malware with Malwarebytes Anti-Malware and HitmanPro

Remove “Installed by enterprise policy malicious folder” virus with Malwarebytes Anti-Malware Free

Malwarebytes Anti-Malware Free uses industry-leading technology to detect and remove all traces of malware, including worms, Trojans, rootkits, rogues, dialers, spyware, and more.
It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts.

1. You can download Malwarebytes Anti-Malware Free from the below link, then double click on it to install this program.
   MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
2. When the installation begins, keep following the prompts in order to continue with the setup process.
   
3. On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
   
4. Malwarebytes’ Anti-Malware will now start scanning your computer for “Installed by enterprise policy” malicious files as shown below.
   
5. When the Malwarebytes scan will be completed,click on Show Result.
   
6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
   

Double-check for the “Installed by enterprise policy” infection with HitmanPro

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.). HitmanPro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer.

1. You can download HitmanPro from the below link, then double-click on it to start this program.
   HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
2. HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
   
   
3. HitmanPro will start scanning your computer for “Installed by enterprise policy” malicious files as seen in the image below.
   
4. Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
   
5. Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
   

OPTION 2: Restore Windows to an earlier time to remove the “Installed by enterprise policy” from Windows 8, Windows 7, Windows Vista and Windows XP

System Restore uses restore points to return your system files and settings to an earlier point in time without affecting personal files. Restore points are created automatically every week, and just before significant system events, such as the installation of a program or device driver. Before you start System Restore, save any open files and close all programs.