How to remove the Adobe DTM Switch extension?

Recently, many Internet surfers using installed plug-ins and add-ins for more comfortable work have encountered the problem of the extension of Adobe DTM Switch in browsers. As many people think, it seems to be an official plug-in, but in reality it is not.

What is Adobe DTM Switch: virus or extension?

This add-on is a Trojan class. Although the extension is masked by the official plugin, direct analysis indicates that this is a threat called Trojan.Win32.Agentb.bgwu.

The essence of the actions produced by the worm is that it loads any web browser with ads and a huge number of pop-ups. The consequences are mainly seen by administrators of popular social networks - due to the activation of the virus from the computer terminal, the actions of the registered user of the network are regarded as questionable. It is not surprising that after this admins require confirmation of actions, registration or entry into your personal account using your mobile number.

This is the Adobe DTM Switch virus. How to remove it painlessly for the user, now and will be considered. But immediately it is worth noting that the standard means to do this is quite difficult, since the worm is tightly fixed in the system, and even standard scanners can skip it.

Adobe DTM Switch in the official repository

And the whole problem is that the threat, strange as it may sound, is spreading through the official Google extension store! So, if you go to the download page and install this product, it's better to leave it immediately.

It's unclear why, but this time the anti-malware protection system did not work. This is only now issued an official warning, and in fact nothing like this happened before, and users installed the add-on without any fear that the threat might be hidden in it. Even on the official Mozilla Firefox page there is this plugin!

Adobe DTM Switch: how to get rid of the virus in the simplest way?

Despite the difficulties associated with the removal of the virus, there are still several options for getting rid of it.

To determine the method, you just need to look at the nature of the Adobe DTM Switch threat. How to get rid of it in the simplest version? Yes, it's very simple - you just need to use specialized utilities (preferably portable type).

The most optimal solution will be an in-depth scan of the computer system using disk utilities called Rescue Disk. The advantage of them is that they load their own command or graphical interface even before the start of the operating system and are able to detect self-copying threats even in RAM. Needless to say, you can ask for help and programs designed solely to search and isolate trojans.

Disabling the add-in in browsers

Now one more look at the Adobe DTM Switch virus. How to remove it from the system, it becomes clear, given that it integrates completely into all Internet browsers installed in the system.

In this case, you'll have to work and first try to disable the add-in in the browser itself (although in most cases when the browser or system starts again, it will be activated again).

So, before us is the Adobe DTM Switch add-on. How to remove it from browsers? To do this, you need a utility called Avast Browser Cleanup (assuming that you can not disable the extension directly in browsers). After starting the program, select the IE icon and go to the list of unwanted applications. It will display Adobe DTM Switch. Click the delete button, and then reset the settings.

The cleaning procedure should be done for all web browsers, alternately selecting their icons in the program window. After that, it's mandatory to check the system with some portable antivirus program like Dr. Web Cure It !, then scan with an optimizer like CCleaner.

Manually deleting a threat

Automated utilities are good. But they are also able to skip such a threat, considering it an official Google application called Adobe DTM Switch. How to remove the virus manually, see below.

First of all, you need to call up the standard Task Manager (three-finger combination Ctrl + Alt + Del or the taskmgr command in the Run menu) and complete the HsMgr process (a custom folder will be specified in the location).

Then again use the console "Run" (Win + R) and register in it the command to access the system configuration msconfig. In the window that appears, go to the Startup tab and uncheck all processes, even if you do not know which one is responsible for that. But more often automatically starting processes in the name contain something like HsMgr, systemscript, system, etc. At the same time, all such elements do not have the signature of the publisher (producer).

After that, we use the standard "Explorer", in the view menu we show the hidden files and folders, then go to the Users directory, then - to the folder of the specific user currently active, and then go to the Local / Microsoft / Windows / path, where You need to find objects like systemscript.exe or system.exe (the names can vary). All such files must be deleted immediately, and even from the "Recycle Bin" (quick removal without placing the "Recycle bin" - using the combination Shift + Del).

Now we call the Registry Editor with the regedit command in the "Run" menu, go to the HKCU branch, then use the SOFTWARE and Microsoft directories, where through the directory tree we reach the CurrentVersion directory and stop on the Run folder.

Again, look for keys that contain the name system or systemscript, and delete them. Upon completion, we reboot the system. In theory, after all the performed actions, the problems will no longer arise.

The Board at last

That's all, as for the virus Adobe DTM Switch. How to remove it, I think, is already clear. It remains to add that, with all due respect to the developers of antivirus programs, it is better to give preference to the problem of threat neutralization to the manual method, because in this situation it looks much more reliable.

And further! When visiting sites of dubious content or potentially dangerous resources (and not only them), never give consent to installing additional plug-ins and add-ons for the browser, supposedly extending their capabilities. As you can see, even official sources can often contain threats, so that vigilant need to be doubly.