Recently, many Internet surfers using installed plug-ins and add-ons for more comfortable work have encountered the problem that the Adobe DTM Switch extension has appeared in browsers. It seems to many that this seems to be the official plugin, but in fact it is not.
What is Adobe DTM Switch: virus or extension?
This add-on belongs to the class of trojans. Although the extension disguises itself as an official plugin, direct analysis indicates that it is a threat called Trojan.Win32.Agentb.bgwu.
The essence of the actions performed by the worm is that it loads any web browser with advertising and a huge number of pop-ups. The consequences are mainly seen by administrators of popular social networks - due to the activation of the virus from a computer terminal, the actions of a registered network user are regarded as dubious. It is not surprising that after this, admins require confirmation of actions, registration or entering a personal account using a mobile number.
This is the Adobe DTM Switch virus. How to remove it painlessly for the user, now it will be considered. But it’s worth mentioning right away that using regular means is quite difficult to do, since the worm is tightly fixed in the system, and even standard scanners can skip it.
Adobe DTM Switch in official storage
And the whole problem is that the threat, oddly enough it sounds, spreads through the official Google extension store! So, if you get to the download and installation page of this product, it is better to leave it immediately.
It is not clear why, but the protection system against the spread of malware did not work this time. It is only now that an official warning is being issued, and after all, nothing like this has been observed before, and users installed the add-in without any fear that a threat might be hidden in it. Even the Mozilla Firefox official page has this plugin!
Adobe DTM Switch: how to get rid of the virus in the simplest way?
Despite the difficulties associated with removing the virus, there are still several options for getting rid of it.
To determine the method, you just need to look at the nature of the Adobe DTM Switch threat. How to get rid of it in the simplest version? Yes, it’s very simple - you just need to use specialized utilities (preferably a portable type).
The most optimal solution will be an in-depth scan of a computer system using disk utilities under the general name Rescue Disk. Their advantage is that they load their own command or graphical interface even before the start of the operating system and are able to detect self-copying threats that are even in RAM. Needless to say, you can also ask for help with programs designed solely for the search and isolation of trojans.
Disable add-ons in browsers
Now another look at the Adobe DTM Switch virus. How to remove it from the system, it will become clear, given that it integrates absolutely into all Internet browsers installed in the system.
In this case, you will have to work hard and first try to disable the add-in in the browser itself (although in most cases it will be activated again when the browser or system is restarted).
So, here is the Adobe DTM Switch add-on. How to remove it from browsers? To do this, you need a utility called Avast Browser Cleanup (we assume that disabling the extension directly in browsers does not work). After starting the program, select the IE icon and go to the list of unwanted applications. It will display the Adobe DTM Switch. Click the delete button, and then reset the settings.
The cleaning procedure needs to be done for all web browsers, alternately selecting their icons in the program window. After that, you must necessarily check the system with some portable anti-virus program like Dr. Web Cure It !, then scan with an optimizer like CCleaner.
Manual threat removal
Automated utilities are good. But they are also able to skip such a threat, considering it the official Google application called Adobe DTM Switch. How to remove the virus manually, see below.
First of all, you need to call the standard "Task Manager" (using the three-finger combination Ctrl + Alt + Del or the taskmgr command in the "Run" menu) and end the HsMgr process (a user folder will be specified in the location).
Next, we again use the "Run" console (Win + R) and write the command to access the msconfig system configuration in it. In the window that appears, go to the startup tab and uncheck all processes, even if you don’t know which one is responsible for what. But more often than not, automatically starting processes in the name contain something like HsMgr, systemscript, system, etc. Moreover, all such elements lack the signature of the publisher (manufacturer).
After that, we use the standard “Explorer”, in the view menu we indicate the display of hidden files and folders, then go to the Users directory, then to the folder of the specific user that is currently active, and then go along the path Local / Microsoft / Windows /, where you need to find objects like systemscript.exe or system.exe (names may vary). All such files must be deleted immediately, even from the "Recycle Bin" (quick deletion without placing in the "Recycle Bin" - using the Shift + Del combination).
Now we call the registry editor with the regedit command in the “Run” menu, go to the HKCU branch, then use the SOFTWARE and Microsoft directories, where we go to the CurrentVersion directory through the directory tree and stop at the Run folder.
Again, look for the keys containing the name system or systemscript, and delete them. Upon completion, we reboot the system. In theory, after all the actions performed, problems will no longer arise.
Last tip
That's it for the Adobe DTM Switch virus. How to remove it, it seems, is already clear. It remains to add that, with all due respect to the developers of anti-virus programs, it is better to give preference to solving the problem of neutralizing the threat to the manual method, since in this situation it looks much more reliable.
And further! When visiting sites of dubious content or potentially dangerous resources (and not only them), never give consent to the installation of additional plug-ins and add-ons for the browser, supposedly expanding their capabilities. As you can see, even official sources can often contain threats, so you need to be alert twice.