PanicStation.org
UK USA
us Technology & digital loss unknown browser extension • mystery browser add-on • extension appeared by itself • cannot remove extension • remove button greyed out • extension locked • installed by policy • installed by enterprise policy • managed by your organization • browser hijacker extension • suspicious chrome extension • suspicious edge extension • firefox add-on won’t uninstall • safari extension you didn’t install • browser settings changed • redirects in browser • popups after installing extension • extension keeps coming back • unwanted toolbar extension • browser malware signs

What to do if…
an unknown browser extension appears and you cannot remove it normally

Short answer

Assume it can see what you type: stop using that browser profile for sensitive logins, scan the device, and regain control by removing the re-installer and resetting or replacing the browser profile.

Do not do these things

  • Don’t log in to email, banking, payroll, or medical portals from the affected browser/profile.
  • Don’t follow pop-ups offering a “cleanup” download or a phone number for “support”.
  • Don’t install random “extension remover / cleanup” tools you find via ads or redirects.
  • Don’t keep granting new permissions to the extension to “fix” the problem.
  • Don’t ignore “Managed by your organization / Installed by policy” messages — they’re an important clue.

What to do now

  1. Stop sensitive activity in that profile. Close the browser. If you must access key accounts now, use another device or another browser/profile you trust.
  2. Capture quick details. Screenshot the extension name, any publisher info shown, and any message like “installed by enterprise policy” or “managed by your organization.”
  3. Check whether it’s legitimately managed. If it’s a work/school device or account, contact IT/helpdesk. If it’s your personal device and it says “managed,” treat that as suspicious until proven otherwise.
  4. Use built-in browser recovery steps (often helps).
    • Chrome: Use Reset settings (restore settings to original defaults). If the problem persists, create a fresh Chrome profile (new user) and stop using the old one.
    • Firefox: Follow Mozilla’s steps for an add-on that cannot be removed (often policy-locked or installed outside the normal manager).
    • Edge: Use the built-in Reset settings option if removal is blocked, and re-check whether the browser/device shows “managed” status.
    • Safari (Mac): In Safari Settings > Extensions, uninstall anything you didn’t choose.
  5. Remove the thing that re-installs it. Check installed applications for anything you don’t recognize (especially installed the same day). Uninstall suspicious items, then reboot.
  6. Run a deep security scan (offline if possible on Windows). On Windows, run a full scan, then run a Microsoft Defender Offline scan from Windows Security.
  7. Secure accounts from a clean place if exposure is possible. From a different device (or a fresh browser profile), change your email password first, then financial accounts. Enable multi-factor authentication.
  8. Report if it involved scams, fraud, or account compromise.
    • Report scams and fraud to the FTC.
    • If you lost money or accounts were taken over, file a report with the FBI’s IC3 (be careful to use the official site and not lookalike domains).

What can wait

  • You don’t need to identify the extension’s “real name” or publisher today.
  • You don’t need to factory-reset the whole computer as the first move if reset + uninstall + scan stops the persistence.
  • You don’t need to contact every service you use today — prioritize email + financial first.

Important reassurance

A locked/undeletable extension is scary, but it often responds to a predictable cleanup sequence: stop sensitive use, remove the re-installer/policy pressure, run an offline-capable scan, then secure key accounts from a clean environment.

Scope note

These are first steps to reduce exposure and regain control. If the extension returns after a reset/new profile plus uninstalling suspicious apps and running an offline scan, get hands-on help (trusted repair shop or your organization’s IT/security team).

Important note

This is general information, not legal or professional advice. If you’re on a managed device, follow your organization’s security process. If you’re unsure whether a reporting portal is legitimate, pause and verify carefully before entering personal information.

Additional Resources
Support us