Jump to content


Recommended Posts

No, there isn't a means for a user to provide an exception. You can change your settings for the Default action for potentially unwanted programs to "Skip" if it's being identified as a "PUP". 

Is it a program or a browser extension? Please provide the exact name of this program/extension so we can give you some advise on what is causing it to be removed.

Link to post
Share on other sites

The copyright data follows.  If something more is needed, please tell me where to look.  Thx.

Ad Remover, Ad Stopper, BrowseTech, and any other applicable branding and logos are copyright of BrowseTech LLC 2018

uBlock Origin is licensed under GNU GPL v3 - See LICENSE.txt

uBlock Origin - a browser extension to block requests.
Copyright (C) 2014-2018 Raymond Hill

Link to post
Share on other sites

I don't know what that is, but it isn't the same uBlock Origin v1.16.12 that I have had for a very long time now and MBAM doesn't find it to be infected.

The folder name of the actual uBlock Origin should be cjpalhdlnbpafiamejdnhcphjbkeiagm. When you click on the three vertical dots at the right end of the address bar and select More Tools->Extensions, then click "Details" on the uBlock Origin, what does it show as the "Source"? If legitimate  should read Chrome Web Store.

Link to post
Share on other sites

You have a fake uBlock Origin adware blocker. The real one can be found here https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm.

I don't know what mischievous behavior occurs with the one you have, but others have been known to spy on your browsing habits, divert you to fake web pages and steal privacy information. If MBAM says it's bad, then it's for good reason and you need to rid yourself of it.

Link to post
Share on other sites

  • Staff

It looks like that extension is found here:


It looks like the detection is triggering on a couple different full URLs found within the extension, in the assets/extensionExtraList.txt file, which appears to list URLs to block. One of the URLs that is being matched, we may be able to make that detection more specific, but the other is already quite specific, and I'm not sure why the extension includes the full URL in that case. In that case, the entire domain is ad-related and should be blocked.

The one thing that makes me a little suspicious about this extension is that the copyright mentions uBlock Origin, but that's not mentioned anywhere else, including if you search the developer's website for "uBlock". Since uBlock Origin is open-source, that means that I suspect that Ad Remover is using some content from uBlock Origin. Since it's open source, that's not necessarily a problem, but the fact that they're not admitting to it anywhere - other than in a buried copyright file that most folks will never find - is a bit shady.

Further, the website for this extension is adremover[dot]org. That's a highly generic name that I've learned through years of looking at adware and junk software is highly suspicious. The parent company behind it is Browsetech LLC. Searching for references for that company turns up an identical extension, with an identical website, under a different name, at adstopper[dot]com.

Having multiple identical pieces of software with different names, and sold through different websites, is definite PUP behavior.

So, long story short... although the detections this thing is triggering (Adware.Crossrider and Adware.IronCore) are not accurate, it looks like it probably deserves detection in its own right anyway. We'll keep digging.

Link to post
Share on other sites

  • Staff
3 hours ago, Phil_B said:

I did note that their site includes active Norton protection "insurance." Thought that a fair sign.  

Unfortunately, it's not. There are all kinds of scam apps and adware programs that have used such "certifications" to show that they're trustworthy. It's not all that difficult to get those certifications in the first place, but it's also quite easy to just steal the logo from someone else's site and lie about it. Not sure which is the case here, of course.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.