What this script does

• Closes Chrome and Edge
• Scans all browser profiles
• Deletes known malicious, adware, hijacker, and unnecessary extensions
• Works even if extensions are hidden or policy-installed
• Does not rely on browser UI
• Safe to run multiple times

Requirements

• Run PowerShell as the logged-in user
• Close Chrome and Edge before running
• Administrator rights recommended (for multi-profile systems)

---

PowerShell Script

# ==========================================================
# Chrome & Edge Extension Mass Removal Script
# ==========================================================

Write-Host "Starting browser extension cleanup..."

# Known malicious, adware, hijacker, and unnecessary extensions
$BadExtensions = @(
    # Known malicious / hijackers
    "ndnaehgpjlnokgebbaldlmgkapkpjkkb"
    "eclpmdjlgjknjdfjmgnkhlghlilfhekf"
    "nkeimhogjdpnpccoofpliimaahmaaome"
    "obmljfdklpibgngjipocflffbgnjngnh"
    "kbhkdfbncpcmncmkppkppkhopcohfhcl"
    "mlomiejdfkolichcflejclcbmpeaniij"
    "gmbmikajjgmnabiglmofipeabaddhgne"
    "fahmaaghhglfmonjliepjlchgpgfmobi"
    "fpgpghecplgklfbcajkeflghnbhkppde"
    "jkkmcdckkdlkbgjfdnhngjfhghejlmjd"
    "jglfjaglakbckhfmcbhgmdbgdodffnlg"
    "lbmdfjomabnidhajfblfmljdnacgcnlb"
    "okdfdoijfgkoodbpmhlmdjgmhkihcigl"
    "dnhpnfgdlenaccegplndljfcjgbclbhl"

    # Adware / redirect extensions
    "ajmfnkmgkecjgfjcbbkkdpfchjcbnhbd"
    "bifdhahddjbdbjmiekcnmeiffabcfjgh"
    "mabphhfpgnlmkhaafhbfdgpljmlfpmlb"
    "hdokiejnpimakedhajhdlcegeplioahd"
    "keghkdpbikpnjnboehmlhhfbjdhdklfo"
    "mmkfnidfnadldkffkmdgmcibobmdkpel"
    "dpdmhfocilnekecfjgimjdeckachfbec"

    # Unnecessary built-in / high-risk
    "mhjfbmdgcfjbbpaeojofohoefgiehjai" # Chrome PDF Viewer
    "nmmhkkegccagdldgiimedpiccmgmieda" # Wallet
    "pjkljhegncpnkpknbcohdijeoejaedia" # Safe Browsing
    "odfafepnkmbhccpbejgmiehpchacaeak" # Edge built-in
    "gbchcmhmhahfdphkhkmpfmihenigjmpp"
)

# Browser user data paths
$BrowserRoots = @(
    "$env:LOCALAPPDATA\Google\Chrome\User Data",
    "$env:LOCALAPPDATA\Microsoft\Edge\User Data"
)

# Stop browsers
Get-Process chrome, msedge -ErrorAction SilentlyContinue | Stop-Process -Force

foreach ($Root in $BrowserRoots) {
    if (-not (Test-Path $Root)) { continue }

    Get-ChildItem $Root -Directory -ErrorAction SilentlyContinue |
    Where-Object { $_.Name -match "^Default|^Profile" } |
    ForEach-Object {

        $ExtensionsPath = Join-Path $_.FullName "Extensions"
        if (-not (Test-Path $ExtensionsPath)) { return }

        foreach ($ExtID in $BadExtensions) {
            $Target = Join-Path $ExtensionsPath $ExtID
            if (Test-Path $Target) {
                Write-Host "Removing extension $ExtID from profile $($_.Name)"
                Remove-Item $Target -Recurse -Force -ErrorAction SilentlyContinue
            }
        }
    }
}

Write-Host "Extension cleanup completed."

---

What This Script Does NOT Do (By Design)

• Does not remove bookmarks
• Does not touch saved passwords
• Does not rely on Chrome or Edge APIs
• Does not break browser updates

If an extension reappears, it means:

• It is enforced by policy
• It is being restored via sync
• There is active malware or GPO abuse

In that case, a browser policy reset is required (which you already asked for in the previous post).

---

Recommended Next Step (Strongly Advised)

After running this script:

1. Run the browser security audit & reset script
2. Disable browser sync temporarily
3. Enforce extension allow-lists via GPO or Intune

---

Final Notes

There is no permanent static list of malicious extensions.
This script gives people a strong baseline cleanup, and the list can be expanded over time by simply adding IDs.