Browser Redirect

FromDOCtoPDF “Malware” Removal (Chrome/FF/IE/Safari) Dec. 2017 Update

This page aims to help you remove FromDOCtoPDF “Malware”. Our removal instructions work for Chrome, Firefox and Safari, as well as every version of Windows and Mac OSX.

A potentially unwanted program of the browser hijacking type named FromDOCtoPDF is the focus of the current article. This program may get installed on your system in a bit of a tricky way and may place some unwanted components in your Internet Explorer, Firefox or Chrome browser. You may find your default search engine or homepage replaced or you may be forced to deal with sudden page redirects and intrusive flow of ads, pop-ups and banners. Do not get panicked, though. All these will be gone just in a few minutes if you follow the instructions in the removal guide below. In case you landed on this page because you want to get rid of FromDOCtoPDF, then in the next lines, we are going to tell you how to safely uninstall this browser hijacker and remove all of its imposed changes. But first, let us tell you a bit more about browser hijackers in general and the tricks you can use to protect your PC from them in the future.

FromDOCtoPDF “Malware”

How could you possibly end up with a browser hijacker like FromDOCtoPDF on your PC?

Free download links, different freeware sites or shareware platforms of different software, torrents, spam messages and attachments of free installers are the usual sources of browser hijackers. The creators of this type of software usually use a method called “bundling” in order to insert a program like FromDOCtoPDF as an additional component of the software package of another program. When the users download and run such a package, they may unknowingly allow the bundled component to become part of their system and this way, become a victim of browser hijacking. This usually happens when they choose the Automatic/Quick/Recommended installation settings and skip reading the EULA.

In order to prevent the browser hijacker (or any other potentially unwanted applications) form getting installed, they should select the Advanced/Manual/User settings instead. However, this is not enough. It is also very important to carefully follow the setup process and deselect any pre-selected entries of suggested components, recommended options and agreements. Reading the End User License Agreement and Policy of the downloaded program will also make sure that you will be informed about the presence of bundled component such as FromDOCtoPDF or even some much more hazardous hidden components such as Trojans, Ransomware exploit kits and other viruses.

FromDOCtoPDF “Malware” Removal

If you are a Windows user, continue with the guide below.

If you are a Mac user, please use our How to remove Ads on Mac guide.

If you are an Android user, please use our Android Malware Removal guide.


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.



  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).


Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove FromDOCtoPDF from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove FromDOCtoPDF from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove FromDOCtoPDF from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.


Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

What may happen when FromDOCtoPDF takes over your browser?

Usually, the moment it gets installed on your PC, the browser hijacker does not hide like a typical virus or Ransomware threat. It reveals its presence with immediate changes in the browser’s default search engine or homepage. It may also install a new toolbar and initiate unauthorized redirects to various sponsored sites, ads, banners and pop-up commercials. A lot of users initially think that this activity looks suspicious and may be related to some virus-inflicted processes. However, the good news is that software like FromDOCtoPDF does not aim to harm your system or infect you with viruses. Its role is to serve as an online marketing tool. Browser hijackers and similar ad-generating components are commonly used to generate pay-per-click revenue for their creators in exchange of sponsored redirects, ad clicks and increased traffic to certain advertised websites. This is the reason why you may often get redirected to find yourself exposed to numerous intrusive ads and banners that prompt you to click on them.

Some people, however, despite knowing that a browser hijacker is not malicious, may really want to remove it due to the browsing disturbance and irritation it may create. For instance, the sudden redirects may really be unpleasant and sometimes, even risky. They may often land the users on some unfamiliar web locations that may look sketchy and insecure. Without having a way to check the legitimacy and safety of the content they get exposed to, many people are afraid that they may bump into some nasty online infections. Unfortunately, we have to say that this is a very real concern because the interaction with unfamiliar content and randomly generated ads, links and pop-ups may sometimes really lead to a fatal infection. With this in mind, our general advice would be to permanently remove the components of the hijacker by uninstalling them all form your system.

How to safely remove FromDOCtoPDF?

To make the nagging ads and browser tools disappear, it may not be enough to uninstall the browser hijacker from the list of Programs in the Control Panel. FromDOCtoPDF may reappear again the moment you run your browser because it usually installs some additional components deep inside your system that can help it get installed again in case of being removed. That’s why, to eliminate all the traits, we suggest you scan your PC with the professional FromDOCtoPDF removal tool. The instructions in the removal guide below may also be helpful, but they require more time and attention.


Name FromDOCtoPDF
Type Adware/Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms  This program may replace your browser’s homepage or search engine with some new ones, install a new toolbar or redirect your web searches to various ads, pop-ups and intrusive banners. 
Distribution Method Free download links, different freeware sites or shareware platforms of different software, torrents, spam messages and attachments of free installers are the usual sources of this program. 
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment