We recently came across some user complaints about sudden pop-ups to a site called Antivirus Armor Hub (antivirusarmorhub.xyz) that occur in Google Chrome and other Chromium-based browsers. The users experiencing this report that the site claims to be associated with the Norton antivirus, but we doubt that a legitimate security vendor such as Norton would randomly spam users with aggressive browser redirects.
Instead, we suspect the Antivirusarmorhub redirects are triggered by browser hijacker malware attached to the browser that’s designed to promote this strange website. In fact, when we tried to manually visit the website, we got a privacy warning from our Chrome browser and then a 404 error when we proceeded to the site.
For these reasons, if you are faced with a similar issue, we strongly recommend you complete the next hijacker-removal tutorial to put an end to the sudden pop-ups and redirects.
Antivirusarmorhub.xyz Removal Guide for Chrome and Other Browsers
The information about the Antivirusarmorhub.xyz hijacker is currently very scarce but we have extensive experience with similar forms of malware, such as the Imgcreator Virus, or Skyjem so we can give you a very detailed guide on how to deal with this one.
SUMMARY:
Name | Antivirusarmorhub |
Type | Browser Hijacker |
Detection Tool | We tested that SpyHunter successfully removes parasite* and we recommend downloading it. Manual removal may take hours, it can harm your system if you re not careful, and parasite may reinstall itself at the end if you don't delete its core files. |
Most modern hijackers infect the system on multiple levels to gain persistence and be as difficult to remove as possible. Also, they rarely travel alone, and we suspect that the Antivirusarmorhub.xyz pop-ups are only the tip of the iceberg. That is why it’s strongly advised to perform all the steps shown below to ensure all relevant parts of your system and browser are cleaned and there are no hijacker traces left that can allow the malware to keep bothering you.
Get Rid of Antivirusarmorhub.xyz “Managed by Your Organization” Policies
Browser hijackers nowadays will often introduce a third-party policy to Chrome and other Chromium browsers in order to “lock in” the settings changes that they make without your permission. If you’ve noticed a “Managed by your organization” note at the bottom of the Chrome menu or at the top of the Extensions Manager page, that means your browser is under one such policy. In this case, you’ll first need to remove the rogue policy before you are able to clean the browser.
In case you don’t see such a message anywhere in the browser, you can directly continue to the next part of our guide, where we explain how to get rid of the Antivirusarmorhub.xyz hijacker and pop-ups. If you do see the policy message, follow the next step to unblock your browser:
- First, access your Chrome browser, type “Chrome://Policy” in the URL bar, and go to that address. In case you are using Edge or another Chromium browser, you can do the same, but just swap “Chrome” with the name of that browser (for example, “Edge://Policy“).
- Check for suspicious policies listed on the page that opens. A suspicious policy is one that has a string of random letters as its value. If you see any such values, copy them and paste them in a text file or a sticky note for later use.
- Go to the Extensions Manager in Chrome (Chrome Menu > Extensions > Manage Extensions), toggle on Developer Mode, and look at the IDs of any extensions that you don’t recognize or trust. Copy their IDs and paste them next to the saved policy values from the previous step.
- Search for “regedit” in the Start Menu > right-click the first item > Open as administrator.
- Go to Edit > Find copy-paste the saved policy value in the search box > Find Next.
- When an item is found, delete the folder (registry key) that contains it and search again to delete all related registry keys.
- Repeat the previous step with any other saved policy values and also with the extension IDs you got from the Extensions Manager.
- Then visit the following directories in the left panel of the Registry Editor and delete the final key (the one in bold):
- HKEY_CURRENT_USER\Software\Google\Chrome
- HKEY_CURRENT_USER\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
- HKEY_LOCAL_MACHINE\Software\Policies\Google\Update
- Now open the Start Menu, type Edit Group Policy, and open the first result.
- Open Local Computer Policy > Computer Configuration, right-click Administrative Templates > Add/Remove Templates, and delete everything listed there.
- In the Start Menu, search for and open Folder Options > View > Show Hidden Files and Folders and then click Apple and OK.
- Go to C: > Windows > System32 and delete the GroupPolicy and GroupPolicyUsers folders.
- Download this Chrome Policy Remover tool and run it as an administrator. If you get a Windows warning, select More Info > Run Anyway.
- Lastly, open Command Prompt as administrator through the Start Menu and run this command: gpupdate /force.
After all this is done, no rogue policies should be left in your browser, and you can now proceed to deal with the antivirusarmorhub.xyz popups.
How to Stop the Antivirusarmorhub Pop-ups
The Antivirusarmorhub pop-ups could be triggered by a rogue extension installed in your browser or even by a legitimate one that got an update enabling it to cause sudden redirects. It’s also possible that you’ve unknowingly given the rogue site permission to show notifications in the browser, resulting in the flood of pop-ups. In any case, the next instructions will let you clean your browser and prevent this site from showing up on its own again.
- When in Chrome, click the browser menu (the three dots) and go to Settings.
- First, click Extensions from the bottom left, and then disable and remove all extensions that you think could be spamming you with the Antivirusarmorhub popups.
- Even regular and useful extensions could be responsible, so remove everything that has even the slightest chance of being the culprit (you can always reinstall the non-problematic ones at a later point).
- Then go to Pirvacy and Security > Deletе Browsing Data > Advanced. Choose a time period that begins before the redirects started bothering you, leave only the Passwords box unchecked, and click Delete.
- Also go to Site Settings (bottom of Privacy and Security), check the various permissions types, and look for Antivirusarmorhub.xyz or any other sketchy URLs in the Allow section. If you find any untrusted addresses, remove them.
- Go to Appearance and then to On Startup and remove from them any rogue URLs.
- Lastly, open the Search Engine tab, change the default search engine to Google or another trusted one, and click on Manage Search Engines.
- Look for search tools that you don’t recognize or trust and remove them from the list.
Now the browser should have no rogue URLs or extensions left in it which should make the redirects to Antivirusarmorhub.xyz stop. Finally, we also recommend that you delete the Google folder located in C: > Users > *YOUR ADMIN USER FOLDER* > AppData > Local.
Is Antivirusarmorhub.xyz Related to Norton Antivirus?
At the start, we pointed out how some users affected by the antivirusarmorhub.xyz redirects report that the site presents itself as associated with the Norton antivirus program/company. We did our research to figure out if there’s any truth to this but found no information to suggest there’s any connection between Norton and this browser-hijacking website. In fact, we ran the antivirusarmorhub.xyz address through Norton’s online URL scanner and got warned about it. The scanner told us that the URL is identified as suspicious and any redirects to it could be the result of malware or a potentially unwanted application in the PC.
To us, this is more than enough proof that the Antivirusarmorhub site is not something you should trust or allow yourself to get rerouted to. The instructions on this page can help with the redirects and allow you to clean any rogue app that might be causing them. And if for some reason the manual steps aren’t enough, you can always use SpyHunter, the anti-malware tool recommended on this page, which can make quick work of any hijackers or malware apps installed on your PC.
Leave a Comment