Removal Guide

Do you know what is?

Although looks like a useful tool, you need to think if you should install it, or if you should keep it installed on your browsers. Most users are attracted to this tool because it promises to convert files to PDF for free. Obviously, this service is attractive, but that does not mean that you should install the extension without analyzing it first. Our research team has analyzed this add-on in our internal lab, and we have found a few interesting details that reason its removal. If you want to learn more, you should continue reading this report. If you are only interested in deleting, scroll down to find the instructions that explain how to get rid of this suspicious potentially unwanted program (PUP). If questions regarding this PUP or its elimination come up, use the comments box to add them.

Where did you download from? This extension has an official website (the same as the name), but is where Chrome users acquire it from. It is also possible that the installer of this suspicious extension will be attached to software bundles. If you download the PUP packaged with other suspicious programs, it is possible that malware will be introduced to you as well. As you already know, malicious infections can pose as highly beneficial and harmless programs, or they could hide from you altogether, which is why it is crucial to examine the PC with a legitimate malware scanner. In the best case scenario, this scanner will only find the PUP. However, if more dangerous threats are found, we suggest dealing with them first. The good news is that does not hide even if you install it packaged with other programs by accident. This PUP changes homepage, new tab, and default search provider settings, and you cannot overlook Removal screenshot
Scroll down for full removal instructions

If you install onto Google Chrome, you give this add-on the permission to “Read and change all your data on the websites you visit.” It is most likely that the add-on has the same privilege even if you install it on different browsers, and it’s just that you are not informed about it. In fact, this extension is quite intrusive. For one, it can spy on you using tracking cookies, and that is not something to ignore, considering that the search tool represented by the extension redirects to Yahoo Search where sponsored links could be added based on your personal browsing history. Sure, these links might be useful, but they could also be misleading and unreliable. Also, we cannot forget about the browser modifications that are initiated without any warning. As you know, is set as the homepage and new tab, and liveemail replaces the default search provider (only on Internet Explorer).

We suggest removing from your browsers without further delay. Even if this tool can convert your files to PDF, it is too suspicious to trust. We are sure that you do not agree with the unauthorized modifications and that you do not want suspicious tracking cookies to spy on you. If other threats are found, it is smart to employ anti-malware software, which can continue protecting your PC and browsers once it automatically erases all threats. If you choose the manual removal option (see instructions below), make sure that you do not skip any steps because that could lead to failure.


Google Chrome

  1. Simultaneously tap Win+R to launch RUN.
  2. In Registry Editor, navigate to HKCU\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings.
  3. Right-click and Delete the value called pegalnjegmbjjnbkgnpnfpnlipiipjak.
  4. Now, simultaneously tap Win+E to launch Explorer.
  5. Enter %LOCALAPPDATA%\Google\Chrome\User Data\ (if you’re on Windows XP, enter %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\) into bar at the top.
  6. Open the Default folder (or a {profile name} folder if multiple profiles exist).
  7. Delete the files names: Web Data, Secure Preferences, and Preferences.
  8. Open the Extensions folder.
  9. Right-click and Delete the folder called pegalnjegmbjjnbkgnpnfpnlipiipjak.
  10. Go back to Default folder and navigate to the IndexedDB folder.
  11. Right-click and Delete the file called http_www.convertmypdf.co_0.indexeddb.leveldb.
  12. Go back to Default folder and then open the Local Storage folder.
  13. Right-click and Delete these files:
    • chrome-extension_pegalnjegmbjjnbkgnpnfpnlipiipjak_0.localstorage
    • chrome-extension_pegalnjegmbjjnbkgnpnfpnlipiipjak_0.localstorage-journal
    • http_www.convertmypdf.co_0.localstorage
    • http_www.convertmypdf.co_0.localstorage-journal

Internet Explorer

  1. Simultaneously tap Win+R to launch RUN.
  2. In Registry Editor, navigate to HKCU\Software\Microsoft\Internet Explorer\DOMStorage\.
  3. Right-click and Delete the keys named and
  4. Navigate to HKCU\Software\Microsoft\Internet Explorer\SearchScopes\.
  5. Right-click and Delete the key named {7d010290-5675-47af-bd60-663ee8764410}.
  6. Navigate to HKCU\Software\Microsoft\Internet Explorer\Main.
  7. Double-click the value called Start Page to open it.
  8. Erase the URL of the hijacker, enter the URL of the preferred homepage, and click OK.
  9. Double-click the value called Tabs and then repeat step 8.
  10. Navigate to HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing.
  11. Double-click the value called Tabs and then repeat step 8.

Mozilla Firefox

  1. Simultaneously tap Win+E keys to launch Windows Explorer.
  2. Enter %APPDATA%\Mozilla\Firefox\Profiles\ into the bar at the top.
  3. Open the {unique profile name} folder.
  4. Right-click the file called prefs.js and choose to open it with Notepad.
  5. Find the hijacker’s URL, overwrite it, and save the file.
  6. Open the file called Search.json and repeat step 5.
  7. Now, open the searchplugins folder and then open the file called powersearch.json.
  8. Repeat step 5 to replace the hijacker’s URL.
  9. Go back to the {unique profile name} folder and then open the extensions folder.
  10. Right-click and Delete the file called @convertmypdf.xpi.

In non-techie terms:

There are a few different reasons to remove from your browsers, including the collection of data, the unauthorized browser modifications, and the suspicious redirecting. Even if you can convert your files to PDF for free – just like the add-on promises – are you willing to put yourself at risk just because of that? The instructions above show how to eliminate the add-on from different browsers, and if any of the steps are unclear for you, use the comments tool below to contact us. Of course, if you find other threats that you simply cannot eliminate manually, you should not waste your time any more. Instead, install a reliable anti-malware tool to help you take care of all security-related problems.