Remove ‘Chrome’ Extension Malware

‘Chrome’ is a browser hijacker and is also considered as a Potentially Unwanted Program (PUP). It penetrates into system without notice of computer users. The moment it entered the computer, it will begin to target main web browser by making unnecessary changes to settings. ‘Chrome’ extension can modify homepage, new tab page, and search engine and set to default using its own address Flighttabpro.com.

‘Chrome’ fake extension is risky

Unwanted application such as ‘Chrome’ can cause risks because it has the ability to track data from the browser like search history, visited URL’s, or even stored personal information stored. Moreover, ‘Chrome’ adware acts like any other browser hijacker that triggers intrusive advertisements and sudden redirection to other web pages while browsing. Accessing malicious sites caused by ‘Chrome’ can be risky for web users since it can collect data from its visitors that can be used for cybercrime purposes.

Intrusive ads originating from ‘Chrome’ fake extension can link internet users to other websites, which can be unreliable and malicious. While surfing on the internet, online users may encounter pop-ups. When clicked, it will redirect to other web pages having malicious or unexpected contents. ‘Chrome’ extension causes these instances to infected browsers as long as it is installed in a computer. Considering the removal of this threat will be the best option.

Screenshot of Chrome Rogue Extension

More about ‘Chrome’ extension malware

As mentioned earlier, ‘Chrome’ fake extension infiltrates the computer without being detected by users. Misbehavior of browser can be an indication that there is a browser hijacker running on the system. ‘Chrome’ can enter through computers by means of “bundling” where particular programs are offered together for installing and downloading. Some unwanted application does not really reveal their functions or descriptions upon installation. In addition, there are programs that offer optional or extra installs along with it. Possible that ‘Chrome’ operators use this method to spread their malicious software.

Thorough checking is important before proceeding into downloading or installing programs on the computer. Awareness is necessary to prevent exposure to malware and cyber attacks.

For Windows PC Users

'Chrome' Removal Procedure for PC

Below is a systematic instruction that is very useful in getting rid of the potentially unwanted program (PUP) from compromised computer. In order to totally eliminate the threat, it is vital to follow the process in exact manner.

Step 1 : Scan the PC with Combo Cleaner for Windows

Combo Cleaner is a trusted computer security and optimization tool equipped with a powerful virus and malware detection engine. This program can get rid of browser hijacker like 'Chrome' through this procedure.

1. Download the application from the following page:

2. Save the file to your preferred location.

3. Double-click the downloaded file CCSetup.exe and install with the default settings.

4. At the end of the setup process, click Finish to run Combo Cleaner.

5. The tool will update the database file; please wait for this process to complete.

6. To begin checking for threats like 'Chrome', click on the Start Scan button. Wait for this scan to finish.

Screenshot of Combo Cleaner PC

7. At the end of the scan process, click on Remove all threats to delete 'Chrome', including all harmful objects from the computer.

To fully optimize the features of antivirus and privacy scanners, users may have to upgrade to the premium version.

Please continue with the succeeding removal procedures if you are comfortable manually getting rid of the browser hijacker and malicious items linked to it.

Step 2 : Get Rid of 'Chrome' Extension from Google Chrome

The above procedures should have totally eliminated the browser hijacker. However, if you still find that there are still remnants of 'Chrome' on internet application, please proceed to manual removal of associated objects as outlined below.

1. Open Google Chrome browser.

2. Type or copy and paste the following in the address bar and press Enter on the keyboard.

chrome://extensions/

Screenshot of Chrome Extensions in PC

3. Find 'Chrome' or relevant entry and remove it from Google Chrome.

If you cannot remove 'Chrome' because "Your Browser is Managed by your Organization", do the following:

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, copy or take note of the malicious extension's ID code.

Screenshot of Chrome Developer Mode in PC

3. Open Windows or File Explorer and locate the following folder:

C:\Users\(Your Username)\AppData\Local\Google\Chrome\User Data\Default\Extensions

4. After opening the Folder, find the item that matches the Extension ID and delete it.

5. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete 'Chrome'.

Step 3 : Scan with AdwCleaner and Reset Chrome Policies

In addition to the procedure, we suggest scanning the computer with AdwCleaner tool. Possibly, there are some traces of 'Chrome' on the browser that were not deleted during the preceding steps. This tool will scan the computer and check for presence of malicious applications.

1. Follow the link below to download the tool called AdwCleaner.

2. When the download has completed, please close all running programs on the computer, especially browsers affected by 'Chrome'.

3. Browse the location of the downloaded file and double-click on adwcleaner.exe to start running the tool.

4. If Windows displays a prompt saying, "Do you want to allow this app to make changes to your device?" click Yes to proceed.

5. On the AdwCleaner dashboard, click on Settings.

Screenshot of AdwCleaner Policies

6. While in the Settings window, please turn On the Reset Chrome Policies and Reset IE Policies.

Screenshot of AdwCleaner Scanner

7. Go back to the Dashboard and click the Scan Now button.

8. AdwCleaner searches the computer for malicious programs, extensions, plug-ins, adware, and any items that may be associated with 'Chrome'.

9. Clean or Remove all suspicious and harmful items identified after the thorough scan.

10. AdwCleaner will then prompt an option to run another repair, which will reset Winsock and other settings. Please click the Run Basic Repair button.

Screenshot of Basic Repair

11. A message will appear stating that "All processes will be closed..." Please click Continue.

Image of Basic Repair Message

12. After the cleanup procedure, rebooting the computer is required to finalize the removal of 'Chrome' as well as other detected threats.

Step 4 : Scan the computer with Sophos Home Antivirus

To remove 'Chrome' automatically, scanning the computer with this powerful antivirus tool is recommended. This scanner does not just uncover known threats like viruses or malware, it is also effective in discovering browser hijacker like 'Chrome' that slows down online browsing activities.

1. Please click on the link below to download the program.

2. After downloading, locate the file SophosInstall.exe in the Downloads folder.

3. Install by double-clicking on the file.

4. If it prompts "Do you want to allow this app to make changes on your device?" please click Yes.

5. Next, it will display the Terms and Conditions page. Click the Install button to begin.

Screenshot of Terms by Sophos Home

6. Run the installation with the default settings. Please note that an internet connection is required in order to download important updates.

7. After finishing the installation, you must login to the dashboard. If you already have a Sophos account, please login. Otherwise, please enter your details and click on the Create Account button.

8. Once you are in the Sophos Home console, click the Scan button to start checking the computer for 'Chrome' components.

Screenshot of Sophos Home

9. Scanning may take a while; please wait for this process to finish.

10. After scanning the computer, Sophos Home will start cleaning or deleting files infected with 'Chrome'.

11. You may now close Sophos Home. The computer is now free from 'Chrome', as well as associated malware and viruses.

For Mac OS Users

Procedures to Remove 'Chrome' from Mac

This section contains comprehensive guide for Mac users. It will help you remove malicious browser hijacker from Google Chrome browser. Procedures on this page are written in a manner that can be easily understand and execute by Mac users.

Step 1 : Scan the Mac Computer with Combo Cleaner

Combo Cleaner is a trusted Mac utility application with complete antivirus and optimization features. It is useful in dealing with adware, malware, and PUP's. Moreover, it can get rid of malicious browser hijacker like 'Chrome'.

1. Download the tool from the following page:

2. Double-click the downloaded file, combocleaner.dmg and proceed with the installation.

3. The installation window will open. Please double-click or drag the Combo Cleaner icon to the Applications folder.

Screenshot of Installer

4. Proceed with the installation. When it displays the Software License Agreement, please click Continue, and then click on Agree in the confirmation window. Continue with the default installation.

5. The program should run automatically after installation. If not, open your Launchpad and click on the Combo Cleaner icon.

6. Wait until antivirus downloads its latest virus definition updates and click on "Start Combo Scan" to start removing 'Chrome' and other issues on the Mac computer.

Screenshot of Dashboard

7. After the virus and disk scan processes, the tool will display the results. Click on Remove Selected to start cleaning the computer.

To fully optimize the features of antivirus and privacy scanners, users may have to upgrade to the premium version.

Please continue with the succeeding removal procedures if you are comfortable manually getting rid of the browser hijacker and malicious items linked to it.

Step 2 : Delete Suspicious Google Chrome Extension on Mac

Most adware and unwanted programs use a program called a browser extension to take over the settings of internet applications. Therefore, we highly recommend checking and removing the extension that is closely related to 'Chrome'.

1. Open the Google Chrome browser.

2. Type or copy and paste the following in the address bar. Next, press Enter on the keyboard:

chrome://extensions

Screenshot of Chrome Address Bar

3. Find 'Chrome' or a relevant entry and remove it from Google Chrome.

If unable to remove 'Chrome' because browser is "Managed by your Organization", follow these steps:

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, copy or take note of the browser Extension ID.

Screenshot of Malware Extension

3. Open Finder on your Mac and on top menu, click Go > Go to Folder and go the following directory:

~/Library/Application Support/Google/Chrome/Default/Extensions

Screenshot of Finder

4. Once you opened the directory, find the folder that matches the Extension ID and delete it.

5. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete 'Chrome'.

Step 3 : Delete 'Chrome' from Mac Applications

1. Go to Finder.

2. On the menu, click Go and then, select Applications from the list to open Applications Folder.

3. Find 'Chrome' or any unwanted program.

Screenshot of Deleting App

4. Drag 'Chrome' to Trash Bin to delete the application from Mac.

5. Next, go to the Dock, right-click on the Trash icon, and click on Empty Trash.

Step 4 : Delete Malicious Files that have installed 'Chrome'

1. Go to your Finder. From the menu bar, please select Go > Go to Folder.

2. Input the following string and press Enter on the keyboard.

~/Library/LaunchAgents

Screenshot of Go To Folder

3. You will now see a hidden folder named LaunchAgents. Take note of the following files inside the folder:

  • com.'Chrome'.plist
  • unknown.service.plist
  • unknown.system.plist
  • unknown.download.plist
  • unknown.update.plist

4. The term unknown is just a representation of the actual malware name. Attackers may use the following file names:

- Chrome App, (random characters).plist

If you cannot find the specified file, please look for any unfamiliar or suspicious entries. It may be the one causing 'Chrome' to be present on your Mac. Arranging all items to see the latest ones may also help you identify recently installed unfamiliar files.

5. Please click on "Show items as..."

Screenshot of LaunhAgents Folder

6. To arrange the items in chronological order, click Date Modified.

7. Drag all suspicious files that you may find to Trash.

Important: Take note of all the suspicious files, as you may also delete the same item in another folder as we go on.

8. Please restart the Mac computer.

9. Open another folder using the same method as above. Copy and paste the following string to easily locate the folder:

~/Library/Application Support

Screenshot of Go to Folder

10. Select any suspicious items that you have noted previously. Drag them to the Trash.

11. Repeat the process in the following non-hidden folders (without ~):

/Library/LaunchAgents
/Library/LaunchDaemons
/Library/Application Support

12. Lastly, go to your Finder > Go and open the Applications folder. Look for subfolders with the following names and drag them to Trash.

- Chrome App, (random characters).plist

Optional : For locked files that cannot be removed, do the following:

1. Go to Launchpad > Other folder, open the Activity Monitor.

2. Select the process you want to quit.

3. In the upper part of the window, click the Stop button.

Screenshot of Force Quit

4. Click on Force Quit button.

5. You may now delete or remove the locked file that belongs to 'Chrome' homepage hijacker.

Step 5 : Double-check with Malwarebytes for Mac

Use Malwarebytes for Mac to do another scan to make sure the machine is already clear of viruses, malware, and adware. This efficient anti-malware application allows you to detect things that other security software was unable to recognize.

1. Download Malwarebytes for Mac from the link below.

2. Locate the downloaded Malwarebytes-Mac.pkg and install it with the default settings.

3. Run Malwarebytes for Mac. It will check for updates and download the most recent version if one is available. This is necessary for finding recent malware threats, including 'Chrome'.

4. Once you are on the Malwarebytes dashboard, please click on the Scan button to start scanning your Mac computer.

Screenshot of Malwarebytes Dashboard

5. After the scan, Malwarebytes for Mac will display a list of identified threats, and 'Chrome' is surely part of it. Be sure to select all items in the list. Then, click the Remove button to clean the computer.

If Needed: Fix the Homepage and Search of Google Chrome

1. Open the Google Chrome browser. Type or copy and paste the following on the address bar. Then, press Enter on the keyboard:

chrome://settings

Screenshot of Chrome Settings Page

2. Go to the left sidebar and click On Startup.

3. Select "Open a specific page or set of pages" in the right panel.

Chrome On Startup Screenshot

4. Locate the unwanted Homepage URL, click on More Actions icon (3-dot), and select Remove or Edit.

5. If you choose Edit, enter the desired web address as your home page, replacing 'Chrome'. Click Save.

6. To set the default search engine, go to the left sidebar, and this time, select Search Engine.

Screenshot of Search Settings

7. Click on the Manage search engines and site search button in the right panel.

8. Find the unwanted Search Engine in the list. Click on More Actions icon, and then click Delete.

9. Go back to the left side bar and click Search Engine.

Default Search Engine Screenshot

10. In the right panel, choose a valid entry from the "Search engine used in the address bar."

You can now restart the Google Chrome browser to see if the unwanted homepage and search engine related to 'Chrome' are gone.

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *