How To Remove Virus from Google Chrome For Free

How To Remove Virus from Google Chrome For Free

Main Steps

  1. Use Rkill to terminate malicious processes running on the computer.
  2. Check for and uninstall any unknown or suspicious programs from the computer via Windows Settings.
  3. Use the Windows Command Prompt as Administrator to remove malicious policies set by the malware.
  4. Manually search for and delete malicious scheduled tasks and folders located in the AppData\Roaming and AppData\Local directories. Also clean up malicious Chrome browser extensions and shortcut modifications.
  5. Reset your web browser settings to their defaults to remove spam notifications, malicious extensions, and revert any settings changed by the malware.
  6. Run a full system scan with Malwarebytes anti-malware to detect and remove any trojans, browser hijackers, and other malware on the computer.
  7. Perform an additional scan with HitmanPro to check for any rootkits and remaining malicious programs. Activate the free 30-day trial to enable clean up if needed.
  8. Use AdwCleaner to remove adware and reset malicious Chrome policies that may have been set by browser hijackers.
  9. Restart the computer when all the scans and removal steps are complete.
  10. Consider using a comprehensive real-time anti-malware tool like Malwarebytes Premium to proactively protect the system going forward. Also follow general online safety best practices.

In today’s digital age, our reliance on web browsers for accessing information, performing transactions, and staying connected is unparalleled. Google Chrome, being one of the most popular web browsers, is often a prime target for cyber threats, including viruses. Understanding how these infections occur, recognizing their symptoms, and knowing the risks and common types can help you protect your personal information and maintain a secure browsing environment. This comprehensive guide will delve into the intricacies of viruses on Chrome and provide actionable insights to safeguard your online presence.

How Infections Occur

Viruses can infiltrate Chrome in various ways, exploiting vulnerabilities in the browser or user behavior. Here are some common methods through which infections occur:

  1. Malicious Websites: Malicious websites often host scripts that can automatically download and install malware onto your system when you visit them. These sites might masquerade as legitimate websites to deceive users into clicking on harmful links.
  2. Phishing Scams: Phishing scams trick users into providing sensitive information by posing as reputable entities. Clicking on links in phishing emails or messages can lead to the installation of malware on your device.
  3. Drive-by Downloads: Drive-by downloads occur when you visit a compromised website, and malware is downloaded and installed without your knowledge. This can happen even without clicking on anything on the site.
  4. Infected Extensions: Browser extensions can enhance functionality but can also be a source of infections. Malicious extensions can access your browsing data and introduce viruses into your system.
  5. Software Bundling: Sometimes, downloading free software from the internet can come with additional programs, including malware. These bundled programs can infect your browser during installation.

Symptoms of a Virus on Chrome

Detecting a virus on Chrome can be challenging, but there are several telltale signs to watch out for:

  1. Slow Performance: A significant slowdown in browser performance can indicate a virus. Pages may take longer to load, and the browser might become unresponsive.
  2. Unexpected Pop-ups: Frequent and intrusive pop-up ads, especially on sites that usually don’t have them, are a common symptom of adware and other types of malware.
  3. New Toolbars and Extensions: If you notice new toolbars, extensions, or changes to your browser settings that you didn’t authorize, your browser might be infected.
  4. Redirects to Unwanted Sites: Being redirected to unfamiliar or suspicious websites when you click on links or search results is a strong indication of a browser hijacker or other malware.
  5. Unauthorized Changes: Changes to your homepage, default search engine, or other browser settings without your consent can signify a malware infection.

Risks of a Virus on Chrome

Viruses on Chrome pose several risks, ranging from minor annoyances to severe security threats:

  • Data Theft: Malware can capture sensitive information such as login credentials, credit card details, and personal data, leading to identity theft and financial loss.
  • System Damage: Some viruses can cause significant damage to your system, corrupting files, and interfering with the normal functioning of your device.
  • Privacy Invasion: Malware can track your browsing activities, compromising your privacy. This information can be sold to third parties or used for targeted advertising.
  • Financial Loss: Viruses can lead to financial loss by stealing payment information or causing you to fall victim to scams and fraudulent transactions.
  • Network Spread: Infected devices can spread malware to other devices on the same network, posing a risk to all connected systems.

Common Types of Chrome Viruses

Understanding the common types of viruses that can affect Chrome helps in identifying and mitigating these threats effectively:

  • Adware: Adware displays unwanted ads and pop-ups, often redirecting you to malicious websites. It can slow down your browser and compromise your online experience.
  • Browser Hijackers: Browser hijackers alter your browser settings, changing your homepage, search engine, and adding unwanted toolbars. They redirect you to malicious sites and can track your online activities.
  • Spyware: Spyware secretly monitors your activities, capturing sensitive information like keystrokes, login details, and browsing history. It compromises your privacy and security.
  • Ransomware: Ransomware encrypts your files and demands a ransom to unlock them. While less common on browsers, it can still be introduced through malicious sites or phishing scams.
  • Trojan Horses: Trojans disguise themselves as legitimate software but perform malicious activities in the background, such as opening backdoors for other malware to enter your system.

Preventing Infections

Prevention is the best defense against Chrome viruses. Here are some strategies to keep your browser and device safe:

  • Keep Software Updated: Regularly update your browser, operating system, and antivirus software to protect against known vulnerabilities.
  • Use Reliable Security Software: Install reputable antivirus and anti-malware software that provides real-time protection and regularly scans your system.
  • Be Cautious with Downloads: Download software only from trusted sources. Avoid downloading pirated software, as it often comes bundled with malware.
  • Avoid Clicking on Suspicious Links: Be wary of clicking on links in emails, messages, or websites that seem suspicious or come from unknown sources.
  • Manage Extensions: Install browser extensions from reputable sources. Regularly review and remove extensions you no longer use or recognize.
  • Enable Browser Security Settings: Enable security features in Chrome, such as safe browsing and pop-up blockers, to prevent malicious activities.
Table of Contents

    Step 1: Use Rkill to Terminate Malicious Processes

    Rkill is a powerful utility designed to terminate known malicious processes, enabling your anti-malware software to effectively detect and remove threats. By running Rkill before proceeding with the removal process, you can ensure that malicious processes do not interfere with the cleaning operation.

    A. Download Rkill

    1. Visit the official Rkill download page at https://www.bleepingcomputer.com/download/rkill/.
    2. Click on the “Download Now” button next to “iExplore.exe” to download the renamed version of Rkill. Using a renamed version helps avoid detection by malware that may attempt to block the utility.
    Download RKill from Bleeping Computers

    B. Run Rkill

    1. Locate the downloaded “iExplore.exe” file, typically found in your Downloads folder.
    2. Double-click on “iExplore.exe” to run Rkill. The utility will begin terminating known malicious processes.
    3. Wait for Rkill to complete its operation. The process may take several minutes, during which you may observe a black command prompt window rapidly opening and closing.
    4. Once Rkill has finished running, it will generate a log file named “rkill.log” in the same directory as the “iExplore.exe” file. This log file contains information about the terminated processes.

    After running Rkill, do not restart your computer. Proceed directly to the next step in the removal process to ensure that the malware does not have a chance to reactivate itself.

    Step 2: Uninstall malicious programs

    To remove any malicious programs associated with the virus, you need to access the Apps & Features section in the Windows Settings app and uninstall any suspicious applications.

    A. Access Apps & Features in Windows Settings

    1. Open the Windows Settings app by pressing the Windows key + I on your keyboard or by clicking on the Start menu and selecting the gear icon.
    2. In the Windows Settings app, click on “Apps” to access the Apps & Features section.

    B. Identify and uninstall suspicious programs

    1. In the Apps & Features section, sort the list of installed programs by clicking on the “Sort by” dropdown menu and selecting “Install date.” This will help you identify recently installed suspicious programs that may be associated with the Trojan.

    1. Carefully review the list of installed programs, looking for any unfamiliar or suspicious entries. Common red flags include:
      • Unusual or random program names
      • Programs with generic descriptions or no publisher information
      • Programs installed on dates coinciding with the suspected Trojan infection
    2. If you identify a suspicious program, click on it to expand the entry and reveal the “Uninstall” button.
    3. Click “Uninstall” and follow the on-screen prompts to remove the program from your system. Repeat this process for any other suspicious programs you find.

    If you are unsure about a program’s legitimacy, research its name online to determine whether it is a known malware or a legitimate application. When in doubt, it’s best to err on the side of caution and remove the program.

    After uninstalling all suspicious programs, proceed to the next step in the removal process.

    Step 3: Remove malicious browser policies using Command Prompt

    Malicious browser policies installed by the virus can persist even after uninstalling the malware. To remove these policies, you need to run a series of commands in the Command Prompt with administrative privileges.

    A. Open Command Prompt as Administrator

    1. Press the Windows key + R to open the Run dialog box.
    2. Type “cmd” into the Run dialog box and press Ctrl + Shift + Enter to open the Command Prompt with administrative privileges.
    3. If prompted by the User Account Control (UAC), click “Yes” to allow the Command Prompt to make changes to your device.

    B. Run commands to remove malicious policies

    1. In the Command Prompt window, type the following commands, pressing Enter after each line:
    RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
    RD /S /Q "%WinDir%\System32\GroupPolicy"
    gpupdate /force
    1. After executing the commands, you should see a confirmation message indicating that the Group Policy update was successful.

    Close the Command Prompt window and proceed to the next step in the removal process.

    Please note that modifying Group Policy settings can have unintended consequences if done incorrectly. If you are unsure about running these commands, consult with a professional or seek further guidance from a reputable source.

    Step 4: Remove malicious files and folders

    The virus may create malicious scheduled tasks and store harmful files in various locations on your system, such as the AppData\Roaming and AppData\Local folders. It may also modify Chrome shortcuts to execute malicious code. To remove these elements, follow the steps below.

    A. Delete malicious scheduled tasks

    1. Open the Task Scheduler by pressing the Windows key, typing “Task Scheduler,” and clicking on the app in the search results.

    1. In the Task Scheduler, navigate to the “Task Scheduler Library” section in the left pane.
    2. Review the list of scheduled tasks, looking for any suspicious entries, such as those with random names or pointing to unusual file locations.
    3. If you identify a malicious task, right-click on it and select “Delete” to remove it from your system.

    B. Delete malicious files in AppData\Roaming

    1. Press the Windows key + R to open the Run dialog box.
    2. Type “%AppData%” into the Run dialog box and press Enter to open the AppData\Roaming folder.

    1. In the AppData\Roaming folder, look for any suspicious files or folders, such as those with random names or recently created.
    2. If you find any malicious files or folders, right-click on them and select “Delete” to remove them from your system.

    C. Delete malicious files in AppData\Local

    1. Press the Windows key + R to open the Run dialog box.
    2. Type “%LocalAppData%” into the Run dialog box and press Enter to open the AppData\Local folder.

    1. In the AppData\Local folder, look for any suspicious files or folders, paying special attention to the Google\Chrome\User Data\Default\Extensions directory, where malicious extensions may be stored.
    2. If you find any malicious files or extensions, right-click on them and select “Delete” to remove them from your system.

    D. Remove Chrome shortcut modification

    1. Right-click on the Google Chrome shortcut on your desktop or in the Start menu and select “Properties.”

    1. In the Properties window, go to the “Shortcut” tab and examine the “Target” field.
    2. If you see any suspicious text appended to the target path, such as “–load-extension=…” followed by a random directory, delete this portion of the text, leaving only the path to the Chrome executable (e.g., “C:\Program Files\Google\Chrome\Application\chrome.exe”).

    1. Click “Apply” and then “OK” to save the changes to the Chrome shortcut.

    For Mozilla Firefox:

    1. Right-click on the Mozilla Firefox shortcut on your desktop or in the Start menu and select “Properties.”
    2. In the Properties window, go to the “Shortcut” tab and examine the “Target” field.
    3. If you see any suspicious text appended to the target path, such as “-safe-mode” or “-profile” followed by a random directory, delete this portion of the text, leaving only the path to the Firefox executable (e.g., “C:\Program Files\Mozilla Firefox\firefox.exe”).
    4. Click “Apply” and then “OK” to save the changes to the Firefox shortcut.

    For Microsoft Edge:

    1. Right-click on the Microsoft Edge shortcut on your desktop or in the Start menu and select “Properties.”
    2. In the Properties window, go to the “Shortcut” tab and examine the “Target” field.
    3. If you see any suspicious text appended to the target path, such as “–load-extension=…” followed by a random directory, delete this portion of the text, leaving only the path to the Edge executable (e.g., “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe”).
    4. Click “Apply” and then “OK” to save the changes to the Edge shortcut.

    After completing these steps for the respective browser, proceed to the next stage in the removal process.

    Step 5: Reset browser settings

    Malicious browser extensions and settings modifications associated with the virus can persist even after removing the malware. To ensure that your browser is clean and secure, it’s essential to reset its settings to their default values. The following instructions will guide you through resetting Google Chrome, but similar steps can be followed for other browsers like Mozilla Firefox, Microsoft Edge, or Internet Explorer.

    A. Reset Google Chrome settings

    1. Open Google Chrome and click on the three-dot menu icon in the upper-right corner of the window.
    2. From the dropdown menu, select “Settings.”

    1. In the Settings page scroll down and click on “Reset settings”
    2. Click on “Reset settings”

    1. In the confirmation dialog box, click “Reset settings” to confirm the action. Chrome will reset its settings to default values, removing any malicious extensions, themes, or startup pages.

    [Optional] Reset Chrome Sync If you suspect that your Chrome Sync data might be compromised, you can reset it by following these steps:

    1. Visit the Google Chrome Sync settings page: https://chrome.google.com/sync?
    2. Click on “Clear data” and confirm the action in the dialog box.

    Resetting your browser settings will remove all extensions, themes, and customizations, restoring the browser to its original state. While this process can be inconvenient, it is necessary to ensure that any remaining malicious elements are eliminated.

    B. Reset Mozilla Firefox settings

    1. Open Mozilla Firefox and click on the three-line menu icon (hamburger menu) in the upper-right corner of the window.
    2. From the dropdown menu, select “Help” and then “More troubleshooting information.”
    3. In the Troubleshooting Information page, click on “Refresh Firefox” under the “Give Firefox a tune-up” section.
    4. In the confirmation dialog box, click “Refresh Firefox” to confirm the action. Firefox will reset its settings to default values, removing any malicious extensions, themes, or startup pages.

    C. Reset Microsoft Edge settings

    1. Open Microsoft Edge and click on the three-dot menu icon in the upper-right corner of the window.
    2. From the dropdown menu, select “Settings.”
    3. In the Settings page, click on “Reset settings” under the “Reset settings” section.
    4. Click on “Restore settings to their default values.”
    5. In the confirmation dialog box, click “Reset” to confirm the action. Edge will reset its settings to default values, removing any malicious extensions, themes, or startup pages.

    D. Reset Internet Explorer settings

    1. Open Internet Explorer and click on the gear icon in the upper-right corner of the window.
    2. From the dropdown menu, select “Internet options.”
    3. In the Internet Options window, go to the “Advanced” tab.
    4. Click on “Reset” under the “Reset Internet Explorer settings” section.
    5. In the confirmation dialog box, check the “Delete personal settings” checkbox and click “Reset.”
    6. After the reset process is complete, click “Close” and restart Internet Explorer.

    Step 6: Scan with Malwarebytes

    To ensure that your system is free from the virus and any associated malware, it’s crucial to perform a comprehensive scan using a reliable anti-malware tool like Malwarebytes. This step will help detect and remove any remaining threats that may have been missed during the manual removal process.

    A. Download and install Malwarebytes

    1. Visit the official Malwarebytes website: https://www.malwarebytes.com/
    2. Click on the “Download” button for the free version of Malwarebytes.

    1. Once the installer is downloaded, double-click on the file to begin the installation process.
    2. Follow the on-screen instructions to complete the installation, accepting the license agreement and choosing the appropriate installation options.

    B. Run a scan with Malwarebytes

    1. Open Malwarebytes and click on the “Scanner” tab in the left-side menu.
    2. Select “Perform full scan” and click on the “Scan” button to initiate a comprehensive scan of your system.

    1. Wait for the scan to complete. This process may take some time, as Malwarebytes will thoroughly check your system for any malware or suspicious files.

    C. Quarantine detected threats

    1. Once the scan is finished, Malwarebytes will display a list of detected threats, if any.
    2. Review the list of threats and select all the items you want to quarantine.
    3. Click on the “Quarantine” button to move the selected threats to Malwarebytes’ quarantine, effectively neutralizing them.

    After quarantining the detected threats, restart your computer to ensure that all malicious processes are terminated and any remaining traces of the malware are removed.

    Proceed to the next step in the removal process to perform an additional scan using another anti-malware tool for added security.

    Step 7: Scan with HitmanPro

    To further ensure that your system is free from any remaining traces of the virus and other malware, it’s recommended to perform an additional scan using HitmanPro. This powerful anti-malware tool is designed to detect and remove stubborn threats that may have evaded other security software.

    A. Download and install HitmanPro

    1. Visit the official HitmanPro website: https://www.hitmanpro.com/
    2. Click on the “Download” button to download the HitmanPro installer.

    1. Once the installer is downloaded, double-click on the file to begin the scan process.

    B. Run a scan with HitmanPro

    1. Open HitmanPro and click on the “Next” button to initiate a system scan.

    1. Wait for the scan to complete. HitmanPro will thoroughly check your system for any remaining malware or suspicious files.

    C. Activate free license to remove threats

    1. Once the scan is finished, HitmanPro will display a list of detected threats, if any.
    2. To remove the detected threats, you need to activate the free 30-day trial license.
    3. Click on the “Activate free license” button and follow the on-screen instructions to activate the trial license.

    1. After activating the license, click on the “Next” button to remove the detected threats.

    HitmanPro will now remove any remaining malware from your system. Once the process is complete, restart your computer to ensure that all malicious processes are terminated.

    Proceed to the next step in the removal process for a final scan using AdwCleaner to remove any leftover adware or browser hijackers.

    Step 8: Use AdwCleaner to remove adware and browser policies

    The final step in the removal process is to use AdwCleaner, a powerful tool designed to scan for and remove adware, browser hijackers, and potentially unwanted programs (PUPs) that may be associated with the virus. AdwCleaner will also help reset any remaining malicious browser policies.

    A. Download and run AdwCleaner

    1. Visit the official AdwCleaner website: https://www.malwarebytes.com/adwcleaner/
    2. Click on the “Download Now” button to download the AdwCleaner installer.

    1. Once the installer is downloaded, double-click on the file to launch AdwCleaner.
    2. If prompted by User Account Control (UAC), click “Yes” to allow AdwCleaner to run with administrative privileges.
    3. Read the license agreement and click “I agree” to proceed.

    B. Enable Reset Chrome policies

    1. In the AdwCleaner main window, click on the “Settings” tab in the left-side menu.
    2. Under “Reset Chrome policies,” ensure that the option is enabled by checking the box next to it.

    C. Run a scan with AdwCleaner

    1. Return to the “Scanner” tab in the AdwCleaner main window.
    2. Click on the “Scan” button to initiate a system scan for adware, browser hijackers, and PUPs.

    1. Wait for the scan to complete. AdwCleaner will thoroughly check your system for any remaining threats.

    D. Quarantine detected threats

    1. Once the scan is finished, AdwCleaner will display a list of detected threats, if any.
    2. Review the list of threats and uncheck any items you wish to keep (this is not recommended unless you are certain the item is legitimate).
    3. Click on the “Quarantine” button to move the selected threats to AdwCleaner’s quarantine and reset any malicious browser policies.

    After quarantining the detected threats, AdwCleaner may prompt you to restart your computer. Save any open work and click “OK” to restart your system.

    Conclusion

    By completing all the steps in this comprehensive guide, your system should now be free from the virus and any associated malware, adware, or browser hijackers.

    To maintain a secure system, consider implementing the following best practices:

    1. Keep your operating system and installed software up to date with the latest security patches.
    2. Use a reputable antivirus and anti-malware tool, such as Malwarebytes Premium, and keep it updated.
    3. Be cautious when downloading and installing software, especially from untrusted sources.
    4. Regularly backup your important files to protect against data loss in case of future infections.

    FAQ

    1. Q: Will following this guide remove all instances of the virus from my system? A: Yes, by carefully following each step in this guide, you should be able to remove the virus and its associated components from your system. However, if you continue to experience issues or suspect that your system is still infected, it’s recommended to consult with a professional technician or seek further assistance from reputable online resources and forums.
    2. Q: Can I skip some of the steps in this guide? A: It’s strongly recommended to follow all the steps in the order presented to ensure that your system is thoroughly cleaned and all traces of the malware are removed. Skipping steps may lead to an incomplete removal and potential reinfection.
    3. Q: Do I need to purchase the full version of Malwarebytes or HitmanPro to remove the Trojan? A: No, the free versions of Malwarebytes and HitmanPro are sufficient for detecting and removing the virus. However, purchasing the full versions of these tools can provide additional features and real-time protection against future threats.
    4. Q: What should I do if I’m unsure about removing a detected threat? A: If you’re unsure whether a detected item is a legitimate file or a threat, it’s best to research the file name or consult with a professional technician before removing it. In most cases, it’s safer to remove the suspected threat, as leaving it on your system may lead to further issues.
    5. Q: How can I prevent future infections? A: To minimize the risk of future infections, practice safe browsing habits, avoid downloading software from untrusted sources, keep your system and software up to date, and use reputable antivirus and anti-malware tools. Regularly backing up your important files can also help protect against data loss in case of an infection.
    6. Q: What if I need further assistance with removing the Trojan or have other questions? A: If you need further assistance or have additional questions, consult with a professional technician or seek help from reputable online resources and forums, such as:
    Remember, dealing with malware can be challenging, and it’s always best to seek professional help if you’re unsure about any step in the removal process.

    Leave a Reply

    Your email address will not be published. Required fields are marked *