| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 139295 | 2015-04-08 05:46:00 | Removing malware-added command line parameters from Chrome | Agent_24 (57) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1398237 | 2015-04-08 05:46:00 | I have been cleaning up a machine with a bunch of browser hijacks\adware etc, all done except that Chrome is being loaded with some extra commands for malware files that no longer exist. From chrome://flags these are: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\ app\37.1329.7.14" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\ man" --flag-switches-begin --flag-switches-end I have checked all Chrome shortcuts but do not find these additions anywhere. Where is it likely that these have been added? I do not normally use Chrome.... |
Agent_24 (57) | ||
| 1398238 | 2015-04-08 08:50:00 | I think it's a invisible extension targeted from the Chrome shortcut. Right Click Crome Icon... go to shortcut....properties. In Start In: text should be "C:\Program Files\Google\Chrome\Application". Maybe it is not ...so try changing it. - Might also show in chrome://version/ in chrome url. Check the executable/command path: should be Executable Path: C:\Program Files\Google\Chrome\Application\chrome.exe (for executable) |
kahawai chaser (3545) | ||
| 1398239 | 2015-04-09 23:35:00 | The path is correct - aside from being in 'Program Files (x86)' since it's a 64-Bit Win7 Pro. The executable path in chrome://version is also correct I tried renaming the Default profile folder, a new profile did not make a difference. |
Agent_24 (57) | ||
| 1398240 | 2015-04-10 03:39:00 | Still don't know where it came from, but I removed Chrome with Revo Uninstaller and reinstalled, problem is gone. | Agent_24 (57) | ||
| 1398241 | 2015-04-10 08:50:00 | Just deviating slightly, but still on the Chrome topic. Why is it, the entries under the Chrome tab in the start up area of ccleaner, can't be disabled or deleted? |
Driftwood (5551) | ||
| 1398242 | 2015-04-10 10:15:00 | Still don't know where it came from, but I removed Chrome with Revo Uninstaller and reinstalled, problem is gone. Might be worth evaluating any log files generated. To find executable processes (dll injections, threads, Stacks, etc) then sysinternals (technet.microsoft.com) (MS site) process explorer should be able to find them and they can be stopped. Case studies here (technet.microsoft.com) from developer. Example here (www.howtogeek.com) (How to Geek). But requires involves sleuthing about and knowing valid windows processes. Though colour coded in Process Explorer. |
kahawai chaser (3545) | ||
| 1398243 | 2015-04-10 10:17:00 | Just deviating slightly, but still on the Chrome topic. Why is it, the entries under the Chrome tab in the start up area of ccleaner, can't be disabled or deleted? Worked on my PC, i.e. greyed out for Chrome. |
kahawai chaser (3545) | ||
| 1398244 | 2015-04-20 03:51:00 | Might be worth evaluating any log files generated. To find executable processes (dll injections, threads, Stacks, etc) then sysinternals (technet.microsoft.com) (MS site) process explorer should be able to find them and they can be stopped. Case studies here (technet.microsoft.com) from developer. Example here (www.howtogeek.com) (How to Geek). But requires involves sleuthing about and knowing valid windows processes. Though colour coded in Process Explorer. As far as I could see there was no longer any active malware, otherwise I'm sure it would have been right back after I reinstalled Chrome anyway. Will find out if it [the machine] comes back I guess! Good articles there, though. |
Agent_24 (57) | ||
| 1 | |||||