Getting redirects, toolbars, coupon sites and just plain weird Google search results?
You likely have a malicious Google extension. This guide will show you how to prevent them from being installed and remove them if you have them.
Note that this article is pretty technical and really only applies if you currently have an extension you don't want installed in your Google Chrome browser. If that doesn't sound like you, there are plenty more interesting articles to read at: https://www.intelligonetworks.com/blog
A note on Preventing unwanted Extension installation
To prevent accidental adware installation, when choosing to install freeware downloads, have users follow these simple rules:
- During installation of software to choose the type of installation and make sure to un-check unwanted software.
- In the install windows make sure to watch for check-boxes and tricky language around extra software being installed.
- As a best practice, denying software installation on Windows without Administrator credentials will also keep these from installing in most cases.
If you end up with unwanted software attached to your Chrome browser, don't sweat - you can still get rid of it yourself using this guide:
Removal Guide on Google Chrome Extension
- Go to the right top corner of Chrome screen, click bar icon and choose Tools and then Extensions.
You also need to check your browser extensions, if you keep having unwanted entries on your Google Chrome extensions list, then repeat the removal instructions.
First Step: ID the unwanted extension. Later in the removal step, you’ll need this information so you can be able to identify the ID of an extension.
- On the top right of the Google Chrome, click the bars icon.
- Choose Tools and then click on Extensions.
- Choose Developer Mode.
To Delete the Chrome extension, you need to close Google Chrome.
Second Step: When done closing the Google Chrome, remove the registry of the extension.
- Go and click the Start then in the opened window type “regedit” and click the Run button.
- Go and click the Windows Logo (Start button).
- When you are in the field of Search Programs and Files, enter “regedit” and hit the enter key.
In the widow of the Register Editor, click the Edit and choose Find..
From the opened window, you need to paste the ID of the Chrome extension you want to remove, then click Find Next button.
You can delete the registry key that matches the data value of the extensions ID, just right-click the registry key and select Delete.
Click the Yes button to remove the registry entry.
Third Step: Removal of associative files
- You need to open My Computer and direct the path drive to “C:\Users\YOUR USER NAME\AppData\Local\Google\Chrome\User Data\Default\Extensions”.
- Delete the directory with the same ID of the Chrome Extension.
- Access the AppData directory by entering “%USERPROFILE%” (for Windows XP) or %localappdata%(or Windows 7 and Windows 8), then Run the dialog box.
- Direct the path drive to the folder of C:\Windows\System32\GroupPolicy\Machine (or C:\Windows\System32\GroupPolicy\User) and then remove the file name called Registry.pol
- Now, open the Google Chrome and check again the extension list to see if it's empty.
If you're an ActZero MDR customer don't sweat it, we do all the removal for you with our EDR sensor and send you notifications when complete. To find out more simply request a demo.
Related Content: Check out our other Threat Intelligence posts: