Original Poster

Fake Urgent Chrome Update

I was reading an article from a link on Facebook and suddenly got a big window labelled "Urgent Chrome Update". There was a "chrome-update.bat" file downloaded. I immediately shut down my computer, restarted it and did a malware scan, found nothing, but a Google search found that the file will install malware that encrypts all the data on your computer. So BEWARE if this happens to you.

Here is what the fake warning window looks like.

Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (230)
Expert - Top Contributor (Alumni)
Hennie Rozengarden
Hello k8oms,

Thank you for the warning. 

Greetings Hennie
Kenyon Freeburg
Kenyon Freeburg
I just got it this morning while browsing amazon

Paul Suchko
Paul Suchko
It created a script and downloads a file from https://wegoobackonpointe.org/17/528.dat and then runs it.  Looks like the domain is down now.

I think I got it from Facebook.. I was not on Amazon today.

I got the same thing - the window that opened without warning was https://eeteeinsightsoft.org/1171650884382/feaefa777b44afb7bf91c686644e5d1f.html.  I also noticed a chrome_update.bat had downloaded without my hitting the "download now" button though I did not run it (note the download bottom left).
I got this same thing this morning when I launched chrome. A bat file was downloaded. I deleted it. Is there anything else I need to do?
224 MORE
Here's another idea: The next time someone gets one of these Chrome malware pop-up pages, click into the URL field (ie. Address field) at the top of the browser, and then press Shift+Escape. That should bring up the Chrome Task Manager.  You should have:

1. one process for a basic chrome called "Browser", 
2. a GPU process for Chrome's graphics acceleration, 
3. additional processes for each tab open, and then 
4. additional processes for each extension and/or apps that you've installed. 

If you see any processes that you don't recognize, note the PID. Next open "Windows Task Manager | Details tab | sort by PID". That PID should be for chrome.exe, with your user name, and description of Google Chrome. A right click on chrome.exe and then "Properties | Digital signatures tab | Details | View Certificate" should show the exe has Google Inc for the Digital Signature. The cert I have for a Chrome process shows: 

In the interim, I ran a full (paid version) anti-virus scan (took over an hour on an SSD, so be patient) and that was 100% clean. I also installed a new (paid version) anti-malware software and ran a full scan with that and it came up 100% clean. Perhaps if I hit whatever is triggering these fake Chrome update tabs, the new anti-malware software and a look at the chrome cert for the appropriate tab's PID can shed some light.

Humm . . .
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.


Some community members might have badges that indicate their identity or level of participation in a community.

Expert - Google Employee — Googler guides and community managers
Expert - Community Specialist — Google partners who share their expertise
Expert - Gold — Trusted members who are knowledgeable and active contributors
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.


Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.