/chrome/community?hl=en
/chrome/community?hl=en
2/19/15
Original Poster
Arthur Michaelsen

Redirection malware on Chrome browser even after multiple removal tools used.

Unsure which version of Chrome you are using? Type chrome://version into your omnibox (where the URL is) and your Chrome version number will be listed on the first line.  

Have you checked our known issues page? If your issue is not there, please provide a detailed description here: 


Unsure which version of Chrome you are using? Type chrome://version into your omnibox (where the URL is) and your Chrome version number will be listed on the first line.  

Have you checked our known issues page? If your issue is not there, please provide a detailed description here: An issue I recently posted still persists...multiple tabs behind Chrome Search page that appear each time new search is started...someone called it "redirection" malware...also when on a web page on Chrome and trying to go to a second page, get re-directed to some ad I don't want or intend.   Have tried The Chrome Software fix, also multiple tools suggested by Malwarebytes.com  ....including AdwCleaner, Malwarebytes Anti-Malware, HitmanPro, Emsisoft...plus reset Chrome Browser to original default, (as well as Internet Explorer, and Mozilla Firefox)  ...got rid of a lot of uwanted stuff, but the redirect malware still persists when I open a fresh Chrome search page...can someone suggest further solutions to get rid of this problem?
Thanks,   Arthur
Community content may not be verified or up-to-date. Learn more.
All Replies (11)
Google user
2/19/15
Google user
Is your device infected by some kind of Potentially Unwanted Programs (PUP)? 
If so, here's some suggestions:

Basic Tips:
Suspicious Files:
Example Threads:
Google user
2/19/15
Google user
I know you've tried some of the above, but I'm just making sure. 
Gerard Olack
2/19/15
Gerard Olack
I started having these issues after installing the Silverlight extension on Windows 7 (32-bit, for controlling instruments).  Needed to get the university's mail server (outlook) to work correctly with chrome (uses silverlight to attach files--though not needed for Firefox or apparently older versions of Chrome).  Saw it happening even with Malwarebytes and Symantec running.  Immediately scanned system, and both reported everything OK.  Chrome fix it tool didn't help.  I've since uninstalled Silverlight--and am waiting to see if problem comes back.  I did see any weird process when monitoring them with task manager--for all intents and purposes, it appears to be "Chrome".  

This issue, and apparent variations, has been reported a number of times, e.g. late 2014.  In my case, I disabled Silverlight in Chrome, yet still had problems.  So I went thru control panel and uninstalled it.  I saw someone reported this happening when they installed some other extension (a video player???).  

Of course, even if the immediate issue is fixed, the malware is still somewhere on the system....
Google user
2/19/15
Google user
Gerard,
Can you see my post above? 
Gerard Olack
2/22/15
Gerard Olack
Yes, I saw.

But anti-virus and anti-malware programs do not pick anything up.
You can not always close Chrome--"confirm navigation" pop up halts everything--and no, I wouldn't click on that.  So you have to force it closed via Task Manager.  That's what people need to be told.
I've monitored processes via Task Manager--and as far as Windows is concerned, it's Chrome.
Once the problem exists, you have to uninstall Silverlight, not just disable it,--so Chrome will not fully work with Outlook mail server web app.
This is a major vulnerability in Chrome.  At least when flash crashes Chrome, and it does it a lot, it just affects that tab, or window , or at most, just Chrome.

Switching to Firefox because Chrome can not do the job.

This vulnerability has been reported a number of times--yet I only see boilerplate responses, which really don't help.  Being able to work safely with the Outlook mail web app is one of the minimal things a browser has to be able to do.  I may not like Outlook, but I have to use it--and thus need a browser that works with it.
Gerard Olack
2/24/15
Gerard Olack
I loaded Silverlight back onto a system to get screen shots to send to Google.  Here's one showing the "confirm navigation" pop up when I tried to close Chrome.  The tabs shown in this image--all opened on their own--about fourteen overnight.  This time nothing had shown up for hours, hence the overnight wait.  Other times, problem showed up within an hour or so.  Same thing with three other systems--problems with Chrome as soon as Silverlight loaded (Win7, 32bit).  Removed Silverlight and switching over to Firefox.  Note, Google Play won't let people comment on extensions unless they are loaded on their system--and I'm not going to do that again--so I can't comment there.  Other people have commented that Silverlight is spam--I'm guessing this is what they mean.  
Google user
2/25/15
Google user
Gerard,

So, here's two possibilities for you to do to get rid of the malware:

  1. Take your PC to any local computer fix it store/shop, for cleaning. Of course, there will be a fee.
  2. You can do a fresh OS reinstall that guarantees a virus wipe. 
ewaker
2/25/15
ewaker
Maybe you can try Adwcleaner and malwarebytes. They helped me but I am not quite sure about your case. Uhm, give it a shot though. You can also change some settings to reset the browsers like some removal post says.
Error123
2/25/15
Error123
Check your extensions. Make sure there is nothing weird on there.
    Reinstall Chrome
    Check installed software in your PC. Make sure no software was installed without your permission. If there is some, remove it.

Or, download a security program to automatically solve this problem.

Kwan Minn
3/16/15
Kwan Minn
Hi, Arthur Michaelsen

Wellcome to the Chrome Help forum, I would be happy to help.

It sounds that your computer was suffering from redirect virus attack. To solve your problem, you can follow the removal steps below:

1、Download and Install SpyHunter 4 on your computer to scan the whole computer system, and then remove the potential virus automatically and safely.
2、Restore your Google Chrome
1)Open Google chrome, click on the 3-bar icon in the upper right corner and select Settings option. Click on Extensions on the left panel, find out and select all unwanted extensions, and then click the “trash” icon to delete them.

2)You can change the home page, click on the Wrench or 3 bars icon and go to Settings. Click “Set pages” under the On startup section. Remove the unwanted URL and type your preferred URL.

3)If you want to reset the browser search engine, click on the Wrench or 3 bar icon in the top right corner and go to Settings. Click on “Manage search engines…”. In the next pop up window, find out wanted program link and click the X next to it. Select your favorite search engine and make it the default one and click Done.

Hope the above removal steps can help to you.
hannodb
4/7/15
hannodb
I'm fighting a battle against Malware as well. 

On Saterday, my Chrome started redirecting again. This time, however, there are no new extentions. No new application installed, no malicious looking process. 

I went to the source folder for Chrome, and found many files that had the  add/alter date of Saterday. I also noticed there is a "Chrome.exe" and a "Chrome-old.exe". 

I opened IE, and went to the same site that game me lots of redirects in chrome. I found that the problem only existed in Chrome.

My conclusion was that, somehow, a counterfit version of Chrome itself was installed on my machine. The problem was not an extention to the browser, but the browser itself. Surely it could be possible for the malware designers to backward engineer chrome using reflection, and then write their own version of it? 

I uninstalled Chrome, including all browsing history, and then downloaded and installed it again. For now, the problem is resolved. However, I'm not 100% confident that it won't return. Time will tell.
Were these replies helpful?
How can we improve them?
 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Expert - Google Employee — Googler guides and community managers
 
Expert - Community Specialist — Google partners who share their expertise
 
Expert - Gold — Trusted members who are knowledgeable and active contributors
 
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
 
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
 
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.