Detect and remove malicious malware chrome extension that opens many tabs with ads

06
2014-04
  • Lex

    I observed throughout the day yesterday three episodes where my processor gets hijacked for a minute and the memory gets maxed out (12 gigs). The culprit was a seemingly infinite number of tabs being opened in one of the Google Chrome windows with ads: same advertisement in all tabs. I couldn't see the pages but by the tab title I could tell it was ads.

    I suspect that this is done by one of the 15-20 chrome extensions I have installed. Most of them are legit popular extensions but some are a little shadier. Is there a way to find the culprit in such a situation? More specifically:

    1. Can I figure out which extension was responsible for opening new tabs without any action from me?
    2. Is there a tool that checks my extensions for ones that are known to be malicious?
    3. Are there are possible culprits that can open tabs in a Google Chrome window outside of Google Chrome?

    Next time this happens I'll try to catch a screenshot, or at least jot down the name of the ad in the tab title.

    OS: Ubuntu Linux 12.10
Chrome: 25.0.1364.160
    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    virus - XP Antivirus Pro malware removal
  • Chris

    I had to remove this malware from a friends computer, and they've infected themselves again. It's been a while since I last removed it, so can't remember the name of the program that was successful at removing it, I think it was a ".com" program (yeah, strange!).

    Hopefully superuser can help, and then what works gets voted up instead of the piles and piles of junk commercial stuff that pops up in search results.


    • Related Answers
  • qwertyKid

    I use Malwarebytes booted into safe mode Sometimes you need to rename the .exe file, if the malware is "smart" I also have a cd-r burnt with all these malware scanners, so its read only :) This way no matter what, the malware can't delete it (though it CAN block it from running if it detects the name, so rename the .exe files)

    If they re-infected you may want to update their computer to SP3 if not already as well as any other updates.

  • Alfred

    You could also try HijackThis to remove all sorts of spyware. It is really powerfull, but also really dangerous to mess up your computer. You should first post logs so that experienced people can evaluate them.

    Using HijackThis

    To analyze your computer, start HijackThis and run a scan. See the Quick Start Guide [link to Quick Start, FAQs and Feedback] for help in running a scan. HijackThis will display a list of areas on your computer that might have been changed by spyware. Do not change any settings if you are unsure of what to do. There are many popular support forums on the web that provide free technical assistance by using HijackThis log files to diagnose an infected computer.

    Not an expert? Just save the HijackThis report and let a friend with more troubleshooting experience take a look. A large community of users participates in online forums, where experts help interpret HijackThis scan results to clean up infected computers.

    P.S: I also liked malware bytes to scan my computer when I was still using Windows. Luckily I made the switch to linux a long time ago and no more spyware :).

  • Sakamoto Kazuma

    I used this link's manual instructions to clean the registry when I got it on my laptop a while back. Had to boot in Safe mode (F8 on startup) to delete the files.