Google Chrome Powershell randomly closing & restarting app (ChromeLoader) or Krestinaful redirect issues surface, workaround inside

In the last few weeks, some users of the Google Chrome browser have been facing issues related to a potential malware that causes annoying effects.

According to multiple reports, the ChromeLoader task is constantly opening and closing through the Google Chrome Powershell. This worries many as it looks like the effect of malware.

In addition to the above, Google Chrome users also report that there is a Krestinaful issue. In this case, all the affected user’s searches through Google are redirected to Krestinaful – bing (1, 2, 3, 4).

Google Chrome ChromeLoader constantly restarting through Powershell

One of the reported issues is that ‘ChromeLoader’ (a Google Chrome task) is constantly opening and closing through Powershell. It should be noted that users’ antivirus does not detect this as a virus/malware.

Program opens and closes itself instantly without my doing anything, could it be a virus and how would I remove it?

Recently I noticed that a program has been opening and closing itself almost instantly every 5-10 min, windows powershell sais that the task is called ChromeLoader but the task has no task path, my antivirus hasn’t picked up anything, and a normal google search only leads to 2 articles about ChromeLoader.exe, which does not exist on my computer.
Source

Also, when they try to find the ‘ChromeLoader.exe’ file that is causing the problem, it is not present on the system. So, it’s quite frustrating not being able to do anything to stop it.

Krestinaful malware Chrome issue? Try this workaround

In addition to the above, there is a ‘Krestinaful’ malware issue. Basically, once it gets installed on the system, all searches redirect to Krestinaful.com.

I downloaded something and suddenly whenever i search something on google it leads me to Krestinaful –> bing. How do I get rid of it?

Edit: I’ve solved the issue! If anyone else is having the same problem, go to settings on chrome then go to advanced and click reset & cleanup and press the first option. You may have to log in back to some sites but other than that it will be the same before the malware.
Source

Fortunately, for this issue, there is a workaround that reportedly helps to resolve it. Affected users should do the following:

Hey thanks. To remove the malware…

go to task scheduler in windows, delete the chromeloader task. Then go to %localappdata% and delete the chrome folder that contains 4 files called background.js, config.js, metadata, and icon or whatever it’s called.
Then close chrome and re-launch and you should be gravy

if you don’t delete the scheduled task it will re-download every 10 minutes.
Source

At the moment, there seems to be no official acknowledgment from Google about both reported issues. If any arise in the next few days, we will update this article to keep you informed.

PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.

Want to work for PiunikaWeb and enjoy best-in-industry compensation & benefits? You'll be glad to know we're hiring experienced candidates.

Jean Leon

A tech enthusiast since ever. I like to always be up to date on the latest news in the industry and write about it.