New updates are being added at the bottom of this story…….
Original story (published on May 31, 2022) follows:
Google Chrome is the most popular and widely used browser on the planet. According to Statcounter, Chrome had a browser share of somewhere around 65% in April of 2022.
Developed by Google, it uses the Blink engine and is the main component of the company’s Chrome OS. However, the browser is far from perfect with users reporting security exploits every now and then.
While it is still unclear how it is infecting machines, it could be related to the ChromeLoader malware that uses Powershell to inject itself into the browser.
According to Chrome users, the Properties extension malware is causing the browser to crash every few seconds and is creating a Chrome_pref file in the Windows local app data folder. Apart from this, the malware redirects search requests to Bing.
Many have tried deleting the Chrome_pref file in the local app data folder and removing the Properties extension causing the problem but the malware seems to be reinstalling itself regardless.
Some say security extensions like MalwareBytes and adblockers are also disabled by the virus. You can see in the image below what the Google Chrome Properties extension malware looks like.
So yesterday i randomly got a virus, i didnt click on any sus links or anything and upon researching this virus i found that a couple of people also got this virus in the past few days. The virus only affects my chrome browser that i know of and basically all it does is redirect my searches to Bing and also randomly restarts my chrome browser very often. This has made my chrome basically unusable. I found that the virus is a chrome extension called Properties and has a folder called “chrome_pref” in my appdata>local.
Thankfully, we came across a couple of workarounds that might help those infected by the Chrome Properties extension malware.
The first workaround requires users to download and install ProcessHacker, a software similar to Windows Task Manager.
After opening ProcessHacker, try force terminating the tree of Chrome tabs and relaunch the browser, remove the ‘Properties’ extension and delete the associated files from local app data folder.
I use an interesting bit of software called “Processhacker” which I am not promoting or suggesting you use (wink). Its essentially task manager on crack. If you have the properties malware thing active you’ll find a bunch of chrome tabs in a tree with both CMD and Powershell. Terminate the entire tree and relaunch chrome, the properties extension will be temporarily gone, From there open your Files
Go to C:\Users\[UserName]\AppData\Local
find a folder in their called “Bloom” Nuke that. there may be other folders in your appdata local called things like “Chrome_tools” Nuke em too.
Another user suggested deleting the Chrome_pref file and creating a text file and changing the file and extension to the same name.
While the second workaround will not completely remove the virus, it will stop the malware from reinstalling the extension for now.
We hope the aforementioned workarounds helped you remove the Chrome Properties extension malware or limit its severity.
As always, we will be updating this space as and when we come across more information so make sure you stay tuned to PiunikaWeb.
Update 1 (June 8)
04:39 pm (IST): There are some workarounds that might help you resolve this issue. You can check them below.
Can you try chrome://settings/reset and click on “restore settings” and let us know if it is still crashing. (Source)
Do a hard reset of your Google Chrome web browser. Follow the steps here below to uninstall Google Chrome:
1. Go to your software list, and uninstall Google Chrome from the list
2. Go to this location:
C:\Program Files (x86)\Google\
3. And delete that “Chrome” folder (for both location, if there is a Chrome folder)
4. Restart your computer
5. Install Google Chrome from www.google.com/chrome (Source)
– Go into task scheduler and find something that’s similar to “chrome conf.” Delete it.
This has worked for me so far.
– There also may be some files downloaded. Go into your files and find a folder called “chrome_conf” in C:\Users\[Username]\AppData\Local. Delete it. (Source)
Note: We have more such stories in our dedicated Google Section so be sure to follow them as well.
PiunikaWeb started as purely an investigative tech journalism website with main focus on ‘breaking’ or ‘exclusive’ news. In no time, our stories got picked up by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and many others. Want to know more about us? Head here.