Greetings again random internet-surfing technology enthusiasts,<\/p>\n
Today, I’d like to tackle a puzzling issue that many techs encounter with regard to disinfecting Chrome and problematic extensions that manifest within it. \u00a0Of course,\u00a0anyone with any technical expertise is aware of the fact that browser extensions are currently one of the hottest attack vectors for unsuspecting users’\u00a0machines, but removing and keeping such extensions from reloading is another matter entirely. \u00a0Some of\u00a0examples of these include:<\/p>\n
Most techs use some degree of automatic scanning and removal tools, and that’s fine, provided they don’t rely on them exclusively (as it doesn’t work<\/em>… something I’ve covered countless times in the past). \u00a0However, even those who dabble in manual or assisted-manual disinfection procedures have probably found that Chrome is one of the most problematic items to permanently clean on a user’s PC. \u00a0This is ironic because Chrome also happens to be the browser I recommend to my clients for safety and speed currently (and it has been for quite some time). \u00a0Does that mean that we should\u00a0move on to a different browser choice instead?<\/p>\n Fortunately, nope. \u00a0There is indeed a pretty universal solution to this problem, and today I’ll reveal it to you. \u00a0For purposes of illustration, we’ll choose the third example extension I listed above for today’s explanation (WebProtector).<\/p>\n Each Chrome extension\u00a0is affiliated with a unique identifier to help users locate and install the extension from the Chrome Web Store. \u00a0WebProtector’s, for instance, happens to be\u00a0kfecnpmgnlnbmipaogfhoacoioifjgko<\/strong>. \u00a0The Web Store does indeed host this extension in spite of its fraudulence; and Google, for all their great work in producing a relatively safe browser in Chrome, have done a pretty terrible job of keeping the store cleaned of such filth. \u00a0The problem with WebProtector (and many of these other extensions) is that even after they’re cleaned from the computer and all other malware is removed, the users may find that they reload themselves regardless later on with little or no warning. \u00a0You might think that completely uninstalling Chrome, removing all directories on the system relating to Chrome, and cleaning\/resetting the user’s Chrome Data profile (as I described in another post recently) should logically solve the problem. \u00a0But it doesn’t. \u00a0The extension yet again reloads itself upon future reinstallations.<\/p>\n The answer to the puzzle is Policies in the Windows registry. \u00a0Chrome stores its policies in the following two keys:<\/p>\n Under these keys you will find a subkey called Extensions; it is from this key that Chrome is\u00a0instructed to load the infected extensions upon each reinstallation and subsequently thereafter at regular intervals. \u00a0Simply deleting these keys (provided the user is not reliant on any policies in Chrome for administrative purposes) will prevent the behavior. \u00a0At an elevated command prompt, try typing these commands:<\/p>\n REG DELETE “HKCU\\Software\\Policies\\Google” \/f Specifically, the autoinstall keys that are likely being used are:<\/p>\n HKLM\\SOFTWARE\\Policies\\Google\\Chrome\\ExtensionInstallForceList<\/p>\n HKCU\\SOFTWARE\\Policies\\Google\\Chrome\\ExtensionInstallForceList<\/p><\/blockquote>\n However I like to remove the entire Policies key on most machines as other suspect keys are also often used, such as whitelisting of bad extensions and even blacklisting of good ones.<\/p>\n It also goes without saying that the extension itself must first be removed for this to work. \u00a0That includes killing the keys relating to it in the following locations:<\/p>\n As well as the\u00a0associated files within the user’s Chrome User Data directory. \u00a0If you’re really just looking to clean sweep the entire program, you can follow my previous instructions to backup the user’s Bookmarks and other personal items and then simply wipe out all related keys and files after uninstalling Chrome. \u00a0This will finally solve the problem!<\/p>\n","protected":false},"excerpt":{"rendered":" Greetings again random internet-surfing technology enthusiasts, Today, I’d like to tackle a puzzling issue that many techs encounter with regard to disinfecting Chrome and problematic extensions that manifest within it. \u00a0Of course,\u00a0anyone with any technical expertise is aware of the … Continue reading \n
\n
\nREG DELETE “HKLM\\Software\\Policies\\Google” \/f<\/p><\/blockquote>\n\n
\n