Malware/adware on Chrome? Extension found that I did not install

Question

morphemes Author

Level 1

0 points

Malware/adware on Chrome? Extension found that I did not install

Hi everyone,

Macbook Pro running Yosemite 10.10.5, retina, early 2013 model

Processor speed 3Ghz

8GB memory

Chrome 45.0.2454.85

Context: I did a format/erase and clean OS X install on my Macbook 1 day ago and only restored music/pictures from a Time Machine backup, not any of the profiles, settings or applications as I definitely had some sort of malware/trojan/adware (login on a social networking site from a country I have not set foot in) on it and it would've most likely been lurking in one of those folders (this I was recommended by someone else).

Anyway, I left my Macbook on overnight as I was downloading some podcasts from the iTunes store. When I woke up today to check my email etc, I noticed an extension installed in Chrome that I definitely did not install and something that was not on Chrome the night before when I was actually installing extensions - "Google Docs Offline". I know I didn't install it because I don't use Google Docs and as far as I know, there is no separate extension for for using Docs offline. When I clicked on details, it showed up in the Chrome web store, with about three million users and I think only four ratings. It said it was provided by "Google" (not google.com or any sort of variation like that), and, only realising after how suspicious it looks, its logo was the Google Drive logo. Before I did the reinstall, I had never seen such an extension in my list before anytime I used Chrome day in, day out.

Not thinking too much of it, I trashed it and didn't jot down any specific details (e.g. Chrome web store web link, or a screenshot of it). However, I tried searching for it in the web store by myself and I cannot find it. So now I'm worried that I have malware on my computer.

I haven't noticed anything obviously suspicious with my Chrome activity - I don't have redirects or pop ups and there were no other extensions in my extensions list that I didn't install myself. However, I did have a couple of ERR_CONNECTION CLOSED messages and other similar ones last night. However, this might be chalked up to the fact that my house had a new router installed.

I did some scans; neither Avast or MalwareBytes for Mac found anything.

Now I'm not entirely sure what to do!

MacBook Pro with Retina display, OS X Yosemite (10.10.5)

Posted on Sep 1, 2015 6:25 PM

Reply

Answer 1

Kappy

Level 10

361,741 points

Sep 1, 2015 6:31 PM in response to morphemes

Enjoy your computer.

Next time you have a problem topic, please provide s short and succinct description of it along with your question.

Reply

Answer 2

Linc Davis

Level 10

209,547 points

Sep 1, 2015 7:13 PM in response to morphemes

"Avast" is the worst of the whole wretched lot of commercial "security" products for the Mac. Not only does it fail to protect you from any real danger, it may send personal data (such as web browsing history and the contents of email messages) back to the developer without your knowledge, give false warnings, destabilize and slow down the computer, expose you to network attack, and corrupt the network settings and the permissions of files in your home folder. Removing it may not repair all the damage.

Some versions of the product also inject advertising into web pages. In short, apart from the fine print in the license agreement, Avast is indistinguishable from malware, and is arguably worse than any known malware now in circulation.

Back up all data, then remove Avast according to the developer's instructions. Restart. Never install any "anti-virus" or "anti-malware" software again.

If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and then follow the instructions linked above.

Reply

Answer 3

Sep 1, 2015 7:13 PM in response to morphemes

That extension plus other Google extensions are installed by default since Google makes the Chrome browser.

Reply

Answer 4

morphemes Author

Level 1

0 points

Sep 1, 2015 8:39 PM in response to TooDarkPark

Thanks for your response, TooDarkPark!

I do know that a couple of extensions come pre-installed in Chrome when you open it for the first time. I trashed those right away as I don't utilise any of them, and the extension I'm worried about was not in this original bundle when I opened Chrome for the first time after re-installing it fresh. It apparently appeared in my extensions list overnight, and as far as I'm aware, it was not in my extensions list when I was actively using Google Chrome the night before. Would it still be legit?

Reply

Answer 5

Sep 1, 2015 8:45 PM in response to morphemes

I think it's not a problem.

Earlier, I removed an adblocker in Chrome because I installed the wrong one. At the time, it was the only extension installed. When I checked again after reading your post here, I too now had those Google extensions that weren't there earlier.

Reply