Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on Chrome? Extension there that I definitely did not install


  • Please log in to reply
4 replies to this topic

#1 realityparty

realityparty

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 01 September 2015 - 08:25 PM

Hi everyone,

 

Macbook Pro running Yosemite 10.10.5, retina, early 2013 model

Processor speed 3Ghz

8GB memory

Chrome 45.0.2454.85

 

Context: I did a format/erase and clean OS X install (via internet recovery) on my Macbook 1 day ago and only restored music/pictures from a Time Machine backup, not any of the profiles, settings or applications as I definitely had some sort of malware/trojan/adware (login on a social networking site from a country I have not set foot in) on it and it would've most likely been lurking in one of those folders (this I was recommended by someone else).

 

Anyway, I left my Macbook on overnight as I was downloading some podcasts from the iTunes store. When I woke up today to check my email etc, I noticed an extension installed in Chrome that I definitely did not install and something that was not on Chrome the night before when I was actually installing extensions - "Google Docs Offline". I know I didn't install it because I don't use Google Docs and as far as I know, there is no separate extension for for using Docs offline. When I clicked on details, it showed up in the Chrome web store, with about three million users and I think only four ratings. It said it was provided by "Google" (not google.com or any sort of variation like that), and, only realising after how suspicious it looks, its logo was the Google Drive logo. Before I did the reinstall, I had never seen such an extension in my list before anytime I used Chrome day in, day out.

 

Not thinking too much of it, I trashed it and didn't jot down any specific details (e.g. Chrome web store web link, or a screenshot of it). However, I tried searching for it in the web store by myself and I cannot find it. So now I'm worried that I have malware on my computer.

 

I haven't noticed anything obviously suspicious with my Chrome activity - I don't have redirects, pop ups or anything and there were no other extensions in my extensions list that I didn't install myself. However, I did have a couple of ERR_CONNECTION CLOSED messages and other similar ones last night.

 

Edit: I know that a couple of extensions come pre-installed in Chrome when you open it for the first time. I trashed those right away as I don't utilise any of them, and the extension I'm worried about was not in this original bundle when I opened Chrome for the first time. It appeared in my extensions list overnight. Would it still be legit in this case?

 

I did some scans; neither Avast or MalwareBytes for Mac found anything.

 

Now I'm not entirely sure what to do...


Edited by realityparty, 01 September 2015 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 dante12

dante12

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 02 September 2015 - 05:40 AM

I think you have activate synchronization in your Google Drive that's why you have this tool installed.

 

see here: https://support.google.com/docs/answer/2375012?hl=en



#3 realityparty

realityparty
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 02 September 2015 - 11:29 PM

I think you have activate synchronization in your Google Drive that's why you have this tool installed.

 

see here: https://support.google.com/docs/answer/2375012?hl=en

 

Hi dante12, thank you for responding.

 

I just checked my settings and and the option to sync so one can edit offline was not ticked.

 

Is there any other explanation for this?



#4 dante12

dante12

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 AM

Posted 04 September 2015 - 04:52 AM

I'm sure this is part of Google Chrome's default doc extension. What do you do to activate I cannot retrace yet. Are you not sure it is malware you can download EtreCheck, unpack it and scan your System. Post the Log here.



#5 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:37 PM

Posted 05 September 2015 - 09:15 PM

I think it is now part of chrome

 

When I installed it, it also installed google docs offline even though I have not set offline access up (I did, however, log into chrome)


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users