- Feb 14, 2004
- 48,672
- 5,430
- 136
Worked on a computer last week that got a spyware bomb. One of those items was a Chrome extension called something like "Savings Wizard" and was unremovable (grayed out) because it was "Installed by enterprise policy". I ran the usual antivirus, antimalware, add/remove programs, etc. and even went as far as uninstalling Chrome & rebooting, but it still persisted. I started pulling my hair out - deleting registry keys, looking for hidden files, etc.
I finally found it by enabling Developer Mode in the extensions, finding the ID (a long string of random characters), and then deleting that entry from the HOSTS file. It had an IP address to a master server, along with the extension's ID, and was auto-loading it from the Internet. VERY sneaky. So if you ever run into a Chome spyware plugin that can't be removed through normal channels, check the HOSTS file to see if there's an entry with the Developer ID & IP for it.
I finally found it by enabling Developer Mode in the extensions, finding the ID (a long string of random characters), and then deleting that entry from the HOSTS file. It had an IP address to a master server, along with the extension's ID, and was auto-loading it from the Internet. VERY sneaky. So if you ever run into a Chome spyware plugin that can't be removed through normal channels, check the HOSTS file to see if there's an entry with the Developer ID & IP for it.
Last edited: