Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Redirect hides browser extension

12 Oct 2013   #1
Brink
Microsoft MVP

64-bit Windows 10 build 10122
 
 
Redirect hides browser extension

Quote:
While analyzing a malicious Chrome browser extension we recently came across a Virtool that tries to redirect the Chrome Extension page.

We detect it as VirTool:JS/Redichrextor.A.

VirTool:JS/Redichrextor.A won’t let you view, change, remove or uninstall Chrome browser extensions. It does this by stopping you from viewing the Chrome Extension page.

It uses this technique so an affected user won’t be able to remove or uninstall the malicious extension without help from their antimalware software. This makes VirTool:JS/Redichrextor.A a useful piece of code for any malicious Chrome browser extension that wants to avoid manual detection or removal.

When an affected user does try to view the Chrome browser extension page they are redirected. We have seen it open a new tab, or go to the Chrome web store or Google.com:
•Chrome://newtab

•Chrome.google.com/webstore

Google
We have also seen similar behaviour used by the following known malicious Chrome browser extensions:
•Trojan:JS/Kilim

•Trojan:JS/Reksner
Once VirTool:JS/Redichrextor.A is detected and removed, you should be able to go to the Chrome extension page.

We recommend you then check and uninstall any suspicious browser extension that might be linked to VirTool:JS/Redichrex.A or other malware. We also recommend keeping your security products up-to-date to avoid infection.

While this new trick makes it harder to remove the Virtool manually, it is still easily detected and removed by Microsoft Security software.

SHA1s:

5a72d55f6b6c467565a2a53fe7ecb08beb996947
59131b62bb58bf80ab83e7f6522689ed38553cfb
0b516d26316c889a3468b92b4e376573567a822c

Jonathan San Jose

MMPC
Source: Redirect hides browser extension - Microsoft Malware Protection Center - Site Home - TechNet Blogs


My System SpecsSystem Spec
.

15 Oct 2013   #2
MellowSwank

Microsoft Windows 7 Professional 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Thanks for the information.
My System SpecsSystem Spec
Reply

 Redirect hides browser extension




Thread Tools





Similar help and support threads
Thread Forum
How can I permanently remove GoSaVeu browser extension?
How can I remove GoSaVeu web browser extension, for ever? I use Windows 7 Ultimate 64-bit and my main browser is Google Chrome (I still have Firefox and IExplorer installed). Every time I start Chrome Avast would report that it has blocked a threat and it will continue periodically reporting the...
System Security
Google undeletes RSS extension for Chrome browser
Read more at source: Google undeletes RSS extension for Chrome browser | Internet & Media - CNET News
News
Chrome Extension Idea - Extension Bar
I got a idea for a Chrome extension, but no where to request it. When you install extensions in Chrome it places all the extensions to the right side of the address bar. My idea is to have a extension bar below the bookmark bar that automatically hides it's self when the mouse isn't hovering...
Browsers & Mail
Win 7 hides jpeg files when tagged
This problem also started today on my system with 64 bit windows. The problem occurs when adding tags or other editing jpg file types in all the graphic programs i have on my machine. The problem only started today and has not been a problem in the last 3 years i have been using windows 7...
Music, Pictures & Video
What Hides the Wiring?
Anyone using this case? http://www.antec.com/Believe_it/product.php?Family=MzQy
PC Custom Builds and Overclocking
Microsoft hides mystery Firefox extension in toolbar update
More - Microsoft hides mystery Firefox extension in toolbar update
News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App