How to Remove Chromium Malware
By Timothy Tibbetts |
While Chromium is legitimate and the source code used in Google Chrome and Microsoft Edge, malware writers have taken advantage of this Open Source code to create malicious versions of Chromium. In this guide, we discuss how to identify and remove Chromium malware.
Of course, to get the Chromium malware you'd have to download it somehow, usually as a Potentially Unwanted Program (PUP) or through email. As always, we remind you to watch for installations and never open email attachments.
These rogue Chromium builds stand out because they usually have a "brand name" attached including BeagleBrowser, BrowserAir, BoBrowser, Chedot, eFast, Fusion, MyBrowser, Olcinium, Palikan, Qword, Tortuga, and Torch. You'll need to know the name of the browser you installed shortly. For example:
There's a good chance that scanning with Malwarebytes or Adwcleaner (covered in the final step) will remove most rogue Chromium browsers, but removing some of these can be difficult, so we suggest you try these steps for the best results.
1: We recommend you boot into Safe Mode to properly remove the Chromium malware.
Once in Safe Mode, we want to do a few things to make sure the browsers are removed.
2: Verify none of the browsers are running by pressing CTRL+ALT+DEL and click on Task Manager. Right-click and select End Task on any process named Chromium.exe, Chrome.exe, or any of the names we listed in the second paragraph. They can use numerous names, and some browsers, including Torch, add additional processes, for example, TorchCrashHandler.
3: Download IOBit Uninstaller or Geek Uninstaller and uninstall any browsers that you believe are the culprit. We're not using the Windows uninstaller because they always leave files, folders, and more behind.
Once completed, be sure to look for any browser extensions or add-ons you can remove.
4: Open File Explorer and go to C:UsersusernameAppDataLocal. AppData is hidden so be sure to click on View > Hidden items.
Delete the Chromium folder if it exists. Also, once again check for a folder with the same name of the browser you installed. In our example, we have a Torch folder, so we'll delete that.
5: Reboot your PC back to normal mode.
While you should be clean, additional steps may be required.
A quick scan with Malwarebytes, AdwCleaner or your currently installed antivirus.
Clean temporary files and unneeded registry entries with CCleaner.
comments powered by Disqus
Of course, to get the Chromium malware you'd have to download it somehow, usually as a Potentially Unwanted Program (PUP) or through email. As always, we remind you to watch for installations and never open email attachments.
These rogue Chromium builds stand out because they usually have a "brand name" attached including BeagleBrowser, BrowserAir, BoBrowser, Chedot, eFast, Fusion, MyBrowser, Olcinium, Palikan, Qword, Tortuga, and Torch. You'll need to know the name of the browser you installed shortly. For example:
There's a good chance that scanning with Malwarebytes or Adwcleaner (covered in the final step) will remove most rogue Chromium browsers, but removing some of these can be difficult, so we suggest you try these steps for the best results.
1: We recommend you boot into Safe Mode to properly remove the Chromium malware.
Once in Safe Mode, we want to do a few things to make sure the browsers are removed.
2: Verify none of the browsers are running by pressing CTRL+ALT+DEL and click on Task Manager. Right-click and select End Task on any process named Chromium.exe, Chrome.exe, or any of the names we listed in the second paragraph. They can use numerous names, and some browsers, including Torch, add additional processes, for example, TorchCrashHandler.
3: Download IOBit Uninstaller or Geek Uninstaller and uninstall any browsers that you believe are the culprit. We're not using the Windows uninstaller because they always leave files, folders, and more behind.
Once completed, be sure to look for any browser extensions or add-ons you can remove.
4: Open File Explorer and go to C:UsersusernameAppDataLocal. AppData is hidden so be sure to click on View > Hidden items.
Delete the Chromium folder if it exists. Also, once again check for a folder with the same name of the browser you installed. In our example, we have a Torch folder, so we'll delete that.
5: Reboot your PC back to normal mode.
While you should be clean, additional steps may be required.
A quick scan with Malwarebytes, AdwCleaner or your currently installed antivirus.
Clean temporary files and unneeded registry entries with CCleaner.
comments powered by Disqus