Web browsers are our best friend for surfing the web. Among all the browsers, Google Chrome and Mozilla Firefox are the most popular ones, especially Chrome – the popularity is sky-high. Although it’s the most popular, it isn’t safe 100%. In fact, most software and other stuff aren’t 100% safe. For Chrome and Firefox, this new malicious add-on/extension has proved it.
A security researcher has recently spotted the add-ons that’s almost impossible to delete. Deleting the add-on is very tricky and annoying as well.
The add-on that affects chrome is named “Tiempo en colombia en vivo”. Using a method called “Forced Chrome Extension”, this extension gets installed on the browser. Not only that, it modifies system so that you can’t remove it easily from the system.
For driving away users from the extension page, this extension redirects users from “chrome://extensions/” to “chrome://apps/?r=extensions”. The redirected page only shows the installed apps in a list form. Moreover, you won’t be able to access “chrome://extensions” even by blocking JS or starting Chrome with disabled extensions.
If you wish to remove the extension from your Chrome, follow these steps.
- Go to Chrome extension folder – “C:\Users\username\AppData\Local\Google\Chrome\User Data\Default”.
- Search for the file “1499654451774.js” in the folder.
- Rename the file to “1499654451774.js.old”.
- Open Chrome and go to “chrome://extensions/”
- The extension will appear corrupted. Delete the extension.
Another similar type of extension is found in Firefox as well. Malwarebytes, the identifier of this add-on found it named “PUP.Optional.FFHelperProtection”. This one modifies “background.js” to block access to “about:addons” and disables users from removing it.
For uninstalling the add-on, it’s relatively easier from Chrome. Follow these steps.
- Start Firefox in Safe mode. Run this command:
"C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
Note that the file paths might be different if you installed in a different path.
- Go to “about:addons”. Remove the add-on named “FF Helper Protection”.
Most likely, your favorite Chrome and Firefox are free from the annoying add-ons. By the time you’re reading this, this add-on might not be with the same name in the wild. As protection gets evolved, so does the malware. It’s also noteworthy that the Chrome extension proves the weakness of Play Store and Chrome Stores’ review system.
If you don’t want such add-ons to annoy you, I strongly recommend not to surf the web without caution and proper security measures. When installing any extension, read the description and review carefully.