Skip to content
  • Active
  • Severity: Medium
  • Browser Hijackers
  • Mac
  • Verified · May 2022

How to remove ChromeLoader malware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

ChromeLoader malware is the virus that spreads using rogue ISO archive files

ChromeLoader malware is designed to install malicious browser extensions onto browsers, and it targets machines running Windows and macOS. The threat has been spread on Twitter with the QR codes promoting pirated software like video games or movies, and TV shows. The infection made headlines recently[1] due to the fact that campaigns appeared to be extremely active these days, and many samples of different variants with particular distribution methods have been discovered.

This browser hijacker modifies the web browser settings to show search results filled with promotional material that push unwanted software, fake giveaways, and surveys and redirects people to adult games, online dating sites, and other commercial platforms. ChromeLoader malware creators get financial gains due to the marketing affiliation from these ad-supported pages and redirect traffic to these commercial sites.

There are many potentially unwanted programs[2] like this browser hijacker. However, the infection caused a major buzz due to the persistent and different methods involved. There are huge volumes of malware spreading around, and the infection route involving aggressive use of PowerShell is not common for browser-based apps. This is a persistent threat to this ChromeLoader hijacker.

Name ChromeLoader malware
Type Browser hijacker, unwanted application, potentially unwanted program
Issues The app causes advertisements out of nowhere, triggers issues with the performance and speed of the machine, manipulates browser settings and affects online traffic
Distribution Deceptive posts on social media, advertising campaigns, pirating platforms, torrents
Damage Affects the speed and performance, leads to privacy issues, exposes users to possible malware content
Removal Threats can be removed with anti-malware tools
Repair Infections cause issues with the machine, so run FortectIntego to repair those issues with the machine

The infection also targets macOS devices and tries to manipulate Chrome and Safari web browsers. The infection is similar to the Windows versions, but it uses DMG files instead of ISO files used for Windows machines. The threat still can ensure persistence with user logs and continuous processes running on the machine. 

Once the malicious executable with the malware is launched, you might see some error messages or other indications that inform you about issues with the machine. These are the method used by the malware to mask the background processes and avoid detection. Suspicious users might start to check machines when symptoms like this occur.

Damage of the browser hijacker

ChromeLoader malware infection can start with malicious advertising material online and downloading the ISO file. Experts[3] reported that these campaigns mainly start with Twitter posts. Malware creators claim to offer pirated or cracked versions of games or software, so the ISO is installed without the users' knowledge.

The malware is launched when the ISO file is double-clicked, so the executable that pretends to be a game or keygen installs the malware. once it is executed, the PowerShell command is executed to fetch browser-based programs from remote resources. Then all the issues begin with the background processes.

Sadly people do not know that common social media campaigns, video sites, game crack portals, and torrent services can deliver these downloaders filled with ChromeLoader browser hijackers or different intruders. The PowerShell creates the task name ChromeTask that is triggering the launch every ten minutes.

This PowerShell script also adds the malicious Google Chrome extensions to the machine. Sometimes these processes cause the crash of the web browser, which indicates the infection. More tech-savvy people can run the anti-malware tools then and let these tools detect the ChromeLoader browser hijacker.

Removing the infection

Even though this is a browser-based program and it manipulates browser settings to control the online traffic, you need t remove the infection properly. ChromeLoader malware can be removed using anti-malware tools that are capable of detecting this infection. Tools like MalwarebytesMalwarebytes or SpyHunterCombo Cleaner can run the system scan and properly find these infections.

You can remove the virus and other related programs or cyber intruders this way, but some of the files and applications can still run on the machine and cause issues for the user. For that purpose, you should manually go through the particular settings and remove the PUP.

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program.Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK.Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program.Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Do not forget that this infection affects various machines including macOS, iOS, and Android or Windows devices. You might want to clear the virus quickly, but these PUPs can be hidden in various places on the machine, so you need to remove the ChromeLoader malware properly.

There are particular instructions for the browser resetting, so the issues and changes made by the browser hijacker can be solved, but these issues with the system and performance when redirecting annoy users can still occur due to the existence of the malware in the background. You should take care of that yourself. You can remove the ChromeLoader malware from macOS devices manually too. 

Delete from macOS

Remove the unwanted application:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for any suspicious entries, then drag them to Trash (or right-click and pick Move to Trash).Uninstall from Mac

Delete leftover files and folders:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and remove any suspicious folders related to the unwanted program.
  3. Repeat the same check in the /Library/LaunchAgents and /Library/LaunchDaemons folders, deleting any suspicious entries.Delete leftover files from Mac
  4. Finally, empty the Trash to permanently remove the leftovers.

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all suspicious extensions related to the unwanted program by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings.Reset Chrome 2

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.