Severity scale:  
  (86/100)

Critical Chrome Update: fake update leading to Kovter trojan horse

removal by Lucia Danes - - | Type: Malware

Critical Chrome Update is the fake alert that drops Kovter.C malware on the computer

Critical Chrome Update malware 

Critical Chrome Update is the scam that displays fake alerts about the needed browser or system updates and this way tricks people into installing other possibly malicious programs to the computer. If you are constantly redirected and such pop-ups go to your screen repeatedly, you should check your computer for Chrome virus – a potentially unwanted program that can be secretly running on the system. 

Note that Critical Chrome Update virus is totally malicious as it can emerge on your screen after clicking on one of Traffic Junky ads.[1] This ad-supported network is known to be serving promotional content on adult-only websites, and therefore visitors of these domains fell victims to KovCoreG malvertising attack[2] that pushes Kovter.C Trojan to victims’ computer. Installation of severe malware as such can also be a result of constant alerts about alleged updates.

Name Critical Chrome Update
Category Malware
Family Chrome virus
Symptoms Delivers fake alerts, warning messages claiming about needed software, updates or additional programs. Tricks into installing fake applications, rogue tools
Main danger Infects the system with malware, in particular, trojans and ransom-demanding threats
Distribution Software bundles, PUPs installed on the system already, deceptive ads, software cracks
Elimination For Critical Chrome Update removal, use a reliable anti-malware program

Critical Chrome Update scam is the social engineering attack or a campaign based on technical support scam tactics. Unfortunately, such messages and various alerts can lead to the installation of rogue tools, applications, useless programs.

However, scams like Critical Chrome Update virus, in most cases, deliver messages and redirect to questionable or even malicious domains as hosts:

  • iexaidlepro.org
  • johphblogger-hints-and-tips.org
  • tahxiintimes-niedersachsen.org

Chrome Update pop-ups can also provide messages with phone numbers that claim to connect victims with the technical support team. Nevertheless, these messages are fake and official technical support services are not delivering messages like this, especially are not encouraging to call questionable numbers. 

You need to remove Critical Chrome Update virus instead of calling the number or contacting people behind the threat in any other way. For that, you should get an automatic anti-malware tool and clean the machine fully. Critical Chrome Update removal requires tools like Reimage so that the system gets fully recovered.

Critical Chrome Update virus
Critical Chrome Update virus attacks visitors of popular adult-only websites. Victims are redirected to malicious ad after clicking on a compromised Traffic Junky advertisement.

A detailed scheme of the Critical Chrome Update functionality

After managing to compromise Traffic Junky ad network, which serves ads via popular adult-oriented sites such as Pornhub, cybercriminals are now capable of serving deceptive via common web pages. As a result, unsuspecting users can easily get infected with click-fraud malware known as Kovter Trojan.

Users who click on such ads are exposed to a malvertising attack that redirects them to deceptive pages that are picked based on their web browser used. Following the browser type and version, victims receive bogus offers to install one of these updates:

  • Critical Chrome Update
  • Critical Firefox Update
  • Adobe Flash Player update (Microsoft Edge/Internet Explorer users).

The final alert is picked using a JavaScript code that is the same as one used in Neutrino and NeutrAds.

Research reveals that the attack chain starts with a redirect from advertisingms[.]com domain which corrupts the final link and throws the victim to a compromised malware-serving site. According to Proofpoint, this domain “inserts a call hosted behind KeyCDN,” which happens to be a giant content delivery network.

Critical Chrome Update scam suggests installing an update for the popular web browser, however, instead of updating the browser, it drops a ZIP archive that contains a runme.js file. Once executed, it addresses the server responsible for the social engineering attack.[3] The .JS file the downloads two files to victim’s computer – .flv and .mp4 format file.

FLV file consists of three random digits, and the rest of them belong to an RC4 key. The MP4 record is encrypted with this key and hex-encoded. The MP4 file also stores a Powershell script that contains shellcode used to download and execute AVI file (Kovter virus).

Critical Chrome Update
Critical Chrome Update virus is the scam that is based on technical support scams and social engineering.

Actions made by the malware after infiltrating the system

Once executed, Kovter virus establishes itself into Windows Registry rather than dropping some files on the system. This way, malicious software attempts to avoid detection. Besides, the virus sets up specific autorun entries, which runs the malware as soon as the victim starts the computer.

The malware operates silently, and the only noticeable problem is a slight decrease in the computer’s performance. However, the majority of users might not suspect anything if they do not have anti-malware programs installed on their PCs.  

Preventing Critical Chrome Update attack 

Dieviren.de team says[4] that the trick to avoid installing the malicious Critical Chrome Update or Urgent Chrome Update, as well as malware delivered via deceptive versions of Flash Player or other well-known programs is to never install updates from random Internet sites.

Although cybercriminals use various techniques to trick victims into clicking on malicious advertisements, the method that is based on fake “updates” is actually very common and can be recognized easily. Such a technique mainly gets used to deliver more severe malware and directly infect the machine with threats.

When deceptive advertisement looks legit and includes official logos of the promoted software, it seems to be trustful and people tend to click on such content. However, you should never rely on the pop-up that claims you need to install or update anything randomly. The official software creators and providers are not showing such messages on browsers.

If you suspect that you need an update for Chrome – simply visit the official browser’s developers’ site and check whether there is an update available. However, when installing an application or direct program/ software update be aware of the additional installations. Choose Advanced or Custom options to avoid any unwanted applications. 

Remove Critical Chrome Update virus (Kovter.C)

If you were redirected to a site containing Critical Chrome Update virus, close the web page immediately. If it downloaded the malicious ZIP file to your computer automatically, do not open it and delete it as soon as possible.

However, if you launched the deceptive record, run anti-malware software as soon as you can (ideally, do it after performing a clean system boot).

To finish Critical Chrome Update removal, update your anti-malware software and scan your computer several times. It is essential to delete Kovter Trojan as soon as possible as it can perform a series of illegal activities on your computer.

You should remove Critical Chrome Update virus with updated anti-spyware to be totally sure that all the related files, applications, and even malware get eliminated during one system check.

You can remove virus damage automatically with a help of one of these programs: Reimage, SpyHunter 5Combo Cleaner, Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Critical Chrome Update virus, follow these steps:

Remove Critical Chrome Update from Windows systems

To identify and remove Kovter malware dropped by Critical Chrome Update virus, you need to run thru your recently-installed apps and uninstall the ones that seem suspicious. Also, check their CPU usage because, as we have mentioned, the virus misuses system resources.

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Critical Chrome Update and related programs
    Here, look for Critical Chrome Update or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Critical Chrome Update from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Delete Critical Chrome Update from Google Chrome

Reset Chrome with the steps given below to restore it to its previous state. Keep in mind that it can also be infected with Kovter trojan, so a full system scan is required as well.

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Critical Chrome Update and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Critical Chrome Update removal. Click on 'Reset' button to complete your removal

Get rid of Critical Chrome Update from Mozilla Firefox (FF)

To get rid of Critical Chrome Update virus, you must uninstall all suspicious add-ons and change your homepage to the previous one.

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Critical Chrome Update and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Critical Chrome Update removal. Click on 'Reset Firefox' button for a couple of times

Eliminate Critical Chrome Update from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for Critical Chrome Update and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete Critical Chrome Update removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Uninstall Critical Chrome Update virus from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, Critical Chrome Update should be removed from your Microsoft Edge browser.

Remove Critical Chrome Update from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Critical Chrome Update or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Critical Chrome Update, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Critical Chrome Update removal process. Select all options and click on 'Reset' button

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

Removal guides in other languages


Your opinion regarding Critical Chrome Update virus