Severity scale:  

Critical Chrome Update virus. How to remove? (Uninstall guide)

removal by Lucia Danes - - | Type: Malware

Installing fake Critical Chrome Update drops Kovter.C malware on a computer

Critical Chrome Update malware

Critical Chrome Update is a malicious ad that might emerge on your screen after clicking on one of Traffic Junky ads.[1] This ad network is known to be serving promotional content on adult-only websites, and therefore visitors of these domains fell victims to KovCoreG malvertising attack[2] that pushed Kovter.C Trojan to victims’ computer.

Cybercriminals managed to compromise Traffic Junky ad network which serves ads via popular adult-oriented sites such as Pornhub. As a consequence, deceptive ads were served through common web pages and infected unsuspecting users with click-fraud malware known as Kovter Trojan.

Users who clicked on those ads were exposed to a malvertising attack that redirected them to deceptive pages that were picked based on victim’s web browser. Following the browser type and version, victims received bogus offers to install “Critical Chrome Update,” “Critical Firefox Update” or fake Adobe Flash Player update (Microsoft Edge/Internet Explorer users). The final alert is picked using a JavaScript code that is the same as one used in Neutrino and NeutrAds.

Research reveals that the attack chain starts with a redirect from advertisingms[.]com domain which corrupts the final link and throws the victim to a compromised malware-serving site. According to Proofpoint, this domain “inserts a call hosted behind KeyCDN,” which happens to be a giant content delivery network.

Critical Chrome Update scam suggests installing an update for the popular web browser, however, instead of updating the browser, it drops a ZIP archive that contains a runme.js file. Once executed, it addresses the server responsible for the social engineering attack. The .JS file the downloads two files to victim’s computer – .flv and .mp4 format file.

FLV file consists of three random digits, and the rest of them belong to an RC4 key. The MP4 record is encrypted with this key and hex-encoded. The MP4 file also stores a Powershell script that contains shellcode used to download and execute AVI file (Kovter virus).

Once executed, Kovter virus establishes itself into Windows Registry rather than dropping some files on the system. This way, the malicious software attempts to avoid detection. Besides, the virus sets up specific autorun entries, which runs the malware as soon as the victim starts the computer.

The malware operates silently, and the only noticeable problem is a slight decrease of computer’s performance. However, the majority of users might not suspect anything if they do not have anti-malware programs installed on their PCs.

Avoid malware-laden ads while browsing the Internet

Although cybercriminals use various techniques to trick victims into clicking on malicious advertisements, the method that is based on fake “updates” is actually very common and can be recognized easily. For example, the infamous Bad Rabbit ransomware was also pushed via counterfeit ads that appeared on legitimate websites previously hacked by cybercriminals. team says[3] that the trick to avoid installing the malicious Critical Chrome Update or Urgent Chrome Update, as well as malware delivered via deceptive versions of Flash Player or other well-known programs is to never install updates from random Internet sites.

Despite that the ad looks legit and includes official logos of the promoted software, you should never rely on it. If you suspect that you need an update for Chrome – simply visit the official browser’s developers’ site and check whether there is an update available.

Remove Critical Chrome Update virus (Kovter.C)

If you were redirected to a site containing Critical Chrome Update virus, close the web page immediately. If it downloaded the malicious ZIP file to your computer automatically, do not open it and delete it as soon as possible. However, if you launched the deceptive record, run anti-malware software as soon as you can (ideally, do it after performing a clean system boot).

To finish Critical Chrome Update removal, update your anti-malware software and scan your computer several times. It is essential to delete Kovter Trojan as soon as possible as it can perform series of illegal activities on your computer.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Critical Chrome Update virus, follow these steps:

Remove Critical Chrome Update using Safe Mode with Networking

Restart your PC in Safe Mode (use clean boot method) and run an up-to-date anti-malware tool to identify and remove Kovter malware dropped by Critical Chrome Update virus.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Critical Chrome Update

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Critical Chrome Update removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Critical Chrome Update and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions