MovieChat Forums > Computers and Software > Urgent Chrome Update virus/scam

Urgent Chrome Update virus/scam

posted 8 years ago by akira88
1 reply | jump to latest

I was browsing DeviantArt recently when one of the tabs I had opened was redirected to the fake "Urgent Chrome Update" popup as seen here: https://productforums.google.com/forum/#!msg/chrome/HcXgFFaO9WU/Dd3PZ8VHCwAJ/

Now, supposedly the redirect will automatically download a file, but I closed the browser before I saw whether or not it had done so. To complicate matters, I was browsing in incognito, so chrome would have deleted any download history before I could check. I did check the downloads folder and didn't see anything more recent than June. However, I don't know if anything downloaded in incognito would go here or somewhere else.

So, a few of questions:

1. If something is downloaded during an incognito browsing session, will it still show up in the same downloads folder as files downloaded during normal browsing?

2. I've used Windows Explorer to check my computer for files with "chrome" in the name - which is, of course a lot. However, it;s my understanding that the file needs to actually be run to do anything malicious. Is that understanding correct?

3. One of the posts linked above claims that the virus creates a file in "%appdata%\Microsoft\Windows\Recent\CustomDestinations\" and two registry entries. Is this accurate? In any event, I was unable to find either of the two registry entries mentioned. While I did find the "CustomDestinations" folder, I was able to delete all the files there easily enough (though new ones have since popped up - is this normal?)

4. On the subject of the "CustomDestinations" folder mentioned above, I'm unable to see it in the "recent" folder, even with hidden files and folders made visible - to access it, I have to type the path directly into Windows Explorer's address bar.

5. And finally, also on the subject of "CustomDestinations", I've noticed that all of the files listed there have "CUSTOMDESTINATIONS" listd as their file type. Is that normal?

Can anybody help?

[–] m-slovak79 8 years ago

but looking on that link...

I was reading an article from a link on Facebook and suddenly got a big window labelled "Urgent Chrome Update". There was a "chrome-update.bat" file downloaded. I immediately shut down my computer, restarted it and did a malware scan, found nothing, but a Google search found that the file will install malware that encrypts all the data on your computer

but assuming what that quote says is true... if your stuff does become encrypted you could be out of luck as i heard of those things where your stuff gets encrypted and you have to pay a $$$ to get your data back etc.

either way if all you did was download the .bat file and never ran/opened it, you got nothing to worry about.

checking your computer for viruses etc and run Malwarebytes Anti-Malware might be a good idea.

as for your #3... if all that happened was the .bat file was saved to your computer but you never ran it, i doubt you got anything to worry about.

search your computer for 'chrome-update.bat' (without the ' ) in windows explorer. does anything come up?

p.s. just watch where you go online as a program like Voodooshield (it's got a free version) might be of great help for you since it won't let anything run without your permission and if that .bat file attempted to do anything it would be blocked by Voodooshield. NOTE: Voodooshield is only good if your PC is currently in good running order when it's installed and configured. so if you already got a virus etc on the computer it won't stop that. it's basically a lock for your computer so that nothing runs or installs that you did not allow.

----------
My Top 100-ish Movies of All-Time! = http://goo.gl/EYFYdz
----------