How to remove a virus from Google Chrome

Chrome is considered to be one of the most reliable and secure browsers, but it also has vulnerabilities. Despite the fact that developers are constantly improving the level of security of the browser, the number of potential threats does not decrease – new viruses continue to appear. And catching the virus is pretty easy, you may not even notice it. For example, you went to an unfamiliar site, clicked on a link and downloaded an unknown file. As a result, the browser begins to work incorrectly, which poses a danger to the device and your personal data.

Symptoms of virus infection

Most modern viruses are disguised as harmless programs and processes, so they can be difficult to recognize. The impact of malware can be very different – for example, because of a virus, the browser begins to slow down and hang, a huge amount of advertising appears in it, settings are lost, the necessary functions do not work.

The realization that the problem is in the virus does not come immediately. Many users first begin to look for the reason in their actions or in browser updates.

As a result, from the moment of infection to the detection of the virus, a lot of time can pass, during which work with Chromium will be significantly complicated. The later you detect malware, the more significant harm it can cause. Therefore, it is very important to do everything possible to detect the virus as quickly as possible.

Viruses in Google Chrome
Viruses in Google Chrome

The first signs of the presence of the virus are the strange behavior of Chrome, unauthorized opening of tabs, redirection and a sharp increase in the number of advertisements.  Any of these problems is a good reason to conduct a check.

Symptoms of infection may look like this:

  • chrome brakes strongly, while there are no serious additional loads on the device;
  • Pop-ups and new tabs appear that cannot be closed.
  • tabs and windows that are visible only after closing the main browser window are opened arbitrarily and imperceptibly;
  • advertising appears on those sites where it was not there before;
  • notifications appear with text about threats – for example, about the approaching block due to the expiration of the browser;
  • the start page and search engine are changing, although you have not changed the settings;
  • extensions appear that you did not install;
  • advertisements appear, although earlier Chrome itself or extensions such as AdBlock successfully coped with them;
  • there is adult content regardless of whether you have searched for it before or not;
  • there is a requirement to confirm registration, which may be accompanied by a request to send a message to the specified number;
  • there is a substitution of links to familiar sites;
  • access to personal pages is blocked, which is often accompanied by a requirement to follow a link.

This is not a complete list of the problems that you may encounter because of the virus. All of them interfere with the work of the browser and pose a great danger to the entire system.

If you think that the browser works strangely – it is worth checking for threats in order to remove the virus in Google Chrome in time.  This is the case when it is better to play it safe a little than to solve the problems created by the malware. Until the virus is removed, it is not recommended to continue working with the browser, because every day the risk to the entire system increases.

How to remove a virus

The best result is given by the complex application of different methods:

  • check extensions;
  • use of an internal Chrome scanner;
  • use of anti-virus programs and utilities;
  • Check the hosts file.

If you do not know how to remove a virus in the Google Chrome browser, which method will be optimal in your case – apply all methods in turn.

Check and remove extensions

Extensions are convenient tools that allow you to do a little more than is provided for by the standard functionality of Chrome. They are easily downloaded, but a virus can get on the device with them.

The extension itself may contain a virus, and it will go unnoticed. The danger lies in the fact that you may not be aware of some plugins at all, since they are "controlled" by a virus.

Check extensions in Google Chrome
Check extensions in Google Chrome

To recheck extensions, perform the following actions:

  • Open a browser.
  • Open the menu by clicking the three-dot icon at the top right.
  • from this menu, select "Additional Tools";
  • open the Extensions section.

Here you can see all the extensions installed in your browser. Carefully study the list and remove all extensions that are not needed – this is done by clicking on the "Remove" button. In this list, you may also find extensions that you did not install at all – they also need to be removed.

After analyzing and manually clearing the list, restart the browser – in most cases this helps to solve the problem with viruses and an abundance of advertising.

The list of extensions should be checked regularly in order to identify and remove unwanted and potentially dangerous products in time. In some cases, even those extensions that you have been using for a long time may be problematic – as a rule, suspicion falls on them last. For example, if checking for a problem requires you to disable questionable extensions one at a time, the "oldest" extensions may remain intact.

The logic is simple – the user believes that these applications were installed a long time ago, they are useful, there have never been difficulties with them, which means that now the problem is being built to look elsewhere. In practice, everything is different – the extension can change at any time for various reasons (for example, there is another owner who plans to use the application differently). Potentially, any extension can become dangerous after installation, so unnecessary products should not be downloaded unnecessarily.

To check the security of extensions, you can use a special Chrome tool, which is called Security Check. This tool also checks the strength of passwords, the availability of fresh Chrome updates and the security of browsing sites.

To run a security check, proceed as follows:

  • open Chrome;
  • with the left mouse button, click on the icon with three dots located at the top right;
  • in the menu that appears, select "Settings";
  • on the page that opens, in the menu on the left, select the "Security Check" item;
  • on this page we find the section "Security Check" and click "Perform verification".

The process usually takes a few seconds. If the results of the scan reveal problems, the system will report this and offer to look at potentially dangerous extensions, compromised passwords, etc.

Chrome also has a built-in algorithm that warns of danger. Problematic extensions are labeled "Potentially Dangerous Extension." And sometimes you may see the inscription "The authenticity of the extension could not be verified, it may have been installed without your knowledge."

Such extensions should be given special attention and immediately removed if they were installed automatically. If you see the message "Extensions are disabled", it means that the browser has blocked one or more extensions to protect your data. Chrome disables extensions that aren't installed from the Chrome Web Store.

Built-in virus scanner

First, you need to run chrome scan with your own built-in antivirus. To do this, we act as follows:

  • open Chrome;
  • click on the button with three dots, which is located at the top right;
  • open the "Settings" item;
  • find the Additional section, open it;
  • find the item "Reset settings and remove malware";
  • Here we select "Remove malware from your computer".
Built-in virus scanner in Google Chrome
Built-in virus scanner in Google Chrome

Next, run the scan and remove all the detected threats. Then we perform a restart of Chrome – after that, its correct operation should be restored.

Additionally, you can perform another check: copy the chrome://settings/cleanup to the address bar.  In the window that opens, click the "Find" button and the browser looks for malware on your computer.

This tool searches only for programs and components that may interfere with the work of the browser. That is, this is not an antivirus, but just a function for prompt verification.

Scan the system with an antivirus

If you have an installed anti-virus – Kaspersky, NOD, Avast, no matter which one – run the scan. If you don't have one, you need to get one.

You can use free anti-virus programs like ESET Online Scanner and Dr.Web CureIt!

They do not conflict with the anti-virus software installed on the computer (if any) and can be used in parallel with it. What's more, Dr.Web CureIt! doesn't even require installation.

Get rid of the advertising virus

An adware is a type of adware that enters the system in the same way as a virus, although an antivirus agent may not recognize it. There are a lot of such programs, they are often downloaded as a "kit" with some products that you really need. First of all, this applies to free programs downloaded from unverified resources – with them very often not only varieties of adware can get on the PC, but also more dangerous viruses.

The most annoying type of such advertising is pop-ups that appear with a certain periodicity. Moreover, they can occur even when the browser is closed, while the antivirus does not detect the problem.

To solve the problem with intrusive advertising, you need to check extensions, run a built-in virus scanner – sometimes this is enough to detect an adware virus in Google Chrome.

It is also worth downloading the program AdwCleaner, which is designed specifically to clean the system from pop-ups and banners.

The program is free, you just need to download, install and run a scan. After the scan is completed, all detected Adware programs should be uninstalled.

Checking hosts

Checking the correctness of the hosts file is the final stage of the system survey.

The hosts file is responsible for converting symbolic names to IP addresses and vice versa. For example, is converted to With this system file, your computer converts a literal value to a numeric value – and thanks to this, you fall to the desired site.

Some viruses are aimed at defeating the hosts file, as a result of which extra lines appear in it – and because of this, the user instead of the desired site falls on a fraudulent analogue. Sometimes in appearance it is almost impossible to distinguish a real site from a fake, but some points should alert you – for example, the resource requests personal data, information about bank cards, asks to perform some atypical actions.

in all versions of windows the file is located at c:windowssystem32driversetchosts

To view the contents of the hosts file, copy this address directly to the address bar of the browser. If nothing else is written after the line "# localhost", that's fine. If it is written, then the excess should be removed. Directly in the browser to do this will not work:

  • open File Explorer with the combination Win + E, where Win is a button with the Windows logo;
  • in the line "Quick access" insert this address;
  • "How do you want to open this file?" – select Notepad.

What the hosts file should look like
What the hosts
file should look like

Just erase everything superfluous and save the file.

You can also use the AVZ utility:

  • download and unpack it;
  • run avz.exe.
  • in the window that opens, select "File", then "System Restore";
  • in the list "Restore system settings" select item No. 13 "Clear the hosts file", put a tick next to it;
  • confirm the action.

After that, the system file will be cleared of unnecessary addresses.

In addition, it is recommended to perform another procedure using the AVZ program to check hidden routes in which redirect commands to fraudulent sites may remain.

To do this, we act as follows:

  • open the program window again,
  • open "File", then "System Restore";
  • in this list, select item #20 "TCP/IP settings:Deleting static routes";
  • confirm the action.

After completing these steps, you will no longer be redirected to sites that you do not understand.

Mike Lombardi/ author of the article

QA Engineer, Head of Automated Software Testing Department. Knowledge of Java, C/C++, JSP, HTML, XML, JavaScript, SQL, and Oracle PL/SQL. Journalist and Columnist in the IT field. Website Creator and Administrator.