What is ChromeLoader?
According to threat analysts (1, 2), ChromeLoader is malware designed to download and install malicious browser extensions on the victim’s computer. At the moment there are two versions of the ChromeLoader malware, the first is aimed at the Windows system, and the second at MacOS. It is already known that this malware is spreading through Twitter across the world. Criminals use QR codes to post malicious links that masquerade as links to videos and pirated software.
27 security vendors flagged ChromeLoader as malware:
QUICK LINKS
During the analysis, the security researchers revealed that ChromeLoader is an ISO file that contains two components “_meta.txt” and “downloader.exe”. The first file is the encrypted PowerShell script and the second is its decryptor.
Upon execution, it creates a task called “ChromeTask” (may be different) and sets it up to run every ten minutes. Next, it downloads the malicious Google Chrome browser extension “archive.zip”. Some victims of the malware reported that due to the repeated execution of this task, their browser closed unexpectedly. Since it can help victims detect the presence of malware on the computer, it will likely be patched by the ChromeLoader authors in the future to prevent its detection.
As we said above, ChromeLoader downloads and installs malicious extensions, and to prevent users from removing them, it blocks access to the list of Google Chrome extensions (“chrome://extensions/”), redirecting users to general settings (“chrome: //settings”).
Since the main target of ChromeLoader is browsers, then this malware falls into the category of Browser hijackers. Browser hijackers are a kind of malicious software designed to change the web browser settings without the knowledge or permission of the computer user, and it usually redirects the affected system’s browser to some advertisement-related webpages. Browser hijackers can change the default search engine or homepage, initiate numerous popups, install multiple toolbars and malicious extensions, redirect user web searches and generate multiple pop-up advertisements.
And finally, ChromeLoader can be used to gather a wide variety of information, including:
- IP addresses;
- URLs visited;
- search queries/terms;
- clicks on links and ads;
- web-browser version information.
So, if you happen to encounter this malware or other such problem, then be quick and take effort to remove it ASAP. Follow the instructions below to remove ChromeLoader. Let us know how you managed by sending us your comments please.
Threat Summary
| Name | ChromeLoader, “ChromeLoader malware”, “Choziosi loader” |
| Type | browser hijacker, trojan-downloader, redirect virus |
| Related files | “_meta.txt” and “downloader.exe” |
| Detection Names (ISO file) | Win32:MalwareX-gen [Trj], Trojan.MulDropNET.50, Trojan.Lazy.D17F6B, MSIL/Agent.VBQ!tr, Trojan.MSIL.Agent.4!c, Trojan.Agent.Win32.2658908, Trojan.Agent!/FKTFA+AjH4, HEUR:Trojan.MSIL.Agent.gen, MSIL.Trojan-Downloader.Choziosi.C |
| Detection Names (downloader.exe) | Trojan:MSIL/MalwareX.031afd7d, Win32:MalwareX-gen [Trj], W32/Trojan.HLZ.gen!Eldorado, MSIL.Trojan-Downloader.Choziosi.C, RDN/Generic.grp, TScope.Trojan.MSIL, Trj/GdSda.A, MSIL/Agent.VBQ!tr |
| Affected Browser Settings | extensions, newtab page URL, search engine, homepage |
| Distribution | QR codes, links to videos/hacked software, Twitter |
| Symptoms | Unexpected ads appear on webpages that you are visiting. You keep getting redirected to unfamiliar web-sites. New entries appear in your Programs folder. Unexpected browser extensions or toolbar keep coming back. Your device settings are being changed without your request. |
| Removal | ChromeLoader removal guide |
On the Internet, users can come across many malicious programs that perform various malicious actions. Among them there are such as Dropbox Update Setup virus, Numando malware, DPD Delivery Email virus, Bloom exe adware and AnarchyGrabber Stealer, although, of course, there are many more. Some of them collect user data, others install malware on computers, and still others add infected computers to botnets, and so on. In any case, each malicious program (adware, browser hijacker, trojan, worm, …) is a huge threat to both user privacy and computer security. Therefore, malicious programs must be removed immediately after detection; using an infected computer is very dangerous.
How to remove ChromeLoader from computer (Malware removal guide)
If you have an unwanted homepage or search engine, consistent popups or advertisements, slow computer, crashing system problems, browser redirects, you are in need of malware removal assistance. The guidance below will guide you forward to get ChromeLoader removed and will help you get your personal computer operating at peak capacity again.
To remove ChromeLoader, follow the steps below:
- Delete suspicious software using Control Panel
- Remove malicious extensions
- Automatic Removal of ChromeLoader
- How to block malicious links
How to manually delete ChromeLoader
Steps to remove ChromeLoader without any removal tools are presented below. Be sure to carry out the step-by-step instructions completely to fully get rid of this browser hijacker.
Delete suspicious software using Control Panel
Some of potentially unwanted programs, adware programs and browser hijackers can be removed using the Add/Remove programs tool which can be found in the Windows Control Panel. So, if you’re using any version of Windows and you have noticed an unwanted program, then first try to remove it through Add/Remove programs.
 Windows 7 |
 Windows 8 |
|---|---|
|
|
 Windows 10 |
 Mac OS |
|
|
Remove malicious extensions
This step will show you how to remove harmful add-ons. This can help to get rid of ChromeLoader extensions and fix some surfing issues, especially after browser hijacker infection.
 Google Chrome |
 Mozilla Firefox |
|---|---|
You can also try to remove ChromeLoader browser hijacker by reset Google Chrome settings. |
If you are still experiencing problems with ChromeLoader removal, you need to reset Mozilla Firefox browser. |
 Internet Explorer |
 Safari |
Another solution to remove ChromeLoader browser hijacker from IE is reset Internet Explorer settings. |
|
Automatic Removal of ChromeLoader
ChromeLoader can hide its components which are difficult for you to find out and delete easily. This can lead to the fact that after some time, the malware once again infect your computer, install malicious extensions and modify web-browsers settings. Moreover, I want to note that it is not always safe to remove malicious software manually, if you do not have much experience in setting up and configuring the Windows operating system. The best method to detect and remove ChromeLoader is to use free malware removal tools.
Use MalwareBytes Anti-Malware to get rid of ChromeLoader browser hijacker
If you’re having problems with ChromeLoader — or just wish to scan your computer occasionally for browser hijackers and other malicious software — download MalwareBytes AntiMalware. It’s free for home use, and finds and removes various unwanted applications that attacks your computer or degrades PC performance. MalwareBytes AntiMalware can help to get rid of adware, potentially unwanted apps as well as malicious software, including ransomware and trojans.
- Installing the MalwareBytes Anti-Malware is simple. First you will need to download MalwareBytes Anti-Malware on your computer by clicking on the link below.
Malwarebytes Anti-malware
327217 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- After the download is complete, close all programs and windows on your PC. Open a folder in which you saved it. Double-click on the icon that’s named MBsetup.
- Choose “Personal computer” option and click Install button. Follow the prompts.
- Once the install is done, click the “Scan” button to start scanning your PC for the ChromeLoader malware. Depending on your personal computer, the scan may take anywhere from a few minutes to close to an hour. When a threat is found, the count of the security threats will change accordingly.
- Once the system scan is finished, MalwareBytes Anti-Malware will produce a list of unwanted applications and browser hijackers. Review the results once the tool has complete the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press “Quarantine”. When the cleaning procedure is finished, you can be prompted to restart your computer.
The following video offers a steps on how to get rid of hijackers, adware and other malicious software with MalwareBytes Anti-Malware.
Use Zemana AntiMalware to remove ChromeLoader hijacker
Download Zemana to remove ChromeLoader automatically from your computer and malicious extensions from your internet browsers. This is a freeware tool specially created for malicious software removal. This tool can delete adware software, browser hijackers from Firefox, Chrome, Internet Explorer and Edge and MS Windows registry automatically.
- Download Zemana AntiMalware by clicking on the following link. Save it directly to your Microsoft Windows Desktop.
Zemana AntiMalware
164975 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- Once the downloading process is complete, close all applications and windows on your device. Open a folder in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup.
- Further, press Next button and follow the prompts.
- Once the setup is done, press the “Scan” button to start scanning your computer for the ChromeLoader hijacker. When a malware, adware software or PUPs are detected, the count of the security threats will change accordingly.
- When Zemana AntiMalware is done scanning your personal computer, Zemana Anti-Malware will create a list of unwanted applications and hijacker. In order to remove all threats, simply press “Next”. After finished, you can be prompted to restart your personal computer.
Get rid of ChromeLoader hijacker and malicious extensions with Hitman Pro
HitmanPro is a free portable application that scans your computer for adware, potentially unwanted apps and browser hijackers like ChromeLoader and allows remove them easily. Moreover, it will also help you delete any malicious internet browser extensions and add-ons.
Click the link below to download Hitman Pro. Save it on your Microsoft Windows desktop or in any other place.
Once downloading is finished, open the file location. You will see an icon like below.
Double click the Hitman Pro desktop icon. After the utility is started, you will see a screen as displayed on the screen below.
Further, press “Next” button to begin scanning your computer for the ChromeLoader hijacker. A system scan can take anywhere from 5 to 30 minutes, depending on your computer. As the scanning ends, HitmanPro will show you the results like below.
Review the scan results and then click “Next” button. It will open a prompt, press the “Activate free license” button.
How to block malicious links
Use ad blocker program such as AdGuard in order to block malicious links, stop unwanted advertisements, malvertisements, pop-ups and online trackers, avoid having to install harmful and adware browser plug-ins and add-ons that affect your computer performance and impact your personal computer security. Browse the World Wide Web anonymously and stay safe online!
- Visit the page linked below to download AdGuard. Save it to your Desktop.
Adguard download
26882 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018
- After downloading it, run the downloaded file. You will see the “Setup Wizard” program window. Follow the prompts.
- After the setup is complete, click “Skip” to close the installation program and use the default settings, or click “Get Started” to see an quick tutorial that will allow you get to know AdGuard better.
- In most cases, the default settings are enough and you don’t need to change anything. Each time, when you start your personal computer, AdGuard will start automatically and stop unwanted advertisements, block ChromeLoader redirects, as well as other harmful or misleading web-sites. For an overview of all the features of the program, or to change its settings you can simply double-click on the icon called AdGuard, which may be found on your desktop.
Finish words
Once you have removed the browser hijacker using the few simple steps, MS Edge, Firefox, Chrome and Internet Explorer will no longer display any unwanted ads. Unfortunately, if the steps does not help you, then you have caught a new hijacker, and then the best way – ask for help.
Please create a new question by using the “Ask Question” button in the Questions and Answers. Try to give us some details about your problems, so we can try to help you more accurately. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the ChromeLoader hijacker.
