A malicious “Google Drive” browser extension has been identified, posing serious risks to data and device security. This malware not only hides deep within your computer’s folders but also modifies Chrome’s behaviors. If you’ve potentially downloaded or encountered this, it’s crucial to remove it right away. Our guide below offers a detailed, step-by-step process to ensure its complete removal.
Table of Contents
Fake Google Drive extension overview
The fake Google Drive browser extension is a malicious software that users might come across on dubious websites. Promoted as an essential add-on or a necessary update to the existing Google Drive service, it cleverly borrows familiar logos and design aesthetics to appear genuine.
🚨Here’s what it does:🚨
- Sneaks and sees what you do online.
- Grabs your online data.
- Changes digital coin addresses secretly.
- Sends digital coins to the bad guys.
- Steals passwords and stuff you copy-paste.
- Bothers you with annoying pop-up messages.
- Shares your stolen info with other scammers.
Unlike most browser extensions that embed directly into your browser, this malware takes a more secretive route. It embeds itself in a concealed directory on your computer, specifically “C:\Users[username]\AppData\Local“, disguising under the seemingly innocuous folder name “Default“. This covert installation allows it to operate undetected, and its manipulation of the Chrome browser’s shortcut ensures its persistence. Even if users believe they’ve removed the extension from their browser, it cleverly reactivates with every startup.
VirusTotal flagged ‘fake Google Drive browser extension ‘ as malware:
But what’s the motive behind this masquerade? Data theft. Once active, the extension is designed to trawl through and extract valuable information like browsing history, saved login credentials, cookies, and even credit card information stored within the browser. Such data, in the wrong hands, becomes a lucrative asset for cybercriminals.
Further adding to its repertoire of deceit, the extension can interfere with cryptocurrency transactions. When a user copies a cryptocurrency address intending to make a transfer, the extension can subtly replace the copied address, diverting funds to a criminal’s wallet.
Apart from its data pilfering abilities, unsuspecting users are also subjected to a barrage of spammy browser notifications. These notifications can vary in nature, from seemingly harmless advertisements to more sinister links directing to malware or phishing sites.
It’s crucial to reiterate that this counterfeit extension bears no connection to the official Google Drive service offered by Google. While the genuine Google Drive upholds strict security protocols and data protection standards, this imposter operates on an entirely different, and malicious, agenda.
To summarize, the fake Google Drive extension is more than just a harmless imitation; it’s a cunning threat designed to steal data, manipulate cryptocurrency transactions, and flood users with misleading notifications. If you suspect you’ve encountered this fraudulent extension, take action immediately: review our removal guide and ensure your online safety.
Examples of such malware
The Fake Google Drive extension is just one of many malicious programs lurking on the internet. Let’s look at a few other malware that you might come across:
Chromstera: This software is a browser hijacker. It takes over your searches, swaps out your homepage, and shows ads you didn’t ask for. If you notice Chromstera on your device, you need to remove it quickly and then fix your browser settings.
Searchmenow.gg: This one’s tricky. It’s a virus that changes where your browser goes, often by pretending to be a helpful software or an extension. Once it’s on your computer, it alters your browser so much that it might even lock you out of your settings using the “Managed by your organization” feature in Google Chrome. It’s important to remove this virus because it can send you to unsafe websites.
HackTool:Win32/Keygen: This malware tricks people by pretending to be a tool for unlocking paid software for free. But, it can harm your computer. Once it’s in, it hides itself well and can create harmful files without you noticing. Microsoft’s own safety tool, Microsoft Defender, flags it as a big threat.
Knowing about these threats reminds us to be careful online. Always have good security software and think twice before downloading unknown files or extensions.
Threat Summary
| Name | fake Google Drive browser extension, Google Drive extension virus |
| Type | Browser Hijacker / Malicious Browser Extension |
| Risk Level | Medium to High |
| Distribution | Bundled software downloads, Malicious ads, Compromised websites |
| Main Symptoms | Unwanted redirects, Change of default search engine or homepage, Unwanted ads or pop-ups |
| Affected Browsers | Google Chrome (primary target), may affect others (Edge, Opera, etc) |
| Risks | Privacy invasion, system security compromise, fraud |
| Removal | Manual removal via system settings, Anti-malware software scan, Resetting browser settings |
How to remove fake Google Drive extension from Windows 11 (10, 8, 7, XP)
When the deceptive fake Google Drive extension infiltrates your Windows computer, immediate action is essential. Such malware doesn’t just disrupt your browsing; it poses a genuine threat to your digital safety. In the subsequent steps, we’ll guide you through a clear and concise method to remove the fake Google Drive extension from your Windows system. Dive in, and let’s restore your computer’s health.
To remove fake Google Drive extension, perform the steps below:
- Uninstall any suspicious programs
- Fix Windows Policies to Remove the Fake Google Drive Extension
- Remove the Fake Google Drive Extension from Chrome
- Scan your computer for malware
Read this section to know how to manually remove the Fake Google Drive Extension. Even if the step-by-step guide does not work for you, there are several free removers below which can easily handle such hijackers.
Uninstall any suspicious programs
The first step is to check your computer for any suspicious programs or extensions and remove them. To do this, go to the Control Panel (on Windows) or Applications (on Mac) and uninstall any programs that you don’t recognize or that you think may be associated with the Fake Google Drive Extension.
 Windows 7 |
 Windows 8 |
|---|---|
|
|
 Windows 10 |
 Mac OS |
|
|
Fix Windows Policies to Remove the Fake Google Drive Extension
Sometimes, the removal of the Fake Google Drive extension is hindered by certain malware-induced policies. By making changes to the Windows Registry and addressing group policies, you can overcome this obstacle. Here’s how:
- Open Windows Registry Editor:
- Press the Windows key (🪟) and “R” simultaneously. This will bring up the Run dialog box.
- Type “regedit” and hit Enter. The Windows Registry editor will now be visible.
- Navigate and Remove Malicious Registry Entries:
- Head over to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\”. Use this path as your guide.
- Identify and delete the folders named Chromium and Chrome which are associated with the “Managed by your organization” malware.
- Once done, exit the Windows Registry editor.
- Address Group Policy Folders:
- Hold the Windows key (🪟) and “X” together to open a quick-access menu.
- From the menu, choose Command prompt (Administrator). You’ll be presented with a command prompt window.
- Execute the Following Commands:
- Input
rd /S /Q "%WinDir%\System32\GroupPolicyUsers"and hit Enter. - Next, type
rd /S /Q "%WinDir%\System32\GroupPolicy"and press Enter. - Lastly, enter
gpupdate /forceand press Enter. If executed correctly, you’ll be greeted with messages indicating both the Computer Policy and User Policy have been updated successfully.
- Input
- Restart Your Computer:
- After executing the above steps, it’s crucial to restart your computer to ensure the changes take effect.
Remember, modifying the registry and group policies are advanced actions. Always proceed with caution and ensure you’re following the steps correctly.
Remove the Fake Google Drive Extension from Chrome
Having successfully fixed any restrictions that might have prevented the removal of unwanted extensions, it’s now time to tackle and eliminate the Fake Google Drive Extension from your Chrome browser.
- Access Chrome Extensions: Open your Google Chrome browser. Locate the three horizontal dots at the top-right corner (the Chrome menu button) and click it to reveal a drop-down. From this list, opt for ‘More Tools’ and subsequently select ‘Extensions’. Alternatively, quickly navigate by typing
chrome://extensionsinto Chrome’s address bar. - Inspect and Remove: Examine the list of installed extensions. Identify any unfamiliar or suspicious ones, or those you simply don’t need anymore. Click the “Remove” button beneath these extensions. A confirmation pop-up will appear; press “Remove” again.
- Reset Your Browser: To ensure no traces remain, consider resetting your browser settings. This action disables all extensions, clears cookies, and undoes unwanted changes but preserves your bookmarks and saved passwords. To do this:
- Revisit the Chrome main menu.
- Choose “Settings”.
- Find and select “Reset settings”.
- Click on “Restore settings to their original defaults”.
- Confirm by selecting the “Reset settings” button.
Note: If the unwanted extension remains despite these steps, consider using a trustworthy antivirus tool to scan your computer for any related malware or threats.
Scan your computer for malware
After you’ve tried to remove the fake Google Drive extension and reset your browser, there might still be hidden problems. Some bad files can stay hidden or look like normal ones. It’s always a good idea to do a full computer scan to catch these. This way, you can be sure everything harmful is gone. Let’s make sure your computer is clean and safe!
To fully ensure your computer’s safety, consider using MalwareBytes to automatically remove the fake Google Drive extension. MalwareBytes is a trusted anti-malware tool with a strong track record. It’s been widely recognized for its efficiency in detecting and eliminating a broad range of threats, from sneaky browser extensions to more aggressive forms of malware. By employing advanced scanning techniques, MalwareBytes digs deep into your system, ensuring no malicious elements go unnoticed. Simply download, install, and run a full scan with MalwareBytes to clear out any lingering threats related to the fake Google Drive extension or other potential risks.
- Download Malwarebytes by clicking on the link below. Save it on your Windows desktop.
Malwarebytes Anti-malware
326464 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once the download is done, close all applications and windows on your personal computer. Open a folder in which you saved it. Double-click on the icon that’s named MBsetup.
- Choose “Personal computer” option and press Install button. Follow the prompts.
- Once installation is finished, scan your computer. Run a full scan of your computer to detect and remove any browser hijackers and other forms of malware. The scan may take several minutes to complete, depending on the size of your hard drive and the speed of your computer.
- Remove detected threats. If the scan finds any threats, click Quarantine to remove them. The software will automatically remove the browser hijacker and any associated malware. After the removal process is complete, restart your computer to ensure that any changes made by the hijacker are fully removed.
The following video demonstrates how to remove hijackers, adware and other malware with MalwareBytes.
What to Do After Removing the malware
After successfully removing malware, especially one as deceptive as a fake browser extension, it’s crucial to take a few additional steps to ensure the safety and security of your device and data. Here are some recommended actions to take:
- It’s important to change your browser settings back to your preferred search engine and homepage. Make sure that the Fake Google Drive extension virus is completely removed from your browser’s settings and that it cannot reappear.
- If you entered any sensitive information such as login credentials or passwords while the browser hijacker was active, change them immediately. This will prevent any potential identity theft or unauthorized access to your accounts.
- To remove any traces of the fake browser extension, clear your browser history and cache. This will help ensure that any data or information collected by the hijacker is removed from your system.
- Use a reputable anti-malware program like Malwarebytes to scan your computer for any remaining malware or potentially unwanted programs (PUPs). This can help ensure that there are no hidden threats or malicious files on your computer.
- Make sure that your browser and operating system are up-to-date with the latest security patches and updates. This can help prevent future security issues and keep your system protected.
- To avoid getting infected with similar malware in the future, be cautious of downloads and only download from reputable sources. Avoid clicking on suspicious links or downloading attachments from unknown sources.
Conclusion
Removing the fake Google Drive extension is a crucial step to regaining your device’s safety. 🛡️ However, to fortify your defenses, you must not only change your passwords—especially for critical accounts like emails and banking—but also ensure that every piece of software on your device is regularly updated. Cybercriminals prey on outdated systems. 🚫 Activate two-factor authentication wherever you can and be meticulous about your future downloads, ensuring they’re from trusted sources.
Moreover, keep an eye on your accounts for any suspicious activities, signaling potential breaches. 🚨 The digital realm demands constant alertness; by adhering to these guidelines, you’re not only protecting yourself but also contributing to a safer online community. 💻🔒
