Fake ‘Save to Google Drive’ Extension (Virus Removal Guide)

⚠️ Our team has discovered a malicious browser extension called “Save to Google Drive”, which deceives users by posing as a legitimate extension for Chrome. This extension is actually a form of adware, a type of malware that is designed to collect sensitive information and display unwanted advertisements. Adware generates revenue for its creators by showing ads and extracting data for marketing purposes, causing system slowdowns and potential crashes.

“Save to Google Drive” can inject malicious scripts, cause unwanted redirects, restrict access to specific websites, and more. Enabling the “Managed by your organization” feature through “Save to Google Drive” opens avenues for manipulating user settings and potentially compromising user privacy and security.

Understanding the “Save to Google Drive” Malicious Extension 🔍🔀

The “Save to Google Drive” is a harmful type of browser extension. Unlike standard extensions that enhance your browsing experience, “Save to Google Drive” manipulates your browser settings to control your online activities, often leading to unwanted changes and security risks.

Why Manipulate Browser Settings? 💰

The creators of “Save to Google Drive” may use such manipulation for financial gain or data theft. By controlling your browser, “Save to Google Drive” can redirect your searches to specific sites, collect sensitive information, and even insert or display unwanted ads. This can generate revenue through ad clicks, data sales, or affiliate marketing, exploiting your browser as an unwitting tool in their scheme.

How Does This Happen? 🌐

“Save to Google Drive” employs various methods to take over your browser and direct your online actions. Here’s an overview of the common tactics it uses:

• Modifying Browser Settings: “Save to Google Drive” can change your homepage, search engine, and other settings to redirect your browsing and searches to sites it controls or benefits from.
• Installing Unwanted Extensions: It might add malicious extensions to your browser that track your activities, inject ads, or redirect your searches without your consent.
• Abusing Legitimate Features: “Save to Google Drive” may misuse legitimate browser features, like the “Managed by your organization” setting, to gain more control and make itself harder to remove.
• Collecting User Data: By monitoring your browsing, “Save to Google Drive” can collect a wide range of data, including websites visited, search queries, and even login credentials, for malicious purposes.
• Preventing Removal: To maintain its presence, “Save to Google Drive” might block you from restoring your regular browser settings or uninstalling the malicious extension, complicating its removal.

“Save to Google Drive”‘s techniques are designed to be stealthy and effective, aiming to remain undetected while exploiting your browser.

How “Save to Google Drive” Enters Your Computer 🚪

“Save to Google Drive” can infiltrate your system through various means:

• Deceptive Installers: “Save to Google Drive” often comes bundled with other software, tricking you into installing it alongside seemingly legitimate programs.
• Misleading Updates: Fake update notifications might actually install “Save to Google Drive” when clicked.
• Phishing Emails: Emails with malicious links or attachments can install “Save to Google Drive” if interacted with.
• Compromised Websites: Simply visiting a malicious website might initiate an automatic download of “Save to Google Drive”.

In Summary, “Save to Google Drive” is a malicious browser extension that poses significant risks to your online security and privacy. It manipulates browser settings to redirect searches, collect personal data, and even prevent removal, all for the benefit of its creators. Vigilance and robust security measures are crucial to protect against such threats.

Examples of Browser hijackers

Browser hijackers are a prevalent and persistent threat that can significantly disrupt users’ online activities and compromise their privacy. These malicious programs manipulate browser settings, redirect searches, and often exhibit intrusive behavior. In this section, we present a list of browser hijackers similar to “Save to Google Drive”, including Gosearches.gg and other notable variants.

Fake Google Drive extension, Chromstera Browser Hijacker, and BestSearch.Ai are examples of other browser hijackers similar to “Save to Google Drive” that you should be aware of. By familiarizing yourself with these examples, you can better recognize the characteristics and potential risks associated with these hijackers.

Threat Summary

Name	“Save to Google Drive”, “Save to Google Drive” virus
Type	browser hijacker, fake search engine
Affected Browser Settings	home page, search provider, newtab URL
Affected Browsers	Google Chrome (primary target), may affect others (Edge, Opera, etc)
Detection Names (installer)	BitDefender (Gen:Variant.Application.Agent.183), Bkav Pro (W32.Common.FA9215DF), Cylance (Unsafe), Cynet (Malicious score: 100)ALYac (Gen:Variant.Application.Agent.183), DeepInstinct (MALICIOUS), Emsisoft (Gen:Variant.Application.Agent.183 (B), Arcabit (Trojan.Application.Agent.183), Avast (FileRepMalware [Misc]), AVG (FileRepMalware [Misc]),
“Save to Google Drive” installer (malware)	Setup.msi, 528dd9.msi, wallpaper.exe, Setup.exe, Your File Is Ready To Download.exe, Recent Posts.exe
Distribution	Bundled downloads, fake extensions, malicious ads, fake software updaters
Symptoms	Unwanted changes to browser settings, redirects, ads
Risks	Privacy invasion, system security compromise, fraud
Removal	Use the “Save to Google Drive” removal guide

How to remove “Save to Google Drive” from Windows 11 (10, 8, 7, XP)

When the “Save to Google Drive” malicious browser extension gets onto your Windows computer, it’s important to act quickly. This isn’t just about annoying changes to your web browsing; it’s a real risk to your online security. In the following steps, we’ll show you a straightforward way to get rid of “Save to Google Drive” from your Windows system. Let’s get started and get your computer back to normal.

To remove “Save to Google Drive”, perform the steps below:

1. Uninstall any suspicious programs
2. Fix Windows Policies to Remove “Save to Google Drive”
3. Remove the “Save to Google Drive” from Chrome
4. Scan your computer for malware

Read this section to know how to manually remove the “Save to Google Drive” redirect virus. Even if the step-by-step guide does not work for you, there are several free removers below which can easily handle such hijackers.

Uninstall any suspicious programs

The first step is to check your computer for any suspicious programs or extensions and remove them. To do this, go to the Control Panel (on Windows) or Applications (on Mac) and uninstall any programs that you don’t recognize or that you think may be associated with the “Save to Google Drive” hijacker.

Windows 7	Windows 8
Click ‘Start’. In the Start menu select ‘Control Panel’. Find and select ‘Programs and Features’ or ‘Uninstall a program’. Select the program. Click ‘Uninstall’.	Press and hold Windows key and hit X key. Select ‘Programs and Features’ from the menu. Select the program. Click ‘Uninstall’.
Windows 10	Mac OS
Press and hold Windows key and hit X key. Select ‘Programs and Features’ from the menu. Select the program. Click ‘Uninstall’.	On the top menu select ‘Go’, then ‘Applications’. Drag an unwanted application to the Trash bin. Right-click on the ‘Trash’ and select ‘Empty Trash’.

Fix Windows Policies to Remove the “Save to Google Drive” hijacker

Sometimes, the removal of the “Save to Google Drive” virus is hindered by certain malware-induced policies. By making changes to the Windows Registry and addressing group policies, you can overcome this obstacle. Here’s how:

1. Open Windows Registry Editor:
   • Press the Windows key (🪟) and “R” simultaneously. This will bring up the Run dialog box.
   • Type “regedit” and hit Enter. The Windows Registry editor will now be visible.

   

2. Navigate and Remove Malicious Registry Entries:
   • Head over to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\”. Use this path as your guide.
   • Identify and delete the folders named Chromium and Chrome which are associated with the “Managed by your organization” malware.
   • Once done, exit the Windows Registry editor.

   

3. Address Group Policy Folders:
   • Hold the Windows key (🪟) and “X” together to open a quick-access menu.
   • From the menu, choose Command prompt (Administrator). You’ll be presented with a command prompt window.

   

4. Execute the Following Commands:
   • Input rd /S /Q "%WinDir%\System32\GroupPolicyUsers" and hit Enter.
   • Next, type rd /S /Q "%WinDir%\System32\GroupPolicy" and press Enter.
   • Lastly, enter gpupdate /force and press Enter. If executed correctly, you’ll be greeted with messages indicating both the Computer Policy and User Policy have been updated successfully.

   

5. Restart Your Computer:
   • After executing the above steps, it’s crucial to restart your computer to ensure the changes take effect.

Remember, modifying the registry and group policies are advanced actions. Always proceed with caution and ensure you’re following the steps correctly.

Remove “Save to Google Drive” from Chrome

Having successfully fixed any restrictions that might have prevented the removal of unwanted extensions, it’s now time to tackle and eliminate “Save to Google Drive” from your Chrome browser.

1. Access Chrome Extensions: Open your Google Chrome browser. Locate the three horizontal dots at the top-right corner (the Chrome menu button) and click it to reveal a drop-down. From this list, opt for ‘More Tools’ and subsequently select ‘Extensions’. Alternatively, quickly navigate by typing chrome://extensions into Chrome’s address bar.
2. Inspect and Remove: Examine the list of installed extensions. Identify any unfamiliar or suspicious ones, or those you simply don’t need anymore. Click the “Remove” button beneath these extensions. A confirmation pop-up will appear; press “Remove” again.
3. Reset Your Browser: To ensure no traces remain, consider resetting your browser settings. This action disables all extensions, clears cookies, and undoes unwanted changes but preserves your bookmarks and saved passwords. To do this:
   • Revisit the Chrome main menu.
   • Choose “Settings”.
   • Find and select “Reset settings”.
   • Click on “Restore settings to their original defaults”.
   • Confirm by selecting the “Reset settings” button.

   

Note: If an unwanted extension remains despite these steps, consider using a trustworthy antivirus tool to scan your computer for any related malware or threats.

Scan your computer for malware

After you’ve tried to remove “Save to Google Drive” and reset your browser, there might still be hidden problems. Some bad files can stay hidden or look like normal ones. It’s always a good idea to do a full computer scan to catch these. This way, you can be sure everything harmful is gone. Let’s make sure your computer is clean and safe!

To fully ensure your computer’s safety, consider using MalwareBytes to automatically remove the “Save to Google Drive” redirect virus. MalwareBytes is a trusted anti-malware tool with a strong track record. It’s been widely recognized for its efficiency in detecting and eliminating a broad range of threats, from sneaky browser extensions to more aggressive forms of malware. By employing advanced scanning techniques, MalwareBytes digs deep into your system, ensuring no malicious elements go unnoticed. Simply download, install, and run a full scan with MalwareBytes to clear out any lingering threats related to the “Save to Google Drive” or other potential risks.

1. Download Malwarebytes by clicking on the link below. Save it on your Windows desktop.
   
   

   Malwarebytes Anti-malware
   327220 downloads
   Author: Malwarebytes
   Category: Security tools
   Update: April 15, 2020
   
2. Once the download is done, close all applications and windows on your personal computer. Open a folder in which you saved it. Double-click on the icon that’s named MBsetup.
3. Choose “Personal computer” option and press Install button. Follow the prompts.
4. Once installation is finished, scan your computer. Run a full scan of your computer to detect and remove any browser hijackers and other forms of malware. The scan may take several minutes to complete, depending on the size of your hard drive and the speed of your computer.
5. Remove detected threats. If the scan finds any threats, click Quarantine to remove them. The software will automatically remove the browser hijacker and any associated malware. After the removal process is complete, restart your computer to ensure that any changes made by the hijacker are fully removed.

The following video demonstrates how to remove hijackers, adware and other malware with MalwareBytes.

What to Do After Removing the malicious browser extension

After successfully removing malware, especially one as deceptive as a malicious browser extension, it’s crucial to take a few additional steps to ensure the safety and security of your device and data. Here are some recommended actions to take:

1. It’s important to change your browser settings back to your preferred search engine and homepage. Make sure that the “Save to Google Drive” virus is completely removed from your browser’s settings and that it cannot reappear.
2. If you entered any sensitive information such as login credentials or passwords while the browser hijacker was active, change them immediately. This will prevent any potential identity theft or unauthorized access to your accounts.
3. To remove any traces of the browser hijacker, clear your browser history and cache. This will help ensure that any data or information collected by the hijacker is removed from your system.
4. Use a reputable anti-malware program like Malwarebytes to scan your computer for any remaining malware or potentially unwanted programs (PUPs). This can help ensure that there are no hidden threats or malicious files on your computer.
5. Make sure that your browser and operating system are up-to-date with the latest security patches and updates. This can help prevent future security issues and keep your system protected.
6. To avoid getting infected with similar malware in the future, be cautious of downloads and only download from reputable sources. Avoid clicking on suspicious links or downloading attachments from unknown sources.

In Conclusion: Your Online Safety Matters! 🛡️

“Save to Google Drive” is a malicious browser hijacker that affects Chrome, Edge, and Firefox users. Its deceptive tactics compromise both user experience and privacy. By recognizing its signs and employing dedicated removal steps tailored to each browser, you can restore your settings and safeguard your online activities.

To keep yourself safe, remember to be cautious when downloading things online, and think twice before adding anything to your web browser. Always keep your computer updated and use reliable antivirus software. If “Save to Google Drive” or any other suspicious software sneaks in, don’t hesitate to seek help from tech experts to keep your online experience smooth and secure. Your online safety is in your hands! 🌐🔒