Jump to content

Chrome Secure Preferences detection always comes back

Recommended Posts

When Malwarebytes finds some malicious (mostly adware or PUP) settings/startpages/searchengines in your Chrome, it will address this.

(Note, Malwarebytes doesn't really delete the Chrome Secure Preferences file when a detection occurs)

However, some of you may notice it will always come back after the Malwarebytes scan. In that case, it might be because you are still using an older version of Malwarebytes, and/or it's most likely because you have Chrome Sync enabled.

The following instructions need to be done in the EXACT order as outlined below in this post.


So first of all, make sure you have the latest version of malwarebytes installedhttps://www.malwarebytes.com/mwb-download/

Perform another scan, make sure Google Chrome is closed, have it remove what it has found, reboot if being asked to. Then verify if the detection is gone.

If not... then it's most probably because of Chrome Sync that is enabled.

To deal with this, please follow the steps below in the exact order as outlined:

  1. Open your Chrome. 
  2. Go to Settings > People > Sync and Google services (or alternatively, enter the following in the addressbar: chrome://settings/syncSetup)
  3. On the page, Click the Data from Chrome Sync as a first step, Then, click "Turn off" as a second step
  4. 352145640_2019-05-0718_31_12-Settings-SyncandGoogleservices.png.803339cb37bd9ae194c08deb43449503.png
  5. When you click the Turn off, Click the "Sign out" at the prompt.
  6. 847661214_2019-05-0718_31_57-Settings.png.a8659b7c13814dedf39a5fa480f91d1f.png
  7. On the new tab that is still open, this is where your Chrome data is located on the server (alternatively, go to the following url: https://chrome.google.com/sync  )
  8. REFRESH that page!! - Because since you signed out of Chrome, if you don't refresh, resetting sync won't work and you'll get the error: "This Chrome settings page is no longer available"
  9. Sign in with your chrome credentials there.
  10. scroll below to the bottom of the page and click RESET SYNC
  11. 2029665004_2019-05-0718_31_32-DatafromChromesync.png.8467e3d95958dbd92ec0a22f9ab3eb71.png
  12. Close your Chrome browser.
  13. Do NOT enable sync yet, as you need to perform another scan with Malwarebytes first in order to fix Chrome.
  14. Perform a new scan with Malwarebytes and let it delete what it has found.
  15. Reboot in case it asks to reboot.

Verify after a next scan the detection doesn't occur anymore. If results come back clean, you can enable Google Sync again.


It will ask for your username first, in order to log in - Once that is done, it should automatically enable Sync again. You can adjust the sliders what you want to sync.

If you have multiple Operating systems, run malwarebytes on it first before logging back into Chrome. This to make sure the malware is also cleaned from the other PC(s). If not cleaned, it will sync the malware from the "uncleaned" PC back again to the server and then back to your clean PC.






Edited by AdvancedSetup
Updated information

Share this post

Link to post
Share on other sites

If the instructions above didn't solve your issue (repeated detections), you can try to manually clean your Google Chrome settings, as to remove the threat(s) Malwarebytes is detecting (the one(s) that keeps coming back). There are three main areas that you can clean: the New Tab page, the Search engine, and the On start-up (start page):

  • On the top-right corner of Google Chrome, click on the three little dots, and then click on Settings (or simply access chrome://settings from the navigation/URL bar)
  • Under Appearance and Show Home button, make sure that either New Tab page is selected, or that you know and trust the website in the second option (ex: google.com)
  • Under Search engine, make sure that the Search engine used in the address bar is set to Google or another trusted search engine (such as DuckDuckGo)
  • Click on the Manage search engines button, and under Default search engines, delete every other options (by clicking on the three little dots on the right, followed by Remove from list) other than Google
  • Remove the search engines under Other search engines as well
  • Once done, go back and under On start-up, make sure that the Open the New Tab page option is selected OR, if the Open a specific page or set of pages option is selected, make sure that only knowns and trusted websites are listed. Otherwise, delete them by clicking on the three little dots on the right and select Remove

If the instructions above didn't do the trick for you, you can run AdwCleaner and delete the threats it detected and see if it works.

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it

Please note that the solution below isn't recommended, as it'll prevent Malwarebytes from cleaning Google Chrome settings (malicious ones) in the future, until you revert the changes you made. You should do this only if you want to disable the detection(s) for this/these specific file(s) while waiting for a fix to be released.

Another possible solution at the moment, is to add the detected file(s) (either Web Data, Secure Preferences or both) to Malwarebytes' scan exclusion list, so it won't get detected anymore. For more information on how to proceed, follow the instructions in the support article below.

Add exclusions to the Malwarebytes Management Console

The two possible files to add are:

C:\Users\$YOUR_USERNAME\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
C:\Users\$YOUR_USERNAME\AppData\Local\Google\Chrome\User Data\Default\Web Data

For instance, the full path for these two files on my system would be:

C:\Users\Aura\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
C:\Users\Aura\AppData\Local\Google\Chrome\User Data\Default\Web Data

If the solution(s) listed above didn't work for you, please start a new thread in the Malware Removal for Windows section in order to get more assistance.


Edited by AdvancedSetup
updated link

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.