Jump to content

MBAM persistently finds ransomware in Chrome.exe

Recommended Posts

Can I get you to temporarily please change your default browser to either something like Firefox or Opera

Let's have you run a secondary antivirus scanner as well to double-check and make sure there is not some type of threat we're missing. Then we'll go on from there to look at correcting the Operating System issues.


Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not



Link to post
Share on other sites

I have updated my Windows configuration since my last post.

Based on your comment, I've uninstalled Classic Shell and replaced with Open Shell from Github.

I have updated Adobe Flash (no McAfee).

Link to post
Share on other sites
On 7/14/2020 at 10:50 PM, AdvancedSetup said:

Please download and run the following Kaspersky antivirus scanner to remove any found threats

I was unaware until today that you had responded to my post of last Tuesday.

My post was at the foot of page 1. Your almost immediate response was at the top of page 2 - so I missed it completely . My bad. I was too polite to prod for a response.

Anyway, while I was "waiting for a response",  I ran ESET online scanner. No problems:



ESET scanned about 80,000 files in 2 and a half hours. No threats.


3 hours ago, AdvancedSetup said:

Did you do a scan with Kaspersky? Did it find anything?


KVRT ran for 7 minutes and found nothing:






Link to post
Share on other sites
4 hours ago, AdvancedSetup said:

Sorry about that @OldGrantonian


Null problemo. My fault entirely.


4 hours ago, AdvancedSetup said:

Please review the following topic and really clean up Google Chrome good



Here are some comments, from reading line-by-line through the above link.



The issue you're experiencing is likely caused by the syncing mechanism associated with your Google account.


I'm too frightened to use Google Sync. Everything is done manually on different devices.



you may find that Chrome says "Managed by your organization


Before all the recommended cleanup operations, that message did appear. It was on my ToDo list. The message no longer appears.

BTW:  There were three abnormal terminations of chrome.exe during the "waiting period" between last Tuesday and yesterday.

I think I should now wait and see whether the combined assault by ESET and KVRT has remediated the issue.

Thanks for all your help so far.


Link to post
Share on other sites

Please hold on. It may be some type of False Positive.

A couple more users have posted similar so I've asked our Research team to review. I'll check back on you tomorrow if I can, otherwise on Monday

Thank you again


Link to post
Share on other sites
8 hours ago, AdvancedSetup said:

Following up to see how things are going and if you need further assistance.


Hi @AdvancedSetup

I haven't had any recurrence of the issue since I ran the ESET online scanner, as mentioned in a previous post.

However, previous occurrences have been so random that I wouldn't draw any conclusions yet. Previously, I could have 3 occurrences in one day, then nothing for several days.

Anyway I've taken the opportunity and the excuse to assess a long-planned migration  from Chrome to Firefox.

Both browsers have been running side by side so that I can emulate the Chrome look-and-feel in FF. After that has been completed, I can't see any reason to continue running Chrome.

Summarising so far: I seeem to be the only person in the known universe who has the battle between MBAM and Chrome.exe

It's annoying when it happens - especially on the Barclays Bank site, because it's a multiple-page login, with a keycard and 2FA.

BTW:  MBAM always blames Chrome.exe - never the Barclays site. Note that the abnormal termination of Chrome has occurred on several other.


Link to post
Share on other sites

Okay, sounds good. I highly recommend Firefox over Chrome myself but mostly due to marketing and tracking concerns.

Thank you for the follow up reply. I will go ahead then and close your topic.

Take care and have a great day


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you



Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.