Link to home
Start Free TrialLog in
Avatar of Elixir2
Elixir2Flag for United States of America

asked on

Chrome browser extension - virus/malware and unable to uninstall

Hi Experts,
I'm stumped on removing a virus from a computer. It shows up as an extension in Google Chrome. It's called WebSecurity and I can't find more than 5 hits on the internet.
This is the bad extension.

Against this, we've run Hitman Pro, MalwareBytes, AdwCleaner, Spybot, HijackThis.

We're looking for advise on a way to remove the extension permanently.
Avatar of John
Flag of Canada image

It appears to be an extension (add-in) from Google Store. Here is a support page for uninstalling.

Does this help?
Avatar of Elixir2


Ah, we're way past that. When you try to use the instructions you linked (uninstall an extension) we do not see the option to "Remove from Chrome" nor a little trash can. Instead, we see a office building icon and the hover tip says "Installed by Enterprise Policy." This computer is not part of an enterprise or a domain, etc. It is a home-use computer with a virus.

Also, when using CCleaner, we see in the Startup under Google Chrome only, the Extension called "WebSecurity" version 2. And when we try to use CCleaner to Disable or Delete, it responds, "Some of the selected items cannot be changed as they are protected by the browser."

I am currently researching here. These are the steps I'm following... for now.
If you are getting pop ups, try the following:

Download, install and run Process Explorer from Microsoft. Look under Explorer on the left side and see if there are any strange (alphanumeric) processes. If so, kill these processes, exit Process Explorer and do NOT restart.

Now run Malwarebytes again to remove these processes while stopped

When that is done, restart.
Avatar of Thomas Zucker-Scharff
Or you can download and install chameleon from  ( Run svchosts from the chameleon directory.

Also you may wish to try SPYBHOREMOVER and then SPYDLLREMOVER from
What negative events do you experience by leaving Web Security alone?  
As mentioned, it is an add-on from Google.  I see no indication it is malware or a virus.
Avatar of Elixir2


I've run Malwarebytes with the services stopped. It looks good until you start Chrome again, and then the plug in comes back. I'll try some of Thomas' ideas, too.

When Chrome is running this extension, CPU use spikes to 100%. We believe it to be part of a spy-ware collection some of which can send data to a third part and log keystrokes. It most definitely is NOT something that comes with Chrome as a default install. It is malware. I have reported it to the Google store (see link in OP if you wish to do the same.)

Better yet, if you have a "Sandbox" go ahead and install this Chrome extension and then see if you can remove it. Tell me how you did it.
Uninstall Chrome completely, stop processes / services again, run Malwarebytes again. Shut down, start up and check if any errors occur.

Only after complete cleanup, install the newest version of Chrome.
If this started only recently, run a System Restore to a time before the problem started.
Another place worth checking is the properties of the icon to start up Chrome. There may be a command line argument (under target) to add the offending extension in there.
I am not convinced that the WebSecurity Add-on is virus/malware.  
I suspect the 100% use of CPU is due to some other application.  Have you run Process Explorer (as suggested earlier) to see if any unsuspected application is running?

"When Chrome is running this extension, CPU use spikes to 100%. "  Does this mean there are times when you are not running this extension?   If so, do not run it.

FWIW--the link posted by davidanders is about WebSecurity App-- not necessarily Google's WebSecurity Add-on.
Avatar of Elixir2


I'll pick up from my last post and respond in order. Thank you all, Experts, for this, as the rabbit-hole goes deeper. You'll be amazed what we found (or didn't find)...

John Hurst - did the uninstall/reinstall. I used a tool called Complete Uninstall to get rid of all Chrome's keys and folders. MBAM finds nothing, then after reinstalling Chrome's newest version, the bad extension comes back. No joy.

To everyone: this extension is NOT in your Chrome browser so stop suggesting it is a "normal" or "default" thing that I should just live with. LMAO. That is not an option.

jcimarron - we are past the last clean system restore point, as this occurred in May. Good idea tho. Also to your last post - I meant "When Chrome is running, this extension causes CPU to spike to 100%" When I close Chrome it goes away and memory use drops immediately.

Mike Sun - Great idea, checked shortcut after reinstalling Chrome and it is clean. Sorry!

davidanders - that's a different malware, as jcimarron suspected. Not what we are looking at.

I was able to get additional information from the client/end user who had this "befall" him. His ex-girlfriend installed this software on the computer: 
And paid for a subscription, so it will be tough to get rid of, according to them. We chatted with tech support from Awareness Technologies (maker of WebWatcher) and they provided the attachment needed to be filled out and returned to authorize removal of the software!

So now that we know that name is not just WebSecurity, but that is just a Chrome extension for WebWatcher, we have another lead in this mystery. Hack on Experts! Let me know what you find.
Avatar of Elixir2


PS: I am not seeing any pop-ups, FWIW. This is a monitoring software...
Another place worth checking is the task scheduler. Under "Task Scheduler Library", remove any unknown or unwanted tasks found in there...
Avatar of Elixir2
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Just an FYI, that pirate cd is actually legal in some countries.
Avatar of Elixir2


Thought the Experts' input was helpful, this was not a case that could have been solved without direct access to the PC and the EU.