One of our employees uses his personal Google account in Chrome on one of our office computers. He came to me with an ESET Nod32 notification about a file infected with JS/Spigot.B; it comes up every time he opens Chrome. I did all the standard malware removal procedures and removed all his Chrome extensions via the chrome://extensions page, but it turns out that the root of the problem is related to an extension in his Google account, not the computer, even though I removed every extension, about 10 in total.
Any Windows profile on any computer that I use to log into his Google account via Chrome results in the ESET notification of an infected file being detected. This warning does not occur if I disable syncing of extensions.
While investigating, I went to chrome://sync-internals >> Sync Node Browser >> Extensions and found 5 extensions remaining. One, called Template Hub, has the following ID: hkmndieloknaojdmjdkmhmfcbg
(WARNING: DO NOT INSTALL UNLESS YOU WANT TO RISK HAVING THE SAME PROBLEM)
Googling that ID lead me to:
Trying to install this extension results in an error and it fails to install, but then I get the same infected file notification. Thus far, I cannot find a way to remove the extension from the Google account, as I've already removed everything listed under Settings >> Extensions. Until I can remove it from the Google account, it will continue to pop up on any computer that is used to login via Chrome to his account with syncing of extensions enabled.
Does anybody here know how to resolve this without creating a new Google account? Thanks for your time!