Help removing Extension:cheapdealcoupon

Klein

So on google chrome I have an extension called "cheapdealcoupon" that I am unable to remove on windows 8. It does not show up in my extensions so I am unable to delete it that way. I have reset chrome and it is still present, and after going through my installed applications I cannot locate any questionable files to uninstall. I can find it in the task manager for chrome and have the PID and can turn it off, but it restarts every time chrome restarts. I have ran Malwarebytes, AVG, and Spybot but it still persists. Any other help would be greatly appreciated.

JebusUD

Pehaps Hijack This! would help, though i'm not certain it works in windows 8. Worth a try probably.

KafkaAU

I had a problem with this adware. I think I downloaded the free avast anti-virus to clean it up.

melissa1981

Klein wrote: »

So on google chrome I have an extension called "cheapdealcoupon" that I am unable to remove on windows 8. It does not show up in my extensions so I am unable to delete it that way. I have reset chrome and it is still present, and after going through my installed applications I cannot locate any questionable files to uninstall. I can find it in the task manager for chrome and have the PID and can turn it off, but it restarts every time chrome restarts. I have ran Malwarebytes, AVG, and Spybot but it still persists. Any other help would be greatly appreciated.

Yeah those are a pain in the arse. I'm 99.99% sure that you're encountering a registry issue. Download a registry cleaner, I use Wise Registry Cleaner. It's free, unlimited, and doesn't have an adware packed with it. Anyway, once you download whichever one you want and run it. It should fix the problem. Also, make sure it's not one of your search engine options in Google Chrome. Those little buggers like to hide in there as well. If you still cannot fix it and you want me to remote desktop you, I have teamviewer just let me know. Hopefully the registry cleaner will work for you though.

Tube

I would strongly caution against letting anyone remote desktop into your account.

SeñorAmor

Are you running the scan from the infected computer? If possible, pull your drive and scan it from a clean computer.

Sometimes malware gets its hooks in so well that malware removal tools struggle to remove every last remnant. If you scan your drive from a clean computer, the malware won't have a chance to run and should hopefully be easier to remove.

Klein

Hey, thanks all for the suggestions, I will be giving them a shot this weekend and give an update. I think I am fine without the remote desktop, I have a friend who can give me a hand if I need that level of help.

Tofystedeth

Get the name of the executable from the task manager. Do a search for it in your file system. I'd go ahead and uninstall chrome again and nuke your chrome profile. Not sure where it keeps it, I use FireFox.
Delete the file and related files. Do a search for the executable name in the registry as well, remove any keys containing it. Reinstall chrome, see if it still comes up.

The Microsoft tool Autoruns might be able to pick it up. I know it can pick up IE browser extensions and a bunch of stuff.

Great Scott

Typically, what I do is make a new user for the computer, and then sign in to that user. Without running Chrome, I'd install and run MalwareBytes from a USB thumbdrive (so you don't need to connect to the Internet from the affected PC).

In many cases, these kind of extensions are specific to a particular username in Windows.

melissa1981

Klein wrote: »

Hey, thanks all for the suggestions, I will be giving them a shot this weekend and give an update. I think I am fine without the remote desktop, I have a friend who can give me a hand if I need that level of help.

Glad you got someone on hand that can help you if you don't get it sorted. I am not some kind of creeper and am kind of offended by the comment made by Tube about not letting people remote desktop, but it's understandable. It's hard to diagnose and fix a computer without actually seeing the processes running, installed prog's, extensions, etc. I used to have a pc shop when I was still married, just thought I'd offer if you need, but since you have someone that can help you that'll be good. good luck!

Bendery It Like Beckham

So chrome extensions are saved in ->C:\Documents and Settings\*UserName*\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions for XP
and
C:\Users\*UserName*\AppData\Local\Google\Chrome\User Data\Default\Extensions
for vista - 8.1

One of the things you'll see with adware is they exploit the way chrome handles extensions to deny access to removing them from the application. What does that mean for you? Well, deleting them from appwiz or from within chrome themselves wont actually delete the extension because the program remains in the folder.

Navigate to the above location and take a look at the number of folders there, there aren't going to be any real indicators about which folder is the bad extension but the last modified date may shine some light on it. If you don't care about any of the extensions just delete them all from orbit and it should resolve your initial issue.

If the extension still reinstalls itself after doing this chances are there is some kind of script running on startup that is installing it, a scheduled task pointing to an installer, or some other form of trickery. Make sure you sign out of the google cloud when you do it and possibly just delete the chrome user and create a new one.

Oh, also check your chrome shortcuts, under "Target" it should just be "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" if there is anything additionally added go ahead and remove it. This is one of the things that can be done to alter the homepage that opens up when you start chrome, they just add "http://www.lookatallthesefuckingvirusesyounowhave.com" and it can give the illusion of an infection.

Hevach

Actually, you can find out which folder in there is the right one. In Chrome's extension page, enable "Developer Mode." This will display each addon's ID (which will look like a long string of random letters, for example, here's one out of my list: "ID: cfhdojbkjhnklbpkdaibdccddilifddb"). That ID will be the name of the folder that addon is in.

So if I wanted to get rid of that addon, I'd go to c:\users\*name*\appdata\local\google\chrome\extensions and delete the folder cfhdojbkjhnklbpkdaibdccddilifddb.

Draygo

Often viruses will take advantage of Googles poor implementation of group policy to prevent themselves from being removed, even on computers running home premium which should not leverage group policy at all.

Check your windows registry under HKLM\Software\Policies\Chromium or HKLU\Software\Policies\Chromium

Delete the Chromium key and all its subkeys in both locations if it exists. Backup your registry first before doing this.

There is a particular key that can be added to force the reinstall of an extension called ExtensionInstallForcelist.

So if you find it comes back after you deleted the extension's files, check those particular registry keys.