All Chrome users need to check for a “Settings Protector” extension — it may be malicious
October 13, 2012 5
Email article | Print article 
Reports are emerging of an extension by the name of “Settings Protector” is installing itself in Google Chrome for some users. It isn’t entirely clear where this extension comes from, how it is being installed, what it does, or if it is Windows-only or affects other platforms too. However, because of the way it is installing by itself without user interaction, there is suspicion that it may be linked to some sort of malware or scam. It is highly recommended that all Chrome users check to see if Settings Protector is installed and, if it is, to remove it.
If you aren’t sure how to remove Settings Protector, do the following:
- Type “chrome://chrome/extensions/” (without the quotes) in your URL address bar on Chrome and press Enter on your keyboard.
- Once you do that, the extensions menu will open. Scan the menu to see if you find an extension by the name of “Settings Protector”. If it is there, click on the trash can icon next to it to remove it.
Google has not commented on this matter nor have any anti-virus companies released a bulletin warning people of a potential attack on Chrome. However, there is a thread on Google Support Forums where multiple users are confirming seeing it in their Chrome. One user even went so far as to try to track the company behind the extension:
i took some time to track down the file that this extension runs, its in the directory “C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\”
It runs a file spext.dll which the description is -
Product: Application Manager
Company: PerformerSoft LLC
Description: Protectora scan from kaspersky av didn’t determine it as a virus, so i googled PerformerSoft LLC the company and contacted them, the man on the line had no idea what i was talking about so something sounds very suspicious here…
i tried uploading the file but it won’t upload…
Since the source of this add-on is unknown, it is best to get rid of it and then proceed to scan your computer with an anti-malware program. We will be sure to update if we learn more.
[via Ghacks]
About the author: Ashraf View all posts by Ashraf
Related »
5 Comments »
Leave A Response »
Thanks for the advisory (unfortunately . . .).
Just an FYI, I posted a link to this article on a forum I visit frequently. Thought they should be aware of this also.
I personally don’t use Chrome but there are many who do.
the link to ghacks has got a part of the ditTech-link to anti-malware appended
Why can’t I write any posts any more. I am sorry that I wasn’t, however I was in hospital. I would like access back
I got this after installing babylon toolbar and searchengine by mistake. I would lock up these developers.