All Chrome users need to check for a “Settings Protector” extension — it may be maliciousOctober 13, 2012 5 Email article | Print article
Reports are emerging of an extension by the name of “Settings Protector” is installing itself in Google Chrome for some users. It isn’t entirely clear where this extension comes from, how it is being installed, what it does, or if it is Windows-only or affects other platforms too. However, because of the way it is installing by itself without user interaction, there is suspicion that it may be linked to some sort of malware or scam. It is highly recommended that all Chrome users check to see if Settings Protector is installed and, if it is, to remove it.
If you aren’t sure how to remove Settings Protector, do the following:
- Type “chrome://chrome/extensions/” (without the quotes) in your URL address bar on Chrome and press Enter on your keyboard.
- Once you do that, the extensions menu will open. Scan the menu to see if you find an extension by the name of “Settings Protector”. If it is there, click on the trash can icon next to it to remove it.
Google has not commented on this matter nor have any anti-virus companies released a bulletin warning people of a potential attack on Chrome. However, there is a thread on Google Support Forums where multiple users are confirming seeing it in their Chrome. One user even went so far as to try to track the company behind the extension:
i took some time to track down the file that this extension runs, its in the directory “C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\”
It runs a file spext.dll which the description is -
Product: Application Manager
Company: PerformerSoft LLC
a scan from kaspersky av didn’t determine it as a virus, so i googled PerformerSoft LLC the company and contacted them, the man on the line had no idea what i was talking about so something sounds very suspicious here…
i tried uploading the file but it won’t upload…
Since the source of this add-on is unknown, it is best to get rid of it and then proceed to scan your computer with an anti-malware program. We will be sure to update if we learn more.