Jump to content

I can't remove malware from clients2.googleusercontent.com

Recommended Posts

I have been dealing with a malware that has infected my computer for a while. I completely deleted and reinstalled my Chrome browser
I removed all add-ons in the browser but there was no improvement.
As of today, I have reinstalled my computer and as soon as I logged in to my browser with my account address, the virus warning appeared again. How can I deal with this?

In the attachment, I share the symptoms that occur before installing the computer and the symptoms that occur after installing the computer.





After fresh installation



Link to comment
Share on other sites

2 hours ago, ozturkozgr said:

Why do I need to turn off Chrome sync?

You need to disable Chrome syncing. If enabled, it will keeping installing the extension Eset is detecting.

Link to comment
Share on other sites

  • Administrators

Do you have any extensions installed in Chrome? At least SysInspector didn't show any.

Link to comment
Share on other sites

The log collection program gives a warning at the end of the process. Completed with some shortcomings. 

Let me tell you again. There are some plugins now but I disabled them. However, before formatting my computer, I deleted all add-ons and history settings from my browser and my Google account. I reinstalled eset immediately after setting up the computer. Then I installed the Chrome browser. There was no problem, but as soon as I logged in to Chrome, it gave the same virus warning. Additionally, a malware was detected in clients2.googleusercontent.com. The relevant web address can be seen in the log images. This only happened one time. Then, the attack, which occurred periodically in the routine "temp" directory, continued. While this was happening, there were no add-ons in my browser or Google Chrome web account.

Link to comment
Share on other sites

  • Administrators

At least one of the offending extensions seems to be one with "flash2022" in the name. Do you see such extension installed in Chrome? Could you post a screenshot of all installed Chrome extensions?

Just to make sure, is syncing currently disabled in Chrome?


Link to comment
Share on other sites

Posted (edited)

No, such an extension does not appear. Additionally, deleting or adding all extensions synchronized locally and on the web does not solve the problem. I tried these separately.

Since my applications are in Turkish, I will try to explain them with screenshots.

1 - On this screen, sync is turned off and you can see the available plugins. This way it does not give a virus warning. Everything is fine.



2 - In this screen, sync is on, but the extension sync feature is turned off in the sync setting. Everything is fine again.



3 - On this screen, the extension sync feature is turned on and the virus leak starts again. Additionally, when I manually update the extensions on the Chrome extensions page, the virus leak starts again. Deleting all existing extensions doesn't change anything. I would be happy if you watch the video below.

At this point, I am not sure whether the virus is hosted in my Google Chrome web account or originating from my computer.


Ohh sorry..
A few months ago, I installed Flash Player Emulator as a plug-in because it was necessary and when I was done, I deleted the plug-ins. I think the name of the plugin was Flash2022.



Edited by ozturkozgr
Link to comment
Share on other sites

Is there anyone who can help me? When I open my Google sync account, a virus comes to my computer through the extension provider. I tried to explain it with images and video, but I think I can't explain my problem. It becomes clear how the problem arises.
Completely deleting the add-ons on the browser and Google account does not change anything.

Link to comment
Share on other sites

  • Administrators

I would recommend to:

1, Make sure that syncing is disabled
2, Remove all installed extensions
3, If the problem persists, uninstall Chrome completely including user profiles and install it from scratch. Otherwise:
4, Install extensions one by one to find out which one is triggering the detection.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...