Follow:

 

VirTool:JS/Redichrextor.A


Microsoft security software detects and removes this threat.

This tool redirects you when you try to view the Chrome Extensions page. It is used by malicious Chrome browser extensions to make them harder to detect and remove.

We have seen this tool being installed and used by:

 



What to do now

The following Microsoft security software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Threat behavior

Installation

This tool arrives on your PC as part of the code of a malicious Chrome browser extension.

Payload

When you try to visit the Chrome Extensions page, VirTool:JS/Redichrextor.A redirects to a different page or website. This means you can't view or remove any Chrome browser extensions.

We have seen this tool redirect to the following legitimate pages:

  • Chrome://newtab
  • Chrome.google.com/webstore
  • http://google.com

Analysis by Jonathan San Jose


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.159.1239.0
Latest detected by definition: 1.177.1816.0 and higher
First detected on: Oct 02, 2013
This entry was first published on: Oct 02, 2013
This entry was updated on: Oct 10, 2013

This threat is also detected as:
  • Trojan.JS.Agent.cbl (Kaspersky)
  • JS/Fastliked.B trojan (ESET)