We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
JS/Kilim
Aliases: JS/Chromex.FBook.F (ESET)
Summary
Microsoft security software detects and removes this family of threats.
They are Chrome browser extensions that hijack your Facebook, Twitter or YouTube accounts to promote pages. The threats might post hyperlinks or like pages on Facebook, post comments on YouTube videos, or follow profiles and send direct messages on Twitter without your permission.
They are installed on your computer by Trojan:AutoIt/Kilim.A.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find other, hidden malware.
Remove Chrome extensions
You can try to uninstall the extension from within Chrome:
If that doesn't work, you can try uninstalling and re-installing Chrome from the Add or Remove Programs control panel:
You can also manually delete all of your Chrome extensions.
Caution: This will delete all of your Chrome extensions, not just the malware described on this page.
- Close the Chrome browser.
- Find your Chrome profile folder location. By default, it's at %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Extensions.
That folder with have a list of all your Chrome extensions (if you have any - if you've removed the extension successfully in the previous options you won't see it here):
3. Delete all the folders within the extensions folder.
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.