We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:JS/Kilim.A
Aliases: JS/Chromex.FBook.F (ESET)
Summary
Windows Defender detects and removes this threat.
This threat is a Chrome browser extension that hijacks your Facebook, Twitter or YouTube account to promote pages. It may post hyperlinks or like pages on Facebook, post comments on YouTube videos, or follow profiles and send direct messages on Twitter without your permission.
It is installed on your computer by Trojan:AutoIt/Kilim.A.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
You can remove the browser extensions created by this trojan by uninstalling and re-installing the Chrome browser or by following the instructions below:
1. Close the Chrome browser
2. Find your Chrome profile folder location. The location of this folder will change, depending on your Windows operating system:
- For Windows XP: %SystemDrive%\Documents and Settings\%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Extensions
- For Windows Vista, 7and 8: %SystemDrive%\Users\%USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\Extensions
When you open this file you may see an extensions list similar to the following:
3. Delete all the folders within the extensions folder. Note: This will remove all your Chrome browser extensions.
