My wife has had several incidents of extensions being installed in Google Chrome that serve up popup ads. One common installation is “savernet.” She’s a careful computer user not given to just answering “yes” to installing anything. We have a working hypothesis: at her school, she sometimes lets students log into their Chrome accounts to access documents. It’s possible those students have bad extensions, which then get installed on her computer in such a way that they load when she logs back in with her own account.
We’ve set her Chrome profile to not synchronize extensions (shown later). Here’s how I fully removed the bad extension from her home machine. There are three sections: Discovery, Removal, and Extra Info.
Before removal, there are several places to check for the extension and its impact. But first, here’s an example of the lovely popups. My wife’s not, to my knowledge, interested in Asian beauties.
Opening the Extensions page via the URL Chrome://extensions will not show any previous extensions. There’ll be an oddly named one, though. Enable Developer mode to see the extension’s unique identifier, which we might need later.
Checking About Google Chrome, the extension also prevents auto-updating Chrome!
From Windows Control Panel, open Add/Remove programs, sort by date, you’ll see savernet installed.
I found the extension’s executable files in in c:\ProgramData, which is hidden by default. To view hidden folders:
- Open Windows Explorer
- Choose View > Options > Change folder and search options
- In the View tab, select “Show hidden files, folders, and drives”
This is what I found.
In Windows Explorer, with the C: drive selected, Search for *.crx. This may take a few minutes. Be sure you’re showing hidden files/folders. These are extension installation files, and it’s normal to have some. We’re looking for something out of place. For example, I once found one in C:\ProgramData\Local\Google\Drive. Any matches to the extension’s unique identifier from above? (In my case, everything was fine.)
Advanced Users!: Open regedit. From the keyboard, you can do this using the WIN-R keyboard shortcut and typing “regedit”. You may be prompted for Administrator privileges.
In regedit, select “Computer” at the top of the tree, then Edit > Find, and search for “savenet”. You might elect to remove some keys later, but it’s not necessary since the executables will be gone.
Finally, in regedit, open the following key: HKEY_LOCAL_MACHINE\SOFTARE\Policies. You’ll find a Google policy. That’s what’s preventing the automatic updates.
Delete the C:\ProgramData\Savernet folder (and any other bad ones).
Open Control Panel > Internet Options and, ideally, reset all. If you use IE a lot, this may be a problem. I don’t know how to just uninstall an IE addin. If you use Firefox, you need to remove the extension in that browser, too.
Delete the Policies\Google registry key. Be careful! Only select the “Google” key, then press delete. Selecting/deleting the wrong thing can cause serious problems!
Reopen Chrome. Open About Google Chrome page. If asked to update, go ahead.
Advanced: If desired, delete savernet-related registry keys.
Empty your Windows Recycle Bin, just to be on the safe side.
Here’s the Extensions page after clean up, showing the expected extensions.
Don’t Sync Extensions
You can prevent Chrome from synchronizing certain items. Open Chrome Settings > Advanced sync settings and uncheck as desired.
This might help my wife stay safe, and yet allow her students to retrieve work in an emergency. To open Chrome in Incognito mode, which prevents loading extensions:
If pinned to the task bar, right-click and choose Open New Incognito Window
Otherwise, Win-R to open run dialog, and enter:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --incognito
The little spy guy shows you’re incognito.