My wife has had several incidents of extensions being installed in Google Chrome that serve up popup ads. One common installation is “savernet.” She’s a careful computer user not given to just answering “yes” to installing anything. We have a working hypothesis: at her school, she sometimes lets students log into their Chrome accounts to access documents. It’s possible those students have bad extensions, which then get installed on her computer in such a way that they load when she logs back in with her own account.

We’ve set her Chrome profile to not synchronize extensions (shown later). Here’s how I fully removed the bad extension from her home machine. There are three sections: Discovery, Removal, and Extra Info.

Discovery

Before removal, there are several places to check for the extension and its impact. But first, here’s an example of the lovely popups. My wife’s not, to my knowledge, interested in Asian beauties.

Opening the Extensions page via the URL Chrome://extensions will not show any previous extensions. There’ll be an oddly named one, though. Enable Developer mode to see the extension’s unique identifier, which we might need later.

image

Checking About Google Chrome, the extension also prevents auto-updating Chrome!

image

From Windows Control Panel, open Add/Remove programs, sort by date, you’ll see savernet installed.

image

I found the extension’s executable files in in c:\ProgramData, which is hidden by default. To view hidden folders:

  1. Open Windows Explorer
  2. Choose View > Options > Change folder and search options
  3. In the View tab, select “Show hidden files, folders, and drives”

image

This is what I found.

image

In Windows Explorer, with the C: drive selected, Search for *.crx. This may take a few minutes. Be sure you’re showing hidden files/folders. These are extension installation files, and it’s normal to have some. We’re looking for something out of place. For example, I once found one in C:\ProgramData\Local\Google\Drive. Any matches to the extension’s unique identifier from above? (In my case, everything was fine.)

image

Advanced Users!: Open regedit. From the keyboard, you can do this using the WIN-R keyboard shortcut and typing “regedit”. You may be prompted for Administrator privileges.

image

In regedit, select “Computer” at the top of the tree, then Edit > Find, and search for “savenet”.  You might elect to remove some keys later, but it’s not necessary since the executables will be gone.

image

Finally, in regedit, open the following key: HKEY_LOCAL_MACHINE\SOFTARE\Policies. You’ll find a Google policy. That’s what’s preventing the automatic updates.

image

Removal

Uninstall the Savernet application.
image

Delete the C:\ProgramData\Savernet folder (and any other bad ones).

Uninstall the Chrome extension.
image

Close Chrome using CTRL-Q or from the menu. DON’T just click the window’s “x”.
image

Open Control Panel > Internet Options and, ideally, reset all. If you use IE a lot, this may be a problem. I don’t know how to just uninstall an IE addin. If you use Firefox, you need to remove the extension in that browser, too.
imageimage

Delete the Policies\Google registry key. Be careful! Only select the “Google” key, then press delete. Selecting/deleting the wrong thing can cause serious problems!

Advanced: I found an entry for “savernet” in HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations, which I deleted.
image
image

Reopen Chrome. Open About Google Chrome page. If asked to update, go ahead.

Advanced: If desired, delete savernet-related registry keys.

Empty your Windows Recycle Bin, just to be on the safe side.

Here’s the Extensions page after clean up, showing the expected extensions.

image

Extra Info

Don’t Sync Extensions

You can prevent Chrome from synchronizing certain items. Open Chrome Settings > Advanced sync settings and uncheck as desired.

image

Incognito Mode

This might help my wife stay safe, and yet allow her students to retrieve work in an emergency. To open Chrome in Incognito mode, which prevents loading extensions:

If pinned to the task bar, right-click and choose Open New Incognito Window

image

Otherwise, Win-R to open run dialog, and enter:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --incognito

image

The little spy guy shows you’re incognito.

image