My Google account is possibly infected with a Malware

Mike Messiah

Contributor
I have reinstalled my windows, installed chrome from scratch, yet this problem occurs. In settings>search engine> Search engine used in the address bar .. i have search options to choose:
  • google
  • bing
  • duckduckgo
  • yahoo
When i use 'bing' , i get results from bing. All is fine. Same with 'duckduckgo' and 'Yahoo'. No problem. However when i pick the option of ' google' , my address bar search leads me to https://ursearch.net/?s=
On the same computer when i switch to my alternate Google account on Chrome, setting search option as ' google' gives me google search results, rightly so.
I don't use any extension, i always delete browser history, cookies, cache, disabled any possible trackers, even removed 'personalized Ads' option from my google account.

Here is the crazy part. I shared this problem with my friend who right away said its a virus issue. So i took his laptop, logged him out of chrome, logged in to chrome with my account, and did a search and BAM, i am lead to the same old site: https://ursearch.net/?s= . My friend was panicking, saying i "infected" his laptop. He logged into his google account and the problem isn't there, its normal like how it is with my alternate google account.

I tried every "solution" on various websites, even those that sneakily push us to download their software. AdwCLeaner, Malwarebytes, name every malware killing software and i have tried it all.
The most common advice i got is to abandon my main google account. Its not so easy as every part of my financial and academic life is linked to this account.
 
It seems to be the malware is messing with chrome's DNS settings. I haven't seen this type of issue but you won't have to abandon your account, just look for something related to DNS in chrome's advanced settings
 
My guess would be some malicious chrome extension. Extensions get synced and installed with the associated Google account.

Try removing all extensions from chrome extension settings, let it sync and then reset chrome/do a fresh chrome install. Hopefully that fixes it.
 
Can u try this using cmd prompt( run as administrator)

rd /S /Q "%WinDir%\System32\GroupPolicyUsers"
rd /S /Q "%WinDir%\System32\GroupPolicy"
gpupdate /force
No point of this, it's used to update group policies applied by your domain controller. If the system isn't domain joined and is using a local account then this does nothing.
Also this won't fix the issue.
 
Have you tried using this google account in some other browser like Firefox or Safari? If it doesn't resort to the same issue in Firefox, you can be sure that it is some extension associated with your account in the Chrome store and like others have mentioned above, it downloads in the background and giving you the impression that your chrome is extension-free but it really isn't.

If the issue persists in Firefox too, then you have a problem with your account itself and might need deeper investigation. But I am almost sure it won't.
 
Check if your phone is infected by some malware as it might happen that its triggering something.

Also, check in Task scheduler if some fishy task is running triggering the issue. Delete any unknown tasks.
 
Guys problem solved. Someone on Digit forum helped me.
The solution: I simply had to edit the search url
In the SETTING> SEARCH ENGINE> SITE SEARCH section i clicked Edit on the SITE OR PAGE for Google. And lo and behold, in the area where we enter URL with %s in place of query , that sneaky usearch.net link was there.
So apparently my diagnosis is that my Google Account had saved my chrome settings, and in my chrome setting, the url for Google search was set to usearch.net. So no matter which computer i log in to, the moment Google Chrome Syncs, all my personalized settings are applied, including the url for google which is set to usearch.net
So yes, there is no "malware in my account" per se... just that some malware had changed the url in my chrome setting, which synced with my google account.
Just putting this out here, incase someone on the internet face the same problem, because apparently hours of google search didn't give me ANY solution, and instead it was some random dude on Digit forum.

Anyways thanks for all the help. Apparently TechEnclave is much livelier than Digit . So many responses here.
 
Have you tried using this google account in some other browser like Firefox or Safari? If it doesn't resort to the same issue in Firefox, you can be sure that it is some extension associated with your account in the Chrome store and like others have mentioned above, it downloads in the background and giving you the impression that your chrome is extension-free but it really isn't.

If the issue persists in Firefox too, then you have a problem with your account itself and might need deeper investigation. But I am almost sure it won't.
I'm replying to an old thread but I hope I can get some answers. How can you tell if chrome actually is "extension-free"? I have reinstalled Windows multiple times from a USB but every time I download and sync Chrome (which visually looks to have no extensions installed) Malwarebytes gives me multiple warnings. My computer also seems to try to connect to "suspicious" IP-addresses (once every half an hour) as well even after I have removed the threats in Malwarebytes. Is the only option to use Opera or Firefox then. I have no issues when using those options.
 
I'm replying to an old thread but I hope I can get some answers. How can you tell if chrome actually is "extension-free"? I have reinstalled Windows multiple times from a USB but every time I download and sync Chrome (which visually looks to have no extensions installed) Malwarebytes gives me multiple warnings. My computer also seems to try to connect to "suspicious" IP-addresses (once every half an hour) as well even after I have removed the threats in Malwarebytes. Is the only option to use Opera or Firefox then. I have no issues when using those options.
Extensions are synced across machines using your Google ID. So anytime you log in to a new installation of chrome, it automatically downloads all the extensions from your previous install. Check out chrome://extensions and see what extensions you actually need and remove the rest. I'd suggest backing up everything and removing all the extensions. Once that's done, download them one by one again.
Chrome also has an option to reset everything chrome://settings/reset. I've never really tried it but it might be helpful.
While you're at it, clean out all the junk search engines from here chrome://settings/searchEngines.
See if any of this helps.
 
An interesting thread that could translate into "Persistent Malware that can evade detection and install on all synced Google Chrome browsers".
 
To run Chrome without any extension use below in command prompt. This should launch it without any extensions.
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-extensions

You can monitor connections with netstat -b in powershell with admin priviledges to see if it connects to any malicious ip address like a command and control server.
You enter the ip in https://www.virustotal.com/gui/home/search to check if its a malicious source. Not 100% but good for a first search.

Add a rule in windows defender firewall to block the ip if you are using windows defender. Otherwise use the firewall you are using.
Run WF.msc
Create custom rule
Just select default for all and go to this page
1731970669947.png

In remote ip address add the suspicious ip addresses.
Block
Apply rule to all and finish.
You can add rule to both inbound and outbound.

Should block that IP address. If something valid stops working you blocked the wrong IP address. You can block in router level as well but that depends on router software.

Example of slightly sus website
1731971102242.png
 
Last edited:
Back
Top