How to remove “fake” Chrome.exe process (RAT)
A process named Chrome or Chrome.exe *32 is taking advantage of the Google Chrome process named Chrome.exe in order to hide on computer systems. In reality, the Chrome.exe process is a process associated with a RAT or remote administrative tool called Ammyy Admin. The description for the Chrome.exe *32 process will say “Ammyy Admin.”
Ammyy Admin is a free remote desktop tool that is used to obtain a remote connection to a computer. It is a legitimate program that anyone can download and is often used for webinars and businesses; However, cyber criminals and hackers will use the remote desktop tool to spy on victims and drop malicious payloads onto their computers. The tool is used to drop malware such as ransomware and spyware.
Cyber criminals infect computers with Ammyy Admin that uses the Chrome.exe process to make a remote connection to the computer. The program is usually installed via malicious Microsoft Office browser attachments spread by email-spam campaigns. It is similar to how the Remcos RAT is distributed and essentially carried out.
If you notice a process named Chrome.exe, Chrome.exe *32, or a similar process trying to spoof the legitimate Chrome process that is not linked to the Google Chrome internet browser it could mean that your computer is infected with a Trojan or the Ammyy Admin tool. It is possible that malware will be dropped onto your computer.
Removing the Ammyy Admin tool and ending the Chrome.exe immediately is recommended to avoid any serious issues that might come forth.
Fake Chrome.exe removal steps
The fake Chrome.exe RAT (Trojan) removal steps on this page explain how to remove Chrome.exe malware and other threats from your computer.
Step 1: Remove malware with Malwarebytes Anti-malware
Step 2: Check your computer for malicious trace files with HitmanPro
Step 3: Clean up and fix system issues with CCleaner
1. Remove malware with Malwarebytes Anti-Malware
- Open your browser window and download Malwarebytes 3.0 Premium or Malwarebytes Anti-Malware Free.
- Open the executable file (mb3-setup.exe or other) to begin installing Malwarebytes.
- Select your language, click Next, then select “I accept the agreement,” click the Next button several times, and then click the Install button to install Malwarebytes. Click Finish once the install process is complete.
- Open Malwarebytes and click the Scan Now button on the Dashboard to begin scanning your computer.
Click the Quarantine Selected button once the scan is finished.
- If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.
2. Check your computer for malicious trace files with HitmanPro
- Open your browser window and download HitmanPro.
- Open the executable file (hitmanpro_x64.exe or hitmanpro_x32.exe) to begin installing HitmanPro.
- Click the Next button, check “I accept the terms of the license agreement,” and click the Next button again.
- On the Setup page select “Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended)” and add your email address to the registration fields to begin the free trial.
- Click Next to begin scanning your computer.
- Once the Scan results are displayed click the Next button and click the Next button again on the Removal results page.
3. Clean up and fix system issues with CCleaner
- Open your browser window and download CCleaner Professional or CCleaner Free.
- Open the executable file (ccsetup.exe or other) to begin installing CCleaner.
- Click the Install button to begin stalling the program.
- Click Run CCleaner to open the program when installation is complete.
- Select the Cleaner tab and click the Analyze button.
- When the Analyze process is complete click the Run Cleaner button to clean all files.
- Next, select the Registry tab and click the Scan for Issues button to scan for issues in your registry.
- When the scan is complete click the Fix selected Issues button and Fix All Selected Issues button to fix the issues.
- Next, select the Tools tab and click Startup. Examine each area, search for suspicious entries, and delete any suspicious startup entries by selecting the entry and clicking the Delete button.
- Next, click Browser Plugins and search each internet browser for unwanted browser add-ons and extensions. Click the extension you want to delete and click the Delete button to remove it.