Redirect hides browser extension

​While analyzing a malicious Chrome browser extension we recently came across a Virtool that tries to redirect the Chrome Extension page.

We detect it as VirTool:JS/Redichrextor.A.

VirTool:JS/Redichrextor.A won’t let you view, change, remove or uninstall Chrome browser extensions. It does this by stopping you from viewing the Chrome Extension page.

It uses this technique so an affected user won’t be able to remove or uninstall the malicious extension without help from their antimalware software. This makes VirTool:JS/Redichrextor.A a useful piece of code for any malicious Chrome browser extension that wants to avoid manual detection or removal.

When an affected user does try to view the Chrome browser extension page they are redirected. We have seen it open a new tab, or go to the Chrome web store or

  • Chrome://newtab

We have also seen similar behaviour used by the following known malicious Chrome browser extensions:

Once VirTool:JS/Redichrextor.A is detected and removed, you should be able to go to the Chrome extension page.

We recommend you then check and uninstall any suspicious browser extension that might be linked to VirTool:JS/Redichrex.A or other malware. We also recommend keeping your security products up-to-date to avoid infection.

While this new trick makes it harder to remove the Virtool manually, it is still easily detected and removed by Microsoft Security software.



Jonathan San Jose


Comments (6)

  1. Tan CH says:

    my pc run safe mode i nece standard

  2. misty magness says:

    Thank you so much, as I am enrolled in my 3'rd year of college at an online University and having a computer that runs as it should is a must. I have been experiencing these issues for several days now and because of this i've missed 2 days of school, because when I would go to the browser and type in either gmail or hotmail to check my emails, a message would appear saying that extension was not available or might have been moved. Any other information you could give me concerning these issues would be much appreciated!! Thank you so much.:)

  3. maliks says:

    Iam having a problem with this site . It keeps taken over my home page ? any help

  4. creekj says:

    I am having issues with "mysearchdial" It will not uninstall, I was able to remove toolbar redirect but can not uninstall.  I am unaware of how i received this as well.

Skip to main content