Detecting and Removing the Chrome.exe Virus

Understanding the difference between your real Chrome browser file and the Chrome.exe virus, also called Poweliks trojan, can help you protect your data and speed up your computer.
We may receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

From work to school to leisure, people use the Chrome browser because it connects to their Google accounts. Kids are using it with Google Classroom. People use it for work when their companies use Google Workspace. It’s built for speed, which is why users like it.

Unfortunately, cybercriminals are the reason we can’t have nice things. To hide their malware, they created the Chrome.exe virus, also known as the Poweliks trojan. Because the malware appears to be a real application, you don’t realize your device has been infected.

This type of malware is the cybercriminal version of Obi-Wan Kenobi telling Stormtroopers, “These aren’t the droids you’re looking for.” You can expect to see the Chrome.exe process in your Task Manager if you are using the Chrome browser. Meanwhile, the Chrome.exe that’s running is really the malware you want to remove.

To remove Chrome malware, such as the Poweliks trojan, you should install an antivirus tool that scans your device and quarantines the infected process. Keep reading our Chrome.exe virus removal guide for step-by-step instructions.

In this article
What is the Chrome.exe virus?
How to identify the Chrome.exe virus
How to remove the Chrome.exe Virus
How to avoid malware
Chrome.exe FAQ
Bottom line

What is the Chrome.exe virus?

The Chrome.exe virus, or Poweliks trojan, is a trojan horse malware that disguises itself as a legitimate computer program to evade detection. The ".exe" means it's an executable file. When someone clicks on the file, it gives the computer instructions about what to do next.

When a user clicks on the file to open it, it triggers a series of actions:

  • The Poweliks downloader installs on the device.
  • The Microsoft Windows registry stores the file under the name Chrome.exe.
  • The installer deletes itself.

Because the malware, disguised as Google Chrome, installs in the Windows registry and not the hard drive, antivirus tools have a hard time detecting it.

Once installed, the virus can:

  • Read your emails
  • Access your phone contacts
  • Establish connections with hidden websites
  • Create, modify, or remove files or processes
  • Collect and send system information
  • Perform click fraud, or generate multiple clicks on advertisements to generate more revenue
  • Download additional malware
  • Be controlled by a cybercriminal

How to identify the Chrome.exe virus

Although the trojan malware “Jedi mind trick” can sound scary, you can still use Chrome without worrying too much. By understanding the difference between how the legitimate Chrome.exe and the Poweliks Chrome.exe virus work, you can identify a virus infection and keep using your favorite browser.

What is your computer doing?

Poweliks uses the same name as your browser’s executable file, but your computer will act differently. You can look for the following symptoms to diagnose your computer with the virus:

  • Your computer is slow.
  • You see a lot of popup ads when browsing.
  • You see ads from websites you’ve never visited.
  • You can’t access websites.
  • Your browser won’t let you download files.

How much memory is your browser using?

Just like you need to check for symptoms that differentiate strep and the common cold, you want to look for additional digital symptoms to determine whether your computer has a dangerous infection. Some other indicators of the Chrome.exe virus might include high CPU usage along with:

  1. Look in your Windows Task Manager to see what programs are running and look for Chrome.exe*32.
  2. You may see more than one version of the Chrome.exe file. This is the first hint that your computer is infected.
  3. Review the Memory column in Windows Task Manager for Chrome.exe*32.
  4. If you have a lot of tabs open, close them to see if that reduces the amount of memory Chrome uses.

What processes should you look for?

If Chrome is still taking up a lot of memory, now you need to start thinking about the final definitive test. Just like you’d go to the doctor to get a throat culture for strep, it’s time for you to take a definitive look at your device. Although Poweliks looks like Chrome, it has some unique characteristics. Going back to your Task Manager, you need to look for the following processes:

  • dllhost.exe *32
  • dllhst3g.exe *32
  • DLLHOST.exe
  • dllhst3g.exe

What other files should you look for?

Finally, you might want to search your file folders for Chrome.exe*32. To do this:

  1. Open your Task Manager.
  2. Right-click on the Chrome.exe*32 process.
  3. Open the file location.

The only file location where you should find the Chrome.exe*32 file is this directory:

C:\Program Files (x86)\Google\Chrome\Application

If you find the file anywhere else, you have a Poweliks infection.

How to remove the Chrome.exe Virus

Although it might take you some time to locate the Chrome.exe Virus, you don’t need to buy a new device. You can remove the virus by taking the following steps.

1. Scan for viruses with antivirus software

The Chrome.exe virus is just the beginning of the problem. With malware like Poweliks, you have to worry about the additional malware that it downloads, launches, and updates. With all these other files, you either need advanced IT skills or antivirus software to help you.

Finding the best antivirus software for your needs is the first step. Although most antivirus should be able to detect Poweliks, the following have specific detections for it:

After downloading an antivirus program or antimalware tool, you need to run a full system scan. To do this, you should:

1. Open the solution’s dashboard or main window.

options on window

2. Look for System Scan.

After running anti-virus window says you are safe

3. Click Start Scan.

window showing files scanning for viruses

4. Once the antivirus completes the scan, you can review the report that looks like this:

No threats found message after scanning files for virus

2. Delete corrupted files

Your antivirus will automatically quarantine the virus’s files. Many will also delete them, but if yours doesn’t, then you may want to find a malware removal tool that works with your operating system. For example, Malwarebytes works with both Mac and Windows operating systems, so if your household has devices running both, this is a good option for you.

These solutions usually delete all the corrupted files for you. For example, in Malwarebytes, you would see this type of report:

Our antivirus came up with a bunch of notifications to let us know it fully removed the Chrome.exe virus and deleted any corrupted files.

3. Restart your computer and scan again

Finally, as you would on a math test, double-check your work. Cybercriminals don’t want you to be able to remove their malware, so they build persistence into them.

Restarting your computer stops all processes, cleans up your device’s memory, and clears out the cache. You want to make sure that you’re starting with a clean slate after you remove the malware.

Because malware processes automatically start running as soon you log in, doing one more antivirus scan ensures everything is cleaned up.

Another part of the Chrome.exe virus is adware, which causes unwanted ads to pop up while you use your device. Many of these ads may contain links to additional malware, but potentially unwanted programs (PUPs) like the Poweliks adware could also collect your personal data. 

To uninstall unwanted adware on Windows 7, 10, or 11, open your Control Panel > Programs and Features > Uninstall a program and select the program you want to remove.

How to avoid malware

Just as taking your Vitamin C helps your immune system protect you against colds and strep, you can also take steps to protect your information and devices. Learning how to stay safe online is the protective vitamin for your digital health.

Update your devices and software

In the case of Poweliks and other downloader malware, the danger lies in its ability to control the device and install other malicious software. Typically, malware takes advantage of vulnerabilities, the weaknesses in an operating system or software’s code.

Software and operating updates fix these weaknesses, so installing security patches is a critical cybersecurity step.

Secure your wireless network

By securing your wireless network, you can protect your devices from different types of attacks, including malware. To secure your network, you can edit your router’s settings to:

  • Encrypt it using Wi-Fi Protected Access 2 (WPA2).
  • Change the default password.
  • Update firmware to protect against vulnerabilities.
  • Scan your router for malware.

Be careful when downloading files

Poweliks is called a fileless malware because it installs in the registry instead of the system. However, cybercriminals typically hide the malware in malicious documents either sent by email or downloadable from a malicious website.

To protect against the Chrome.exe virus, you should only download attachments or files when you can trust the sender or website.

Change your passwords

To protect yourself, you should have a unique password for every login. After you delete any malware from your device, you should reset all your passwords. Some malware, such as Poweliks, can download and install a virus that steals usernames and passwords.

Use an antivirus

When you install antivirus software on your device, it regularly scans for, detects, and deletes malware. With this protection, you don’t have to worry about looking for signs that a virus infected your device.

Chrome.exe FAQ


+

Is Chrome.exe a virus?

Chrome.exe is the name of the Chrome browser software file. However, the Poweliks virus, also called the Chrome.exe virus, uses the same name as the legitimate software file to hide in a computer’s registry.


+

What is the Poweliks Trojan?

The Poweliks Trojan, also called the Chrome.exe virus, is a malware that disguises itself by stealing the name of the Chrome browser. Poweliks is a fileless malware, which means it installs in a device’s registry rather than the hard drive. By hiding in the registry, it’s more difficult to detect, which allows it to continue to download and install other malware or send information to cybercriminals.


+

Why do I have so many chrome.exe in my task manager?

Chrome creates a separate process for each tab, extension, utility, and subframe. It runs multiple processes for each tab, utility, and extension so if the browser or tabs crash, the user doesn’t lose any data.


+

Can Chrome get a virus?

The Google Chrome browser is a software that can get a virus. The Google Chrome virus is a browser hijacker malware that changes settings and configurations without the user’s permission. Signs of infection include:

  • Pop-up ads
  • Redirects to suspicious websites
  • Changes to the homepage
  • Browser setting changes or deletions
  • Suspicious browser extensions

To remove the virus, you should:

  1. Open Chrome.
  2. Click on the three dots in the top right corner to open the drop-down menu.
  3. Scroll down to Settings.
  4. Once in settings, go to Advanced > Reset and clean up.
  5. Click Clean up computer and select Find harmful software.
  6. Delete any malicious programs found in the browser.

Bottom line

For most people, a virus like Poweliks can feel overwhelming. However, the good thing about technology is that you don’t have to be an IT expert to fix most things. When you have a good antivirus and learn about online safety, you can prevent most cyber dangers and continue to do everything you enjoy online.

Author Details
Karen Walsh is a lawyer and former-internal-auditor-turned-subject-matter-expert in cybersecurity and privacy compliance. Karen has been published by leading industry outlets and quoted by The New York Times and CNN Investigative reporters.