Hidden extension, potential malware? extension id is: nmmhkkegccagdldgiimedpiccmgmieda
33,903 views
Skip to first unread message
jammm
Jan 30, 2014, 7:16:41 AM1/30/14
to chromium-...@chromium.org
i enterered the extensions directory of my chrome browser and found an extension there, that doesnt show up on the chrome extensions management screen
the directory name for this extension is nmmhkkegccagdldgiimedpiccmgmieda
i cant find that extension in the chrome webstore.
the 2 main js files in the extensions directory are
craw_window.js and craw_background.js
the code in the files is obfuscated / minified, so hard to tell what it does.
does anyone know what this extension is or does, and is it safe, its a bit mysterious and worrying ?
i ran an antimalware scan on the craw_window.js on the following site
and it says the file is malware:
"Installs itself for autorun at Windows startup"
jammm
Jan 30, 2014, 7:36:14 AM1/30/14
to chromium-...@chromium.org
further weirdness is that the icon for the extension matches that of the google wallet logo, so im guesssing it might be an official google extension, though its weird that i cant find any documentation for it, and that it turns up a warning on the antimalware scanner
Adrian Aichner
Jan 30, 2014, 8:03:45 AM1/30/14
to Chromium-extensions
Have you looked at
https://www.google.com/search?q=nmmhkkegccagdldgiimedpiccmgmieda
yet?
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-extens...@chromium.org.
> To post to this group, send email to chromium-...@chromium.org.
> Visit this group at
> http://groups.google.com/a/chromium.org/group/chromium-extensions/.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f1425561-0be8-4cf2-9292-6da90d9adc7b%40chromium.org.
>
> For more options, visit
> https://groups.google.com/a/chromium.org/groups/opt_out.
https://www.google.com/search?q=nmmhkkegccagdldgiimedpiccmgmieda
yet?
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-extens...@chromium.org.
> To post to this group, send email to chromium-...@chromium.org.
> Visit this group at
> http://groups.google.com/a/chromium.org/group/chromium-extensions/.
> To view this discussion on the web visit
> https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f1425561-0be8-4cf2-9292-6da90d9adc7b%40chromium.org.
>
> For more options, visit
> https://groups.google.com/a/chromium.org/groups/opt_out.
jammm
Jan 30, 2014, 8:08:02 AM1/30/14
to chromium-...@chromium.org
yes i did, but i didnt read all the reszults.
On Thursday, January 30, 2014 1:03:45 PM UTC, Adrian Aichner wrote:
Have you looked at
https://www.google.com/search?q=nmmhkkegccagdldgiimedpiccmgmieda
yet?
On Thu, Jan 30, 2014 at 1:36 PM, jammm <st3...@gmail.com> wrote:
>> further weirdness is that the icon for the extension matches that of the
>> google wallet logo, so im guesssing it might be an official google
>> extension, though its weird that i cant find any documentation for it, and
>> that it turns up a warning on the antimalware scanner
>
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-extensions+unsub...@chromium.org.
jammm
Jan 30, 2014, 8:09:44 AM1/30/14
to chromium-...@chromium.org
also the first results in the search didnt load for me, and one further down actually triggered a malware warning from my antivirus and stopped the page loading.
the irony was it was a link telling you how to remove the extension
On Thursday, January 30, 2014 1:03:45 PM UTC, Adrian Aichner wrote:
Have you looked at
https://www.google.com/search?q=nmmhkkegccagdldgiimedpiccmgmieda
yet?
On Thu, Jan 30, 2014 at 1:36 PM, jammm <st3...@gmail.com> wrote:
>> further weirdness is that the icon for the extension matches that of the
>> google wallet logo, so im guesssing it might be an official google
>> extension, though its weird that i cant find any documentation for it, and
>> that it turns up a warning on the antimalware scanner
>
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium-extensions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-extensions+unsub...@chromium.org.
jammm
Jan 30, 2014, 8:11:33 AM1/30/14
to chromium-...@chromium.org
ok problem solved, its a google wallet application:
Finnur Thorarinsson
Jan 30, 2014, 9:15:31 AM1/30/14
to jammm, Chromium-extensions
Yeah, this extension is legit, judging by the ID you gave.
Note: There's not going to be a 1-to-1 mapping of extensions to what you see in chrome://extensions. For example:
- Apps are shown elsewhere.
- Themes are shown in Settings, as I recall.
- Component extensions are not shown at all, since those often represent functionality in Chrome that just happens to be implemented as an extension but looks like a feature of Chrome (e.g. the Bookmark Manager)
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/5b2b1740-f59a-4715-b2bb-abd66e245973%40chromium.org.
jammm
Jan 31, 2014, 8:39:52 AM1/31/14
to chromium-...@chromium.org
thanks for the clarifications Finnur, i didnt know that.
Jonny Hotchkiss
Dec 11, 2014, 7:08:12 PM12/11/14
to chromium-...@chromium.org
This is the 2nd page I loaded after spotting nmmhkkegccagdldgiimedpiccmgmieda in a cache 
(whilst searching for the cache to point ChromeCacheView at {I wanted to get the flv or whatever, to quickly rip an audio sample}
(I know! first glance, not so inviting,... "download unhack me" .... hmm... on the fence, but the author has credentials
Mike Olsen
Dec 11, 2014, 7:21:25 PM12/11/14
to Jonny Hotchkiss, Chromium-extensions
google wallet maybe?
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f50f796f-d4f2-47a8-a396-3879678cd17c%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Jonny Hotchkiss
Dec 11, 2014, 8:29:36 PM12/11/14
to chromium-...@chromium.org
do you have google wallet listed as an extension? Or is it automatic? Mandatory?
Thanks
On Friday, December 12, 2014 12:21:25 AM UTC, Mike Olsen wrote:
Mike Olsen
On Thu, Dec 11, 2014 at 5:08 PM, Jonny Hotchkiss <jonny.h...@googlemail.com> wrote:
This is the 2nd page I loaded after spotting nmmhkkegccagdldgiimedpiccmgmieda in a cache
(whilst searching for the cache to point ChromeCacheView at {I wanted to get the flv or whatever, to quickly rip an audio sample}(I know! first glance, not so inviting,... "download unhack me" .... hmm... on the fence, but the author has credentials
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
Mike Olsen
Dec 11, 2014, 11:15:49 PM12/11/14
to Jonny Hotchkiss, Chromium-extensions
automatic and hidden
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/4fecb79b-e1a3-4610-9c09-3f1b9d52d869%40chromium.org.
Seek Truth
Jul 12, 2018, 4:00:09 PM7/12/18
to Chromium-Extensions-Announce
They classify as Adware 1/3 way down article.
- Craw (Adware): nmmhkkegccagdldgiimedpiccmgmieda
- My Quick Converter (Adware): nbnjjcgcphklgeoailbnmhlcmgibhpkk
- ASK Toolbar: lgfehfbnofiffladdncogfobimealokp
- Tracker Package: hebblnalpndeekffpocomafmkcahepfh
Removing and will test chrome after.
Benjamin Atkin
Apr 24, 2023, 1:34:18 AM4/24/23
to Chromium Extensions, jammm
Still perplexing people in 2023...
Patrick Kettner
Apr 30, 2023, 9:19:35 AM4/30/23
to Benjamin Atkin, Chromium Extensions, jammm
As noted in chromium source code, this is a bundled extension for in app payments.
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/e881eca6-6604-4df9-b2bd-aee43b99bf6fn%40chromium.org.
Reply all
Reply to author
Forward
0 new messages