This image shows **some**  of the nonstandard apps loaded by 3rd parties that I cannot get away from.  The only one I loaded a few days ago was text, but now it's not legit and is hiding in a spot on the cb, that I showed in a screenshot above.  It keeps auto loading despite removing it and power washing the cb as well as aggressively removing all local data as instructed by the asus cb rep.

Deleted: Screenshot 2018-01-03 at 2.32.48 PM.png 753 KB

	Screenshot 2018-01-03 at 2.32.48 PM.png 753 KB View Download

can you clarify which apps you consider malware?

The apps in the screenshot in comment #2 are default google apps that come with CrOS.

the 785k image is an app that is loaded by default now.  The second one (753 k) says installed by 3rd party, but this is a brand new email and I did not install them myself.   And below I will attach some modules listed in net-internals that I question.  They may be okay....  But I could not confirm this. This all started last july or so well before my models of chromebooks were supposed to run mobile apps.    Someone is creating a file sync that I need to have stopped. 

I haven't turned on playstore apps on these brand new chromebooks.  The text app is not a standard install.  I have also found a file called chrome_file_sync or something like that on another account with 2 apps in it in google takeouts.   I thank you very much for your assistance.




 nlkncpkkdoccmpiclbokaimcnedabhhm	true	true	Gallery	2.0	Picture browser app
I think this is my gallery malware app.  A search brings up only 311 pdfs many from schools and government

9.  cnbgggchhmkkdmeppjobngjoejnihlei	true	true	Play Store	            0.2.0.0	Play Store
           >>>>>this is arc support that is apparently active DESPITE me not activating play store apps.  I have had the red gallery app on my chromebook since the summer.

15. kodldpbjkkmmnilagfdheibampofhaom	true	true	Connectivity Diagnostics     	1.1.0	
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>ONLY 4 google results??    is this the same as  NCD launcher idddmepepmjcgiedknnmlbadcokidhoa? 

13.  iadeocfgjdjdmpenejdbfeaocpbikmab	false	true	Mobile Activation	          1.0	Chrome OS Mobile Activation Resources
            >>>>>>>>>>>>>>>>>>>>>Why does my chromebook have mobile activation

mmfbcljfglbokpmkimbfghdkjmjhdgbg	true	true	Text	                0.5.68	A text editor for ChromeOS and Chrome.
CANNOT UNINSTALL dev mode in extentions says Storage change in wrong area. Maybe a bug?



mppnpdlheglhdfmldimlhpnegondlapf	false	true	__MSG_chos_inputtool_title__            	1.0.6.0	__MSG_chos_inputtool_description__

>>>>>>>>>>>>>>>>Cant find this anywhere  Possibly something with keyboard but only 10 google results



nkeimhogjdpnpccoofpliimaahmaaome	false	true	Google Hangouts             	1.3.7	
>>>>>>>>>This is not the same app and not the same version as on chromestore


pmfjbimdmchhbnneeidfognadeopoehp	false	true	Image loader	               0.1	Image loader
NOT sure.   Only 9 google results.  this might be what was making the green line load when I viewed images or made the image size small.  I suspected XSS.

Also--  I just noticed this in the chromebook profile  "arc-availability=officially-supported"  VS settings I am attaching.   I am not sure if it means the same thing.  Just saying....   :)

Deleted: Screenshot 2018-01-04 at 2.59.04 PM.png 704 KB

	Screenshot 2018-01-04 at 2.59.04 PM.png 704 KB View Download

Thank you for providing more feedback. Adding requester "jochen@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

A Google search isn't really going to find Chrome apps and extensions by their ID number, but you could try finding them on the Chrome Web Store by going to https://chrome.google.com/webstore/detail/[ID number here without brackets]

Hello Friends,  Just an update.  I have had problems with google hangouts and gmail opening multiple sessions (from my own IP!!) Though it sometimes will also say it's open in another location. This issue effects all of my google accounts, I have been running from this for several years --though the exact issue has changed over time--  it used to be multiple unknown people ~300 or so adding themselves to my google hangouts contact list.  You folks fixed that 2 years ago, but this last summer I had a ton of celebrities!!  (yes)  listed in google hangout contacts and was able to fix that by tracking down two instagram accounts someone had made for me, and when I deleted those, Lady Gaga, Sergey Brinn & Madonna were no longer on my hangouts contact list.  Creating new accounts is not helping as I think my phone number is auto associated to all new accounts I create, and whomever still has access to my extended identity in google is able to track me down and sync all the apps from google playstore to these chromebooks--one at least allows someone to get into my gmail account and access google drive.  So I am going to start deleting these extra accounts as it's just making the issue much more complex.  Please note, this is related to MY ACCOUNT, not the chromebooks.  So this log and all the error that the chrome logging tool reported are still valid as to the damage being done to your devices when I log in with any account.  I presume you can track this account back to the original gmails I first created 15 years or so ago. I believe logs show the most up-to-date and current malware on a brand new machine that are effecting all my google accounts.   But if you can, since I will be permanently deleting this account, can you change the owner to corinaau...@   (or at least do not ignore the coding errors the chrome log tool identified on this machine as it still relevant to the issues that are allowing people to access my gmail.    Thank you very much.  Corina 

⚐
A Google search isn't really going to find Chrome apps and extensions by their ID number, but you could try finding them on the Chrome Web Store by going to https://chrome.google.com/webstore/detail/[ID number here without brackets]


thank you, I will do this from another account and submit it.  It will take me a bit to transfer things off this chromebook.  Please do evaluate the coding errors the chrome log identified and told me to report.  In particular is the text app that auto loads, it's either synced now via api to my google drive of someone has found an unprotected location of the device itself.  Thank you for all the good work you do.

Here are all the logs on these 2 brand new chromebooks from 3 brand new email accounts that I will be deleting---

Hello Friends,  This is the email account I set up Dec 19th and it has the same malware as on all my other accounts.  I am going to delete this email as it seems not to have helped me get away from the galaxy apps loading on the chromebook.  Can you please change the submitter to corinaaur...@gmail.com as the issues persist, and I think me creating new emails are only complicating the matter.   This is as per my other new logs and the 3 emails I will be deleting.  
https://bugs.chromium.org/p/chromium/issues/detail?id=797198
https://bugs.chromium.org/p/chromium/issues/detail?id=798820
https://bugs.chromium.org/p/chromium/issues/detail?id=797635  

Hello 93m4....   I decided to run the identified items as per your very helpful info above.  
https://chrome.google.com/webstore/detail/nlkncpkkdoccmpiclbokaimcnedabhhm -404
https://chrome.google.com/webstore/detail/cnbgggchhmkkdmeppjobngjoejnihlei -404
https://chrome.google.com/webstore/detail/iadeocfgjdjdmpenejdbfeaocpbikmab -404
https://chrome.google.com/webstore/detail/text/mmfbcljfglbokpmkimbfghdkjmjhdgbg- this exists, but it the app that keeps reinstalling itself after a powerwash
https://chrome.google.com/webstore/detail/mppnpdlheglhdfmldimlhpnegondlapf -404
https://chrome.google.com/webstore/detail/nkeimhogjdpnpccoofpliimaahmaaome -404
https://chrome.google.com/webstore/detail/pmfjbimdmchhbnneeidfognadeopoehp -404

again, these are on all my google accounts and my families-  basically every account associate with me.  File system sync or some other sync setting someone is adding to my various gmails using gsuite might be what's propagating this.  I have deleted 4 api-projects SO FAR, despite not being in the program.  and c.w@gmail was the owner of the api-project, which shouldn't be possible. I deleted one for me last week, one in October and then found one for my husband and son approx in november.  Thanks so much.
  

Also, play movies, music, games, books will not uninstall are are not even listed here:  chrome://net-internals/#modules

Sorry that's the last-  Now I am nuking this email, but PLEASE dont forget me.  I am corina and if you need to contact me you can reply on this thread and I'll pop back in with my original (still messed up) email account.

Deleted: Screenshot 2018-01-07 at 1.40.33 PM.png 1.9 MB

	Screenshot 2018-01-07 at 1.40.33 PM.png 1.9 MB View Download

Deleted: Screenshot 2018-01-07 at 1.41.06 PM.png 524 KB

	Screenshot 2018-01-07 at 1.41.06 PM.png 524 KB View Download

Dahlia email has been deleted, but all my accounts are the same and they are all syncing everything.  As I mentioned I have NOT enabled arc, or allowed ipv6 however I have some screenshots you might find interesting. (If these are normal ops, I apologize) I am working hard to help fix my situation and  help myself too, not only beg and plead and cry to you folks for help.  :)

1. I do not allow ipv6 or arc, but ipv6 and arc are still alive and well.  I actually saw these hidden ssids/access points on my fingbox today.  And if left unchecked I found the toshiba cb with the corinaaurdal account self identified itself as a phone and my comcast router identified itself as an lg phone.  This must be why someone keeps turning xfinity wifi on.

2 Aren't hosted apps the apps I install myself? Chrome and gmail and MANY apps always autoload, but certainly I wouldnt think chrome would be a hosted app.

3. My clear browsing data doesn't clear everything

4. Look at my history (AND ALSO ON SYNCHED devices)  There should be no other instances of this account open.  WHAT IS SYNCHING to it.  This is my whole problem.

5. This might be the source of all my troubles. As I have mentioned on my other logs I had apprx 20 people put their android, windows, iphones under my c.w account on samsung with malware locked with the knox encryption.  This all downloaded to my galaxy phone.  I even had garage band!  I know I initially had autobackup and restore set.  Since my accounts are not behaving and arc is being installed no matter what, doesn't it stand to reason that if someone would very kindly remove these apps from my google play account I might have a chance of getting out of this mess?   Because of knox, and all the malware loaded on my android, I will never feel safe to get a new android until all those apps I didnt install are gone from my accounts-  And I really want my android back---  Look at all the trouble it's been causing me on these chromebooks for goodness sake.

6. I opened appcache and ran the app codes and several others I have identified were 404.  

Thank you very much!!!   :)

Deleted: arcnetworkand ipv6 ssid.png 801 KB

	arcnetworkand ipv6 ssid.png 801 KB View Download

Deleted: hostedappsarethoseiinstalledmyselfithink.png 1.4 MB

	hostedappsarethoseiinstalledmyselfithink.png 1.4 MB View Download

Deleted: clearbrowingdatadoesntclearall.png 1.6 MB

	clearbrowingdatadoesntclearall.png 1.6 MB View Download

Deleted: history and moreonsyncheddevices.png 1.2 MB

	history and moreonsyncheddevices.png 1.2 MB View Download

Deleted: autobackupandrestoregoogleplayappsarebadiftheyweretamperedwith.png 1.0 MB

	autobackupandrestoregoogleplayappsarebadiftheyweretamperedwith.png 1.0 MB View Download

Deleted: Application Cache.txt 2.8 KB

Application Cache.txt 2.8 KB View Download

Hello, I am just checking in.
I have multiple people logging into every account I have on google, and the accounts have malware playstore apps that are synching to every account associated with me- even family and friends such as if my email was set as the recovery address.  

GIVEN that I have been told OVER and OVER that no one can get into my account without my password AND I have had 2FA and now have signed up for advanced privacy protection,After all the intel disclosures have become public, it it possible that ALL my accounts have been compromised due to this vulnerability, I have 50 logs ongoing with google play and chromeos.  

I know chrome updated firmware in november, but right before my last chromebook was hacked (Dec 19th) I saw the logs showed the chromebook firmware regressed.   How can I tell how far the intel malware has gotten into my chromebook?

Though I do believe old backup and sync on the google playstore on my (almost) radioactive stagefright hacked-beyond-belief phones that are all stored on my google drive has something to do with my problem.  

Since people are getting into all my emails with all my current security setup on chromebook, the intel hack seems to the the only way that this could still be happening. 

People are logging into every single email- multiple sessions and it says open in unknown locations or unknown browsers, and even multiple sessions that say chromebook with my own IP. 

How can I tell if my vulnerability has progressed past the spectre stage and is now in meltdown, which is said to be almost impossible to patch and will be an ongoing concern for intel chips for quite some time in the future.  Has anyone looked into this?  

Thank you for your time.  
Corina Wilson

 Issue 797635  has been merged into this issue.

It sounds like you are having issues with your account. I'd start with doing a security checkup on your account

https://myaccount.google.com/security-checkup

And removing any apps that might have access to your account.

You might find help at https://support.google.com

Does the error change anything?  It looks like the hackers found a hole in the hardware.   No official/legit apps have access to my account.  This was malware someone planted (I believe) back when I had an android. Happens on all account, new or old chromebook.