If you have more details about the malware download that infected your PC, we can submit it to the SafeBrowsing block list, but compromised and infected machines are necessarily outside of the browser's threat model, as outlined here: https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-compromised_infected-machines-in-Chromes-threat-model
 
The LNK file attached to this bug opens Chrome with the following command line argument:

https:// launchpage. org/?uid=oTlKGKjchx0cXe9WsoZxObMJbDp5ettzlx4LNYaCXOMBe5GnLQ4irVZCMxK1%2BRtZyw%3D%3D5

That page appears to be a replacement version of Chrome's new tab page; it's not clear whether or not it's malicious.

The proxy configuration script sends a variety of traffic to 50.7.146.51:7274, an IP owned by noblockweb.biz

In some cases, the Chrome Cleanup Tool (https://www.google.com/chrome/cleanup-tool/index.html) is useful for helping to resolve malware infections in your operating system.

For me, it would be important to know as soon as possible that something went wrong. While my data did not leak into an unknown direction. Therefore, once again to warn me if the proxy setting was changed it would not be superfluous. Also, it would not be superfluous to explain why the left sites are being opened. I did not immediately realize that someone edited the lnk file. If Google want to help keep security, then when browser open a new tab in such way in this way, it should ask user, do you really wanted to open this site. And in case the user responded negatively already to reveal help why this could happen.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot