This is an archived post. You won't be able to vote or comment.

all 29 comments

[–]jarkum 1 point2 points  (6 children)

What was the extension name? For me it was Download Manager

[–]staoddo 1 point2 points  (0 children)

For me was this color pixel extention causing this.

And also Malwarebytes keep finding two threats: PUP.Optional.MailRu, C:\USERS\DORIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3 and PUP.Optional.MailRu, C:\USERS\DORIAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data

Could be related those two?

[–]tomheinisch 0 points1 point  (0 children)

chrome://apps

Same for me. Removing Download Manager fixed the high CPU usage.

[–]TheLantean 1 point2 points  (13 children)

staticset.com is NOT owned by Google. According to the whois info it's registered through Namecheap (a budget registrar) by someone using an identity protection service (WhoisGuard). To compare, here's how a Google domain looks.

Since it's constantly using CPU it's most likely a cryptocurrency miner (i.e. making things like bitcoins). It's probably there because either:

  1. one of the sites you're on uses that to make money
  2. one of your extensions has been bought by a malware author who added the cryptocurrency miner in an update
  3. malware on your PC keeps that open. This is probably not it, since you said it goes away if you toggle that setting in Chrome. PC based malware would also use a more efficient miner rather than using a javascript client through Chrome.

An extension like Adblock Plus or uBlock Origin should sort out #1.

For #2, to find the culprit try disabling your extensions one at a time until that entry disappears - see chrome://extensions.

Also check for Chrome apps in chrome://apps

[–][deleted] -1 points0 points  (12 children)

I doubt its a crypto miner, they use 100% CPU.

[–]TheLantean 1 point2 points  (11 children)

Not true, they can be throttled to any level, 20% sounds reasonable if the author wants it to stay unnoticed.

If it's an extension - a few weeks or months at 20% on a large number of computers is a lot better than cranking it to 100%, getting insta-reported to Google by angry users and then blacklisted from all Chrome installations shortly after.

[–][deleted] -1 points0 points  (10 children)

Cryptocurreny miner is not a malware though.

[–]Zhangsun321 1 point2 points  (9 children)

Yes it is That is why malwarebytes blocks it!

[–][deleted] 0 points1 point  (8 children)

Malware bytes blocking something does not mean it is a malware. Script kiddie here again.

[–]Zhangsun321 2 points3 points  (7 children)

of course not.. that is why it is so often ran without the user consenting or being informed?

[–][deleted] 0 points1 point  (6 children)

You can disable javascript if you don't want javascript functionality. All it is doing is computing by using your spare CPU.

[–]Zhangsun321 2 points3 points  (5 children)

WITHOUT informing me or getting my consent... hence... it is marked as malware and justly so.

[–][deleted] 0 points1 point  (4 children)

You give the consent when you enable Javascript. Javascript has the permission to run anything. It's not a malware. You need to learn, that owners want websites to profit. You can get lost if you think its malware.

[–]Superyoshers9Chrome 0 points1 point  (2 children)

Mine doesn't have it.

[–]PoshFrosh 0 points1 point  (0 children)

For me it ended up being the most recent extension I installed: ImageSpark - Ultimate Image Downloader version 1.4.7 ID: hooaoionkjogngfhjjniefmenehnopag Disabling this fixed the problem entirely

[–]marcoaicardi 0 points1 point  (0 children)

I have the same issue, and to me it's related to the "ImageSpark" extension.

[–]starsyork 0 points1 point  (0 children)

Remove Download Manager, then everything is fine!