amissingleaf

amissingleaf

\HKEY_CURRENT_USER\SOFTWARE\Opera Software\514abe5a3ee09dc580b870efeb8b6616\PreferenceMACs\Default\extensions.opsettings\olkpikmlhoaojbbmmpejnimiglejmboe

Subject: Malicious extension olkpikmlhoaojbbmmpejnimiglejmboe keeps reappearing in registry after login

Hello,

I'm experiencing a persistent issue with a malicious Chrome extension (ID: olkpikmlhoaojbbmmpejnimiglejmboe) that keeps regenerating in Opera's registry despite multiple removal attempts.

Problem Details:

Deleting Opera profile folder (%AppData%\Opera Software\Opera Stable) works temporarily
Registry entry reappears: HKEY_CURRENT_USER\SOFTWARE\Opera Software[profileID]\PreferenceMACs\Default\extensions.opsettings
Happens immediately after Google login/sync (even with sync disabled)
Clean when logged out, contaminated when logged in
Same issue occurs in Chrome browser

What I've tried:

Complete Opera profile deletion
Registry cleanup (all olkpikmlhoaojbbmmpejnimiglejmboe entries removed)
Disabled sync, logged out of Google account
Chrome://extensions and opera://extensions show no extension

Root cause appears to be Google sync server pulling the malicious extension ID upon login.

Questions:

Is Opera pulling extension data from Google Chrome sync servers?
How can I completely purge this extension ID from sync data?
Is there a server-side sync reset for Opera/Google account?
Does Opera cache extension settings independently of Chrome sync?

Opera version: Latest stable
OS: Windows 10

This extension was likely installed accidentally via Chrome Web Store and now syncs across browsers. Need permanent solution to stop registry regeneration.

Thank you!

amissingleaf

@amissingleaf

Latest posts made by amissingleaf