Hi.
This is the first time it happens to me. I opened my chrome and got a pop up from eset smart security (as in attached pic), it says mm extension js file was infected and is cleaned. My mm extension is disabled after that eset popup and chrome gives me the option to either re enable or repair the mm extension, chrome displays “this extension may have been corrupted” message.
Mm extension has also been disabled on Microsoft Edge and I get the options to repair or remove the extension on egde
Confirming you have the 12 word Secret Recovery Phrase MetaMask provided you when you set up this wallet?
If so, you can uninstall MetaMask, go to metamask.io and click on the download button to reinstall. Then you can restore your account from your Secret Recovery Phrase as described in this Knowledge Base article. Just be sure your device is clear from any compromises before proceeding with this. You want to make sure there is nothing installed that can identify your Secret Recovery Phrase. I’m always suspicious of pop-ups with links, even when they look legit like this.
If you do not have your Secret Recovery Phrase written down, do not uninstall MetaMask and let us know, we can share ways to try to recover although it’s not always possible.
Before proceeding with anything above, would you please reach out to MetaMask support? Share thee screenshots explaining the file identified appears to be the MetaMask extension.
Go to support.metamask.io > choose Start a Conversation (like in screenshot below) > and answer a few questions from the chatbot to get connected.
Hi, thank you for getting in touch, I have created a support ticket with the same pictures attached, since like two hours ago, but no one has gotten back to me.
Just to confirm, do you think my computer is compromised?
No, not at all. I would not be able to identify if your device is compromised. I was just suggesting running a scan to be safe, you could run through ESET or whatever else you have installed to combat scams. This MetaMask Knowledge Base article also has some tips at the very bottom of it. For the pop up, I would just confirm you see the info in your ESET app history too. Sometimes I get suspicious of pop-ups and want to verify it’s appearing on the true source.
Support will get back to you. Remember, never share your Secret Recovery Phrase with anyone, not even with support. Never input your SRP on a site/dapp that requests it, into a form, or in a pop-up window no matter how legit it looks.
Looks like it was a false positive and fixed on eset end. Chrome extension came back by itself, probably after eset pushing an update. But mm extension on edge still shows corrupted and gives me option to remove or repair.
For some reason my support ticket was closed before I even reply
