Hi,

I am getting a false positive on GoogleToolbarInstall.exe.

It is being misidentified by TDS-3 as TrojanDropper.Win32.VB.s

Anyone else with the same experience?

Thank you for a great product and a useful forum.

Gorgelink

Hi georgelink, No other reports of this being an FP, would you please ZIP a copy up and send it to: submit@diamondcs.com.au for analysis.

Thanks. Pilli

Yes

the latest google toolbar installer 2.0.113.0 is giving an alert in TDS today

I will send a copy to gavin with a note

Thanks Derek, If there is a problem Gavin will have it sorted for Monday's update :)

Thanks, everyone.

Indeed, I am referring to oogle Toolbar 2.0-113 (en).

Gorgelink.

Thanks for the info everyone, definitely a false alarm and will correct this first thing tomorrow

Yep it's fixed in todays update

Thanks Gavin and good service listening to customers

It just shows though how similar trojan and bad adware downloaders are to a genuine good one like google (mind you many people are convinced that google & every other search engine is spying on them, but that is a topic for elsewhere and another time)

Thank goodness as I found this last night and it worried me. I knew it was a false positive before but when I didn't se any other posts I was :'( I was just about to scan again but am so relieved I read this first :)

I just did a scan and got a positive id on "trojan dropper.Win32.inflator.a1" referring to googletoolbar installer.exe. :( - found in ...update\autopatcher xp\progfiles\googletoolbar installer.exe
I submitted the file but was wondering if anyone else has this?

Did a jotti scan and the result was inconclusive:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)

Which toolbar-version do you have? There were some changes recently, so it might be not all false, maybe risky, anything. Waiting for Gavin's opinion.

Jooske,

I am not actually using the google toolbar, nor on that computer access the web regularly. Obviously IE is installed but I prefer to use Opera and Firefox. I think the file would have come onto the pc via the latest xp patch - is that possible?

Don't know! As far as i know you install it yourself manually, it has auto-update settings. In Port Explorer you can see google connecting to internet even with the browser closed, i suppose?
Even if you added it to IE and disable the bar, you'll see it connecting.
So open your browser / googlebar and look in Google > help > about for the version.
I have it installed and no alarms on my older installer.

Sorry Jooske if some of my comments are too basic :-[

-{ Quote: "As far as i know you install it yourself manually, it has auto-update settings. In Port Explorer you can see google connecting to internet even with the browser closed, i suppose?" }-
I did not install the toolbar. As I don't have port explorer, is there any other way to check on that?

-{ Quote: "So open your browser / googlebar and look in Google > help > about for the version." }-
How does the toolbar actually look or rather, how can I see whether it has been installed? Sorry again, as I said I am not using IE often. ;D

Another one ? ok will fix this shortly. Thanks for letting me know

Thanks Gavin!

Beethoven:
where is your file located?
I have a separate download folder and there is the installer file, there i got this same warning on the file you did.
But after installing the google toolbar default you get a separate google directory where the only file there is not alarmed on.
So i don't know your system how it got there.

If you do have IE, in the View see the various taskbars of which the googlebar is one.
(I have a dutch system so it's really hard for me to say the proper names for your maybe not english system)
Do some searches on your system to find out.
And hey, google toolbar is not a bad thing to have, it's rather handy!
Only these days yahoo toolbar is rather aggressive in competition and you might find more search results with that one.

Jooske,

given Gavin's comment I feel already pretty relaxed. :D

edit: Just got the confirmation from Gavin that the file was not a trojan.
Thanks Gavin :) for the quick response

The file is in c\ document & settings\admin\my documents\update\autopatcher xp\progfiles with a size of 468kb.
The file was created 27/3/04 and I still suspect it was not really downloaded from Google but came via an XP patch being in that folder.

I checked IE to see the toolbar but I don't think it's even installed, probably was never executed for installation. As I said before, while I don't have anything against Google, I hardly ever use IE but prefer Opera and Firefox.
So, as long as this is a false positive and will be removed with one of the next updates, I don't mind.

Thanks for your assistance :)

Yeah, i see it now in your pathname, strange, must come from somewhere 8)
If the thing is trying to connect and autoupdating one should expect it to be installed.
In your windows do a search/find for "google" and in that case it should be in quite a few locations.

You do know how to get Port Explorer from the DiamondCS site (free trial) to find out about it.

Um - guys? I've been noticing here recently that just about all aspects of Google have been having issues lately ( The Register article (http://www.theregister.co.uk/2005/05/13/google_accelerator_suspended/) - including the four "Related stories" there at the bottom of the page).

So hopefully, all theses "F/P's" that are being "fixed" are only being fixed after having done a really thorough examination of all files submitted that pertain to the detections?

IOW, with all the vulnerabilites/problems being found in all the different aspects of Google's offerings, it is within the bounds of possibility that something may have crept in to the toolbar that's not supposed to be there, isn't it?

Anyway, I'm running a scan here with TDS-3 (latest defs) and if I get any results on the Google toolbar (Version 2.0.114.9-big/en (GGLD) ) I'll submit them for analysis. Pete

-{ Quote: "Another one ? ok will fix this shortly. Thanks for letting me know" }-

Hi, guys,

This time I received (on the same googletoolbarinstaller.exe file that started this thread) a false positive (?) for:

TrojanDropper.Win32.ExeBinder.e

Checked it with NAV, Adaware, and AVP - nada. It's clean.

Also clean using this online service:

http://www.kaspersky.com/scanforvirus

So, I guess like last time, it is a FP.

Be well, everyone, and stay clean ...:o))

Gorgelink

-{ Quote: "Hi, guys,

This time I received (on the same googletoolbarinstaller.exe file that started this thread) a false positive (?) for:

TrojanDropper.Win32.ExeBinder.e

....Also clean using this online service:

http://www.kaspersky.com/scanforvirus

So, I guess like last time, it is a FP.

Be well, everyone, and stay clean ...:o))

Gorgelink" }-
Exact the same here.I've send the file to diamondcs for analysis.

EDITED:I already got a reply (isn' that real service or isn't it ;-) ). DiamondCS Support say it is a false alarm!They will fix it with the next update!

Hi all, I also got a false positive on googletoolbarinstaller.exe mine said it was a trojan dropper Win32.inflator.a1 (at least I hope that it is a false positive. I am going to update and rescan.

Hi all again,
I have updated and rescanned the google toolbarinstaller.exe no reports now, so I think it was a false positive.