does Chromium cointain a virus?

Discussion in 'other software & services' started by mantra, Mar 6, 2013.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    Hi

    i installed ChromiumPortable_26.0.1410.5.paf.exe from
    _http://sourceforge.net/projects/crportable/files/?source=dlp

    and virus total flags chrome.exe like Backdoor.Win32.Swrort

    -https://www.virustotal.com/it/file/ab188ffecbbbdf160bca03f14bcd4c77dadf2e55969274204ecf927d1914d040/analysis/

    i have nod32 but it doesn't find any things

    what do you think it 's a false positive?

    or should i worry ?

    thanks
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    use a multi scanners AV like VirusTotal, Jotti's or Hitman Pro and get back to us on this.
    ----
    edit:
    how many of the 42 engines at VirusTotal detect this as malware?
    if it's only a few the odds are it's a false positive.

    i start to worry a little when 6 or 7 AV engines out of 42 detect something.
    then you also have to take into consideration which engines are detecting this stuff.

    if it's a little known AV odds is that AV might not be very good.
     
  3. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    hi

    thanks for the anwer
    if you open the link there are 12 antivirus that flag like virus
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I could not upload the file to VT as it's too large. Why does the scan you show 1.2 MB when the downloaded file is much larger? Anyway, I did a context menu scan and HMP and MBAM found nothing but Kaspersky flagged it the same as on VT.
    SHA-1 EEC4AF6EACFF1046FBC3F9409DBD1D6AB2116E28

    FWIW - the latest release (ChromiumPortable_26.0.1410.12.paf.exe) is clean by all three.
     

    Attached Files:

    Last edited: Mar 6, 2013
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    thanks
    would love to try in a virutalize system to know if it's a false allarm or real
     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    right.

    and most of the AV engines that flagged it as positive are big name AVs.
    at that point i certainly would be concerned.
    ---------
    it is possible to make your own portable apps from installers with programs such as Cameyo.

    worth giving it a try.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,085
    Got curious about something, checked two hashes:

    ChromiumPortable_26.0.1410.5.paf.exe
    SHA-256: ED84DEAA47171450CB7D7CB9BEF451414EF7C2C688E6A37CC4F7AB378EB9AE64
    4/46 positive results for that hash at VirusTotal

    chrome.exe from within the above
    SHA-256: AB188FFECBBBDF160BCA03F14BCD4C77DADF2E55969274204ECF927D1914D040
    12/46 positive results for that hash at VirusTotal

    Seems like a pretty significant difference in the number of positive results there. Edit: Figured I'd check MD5 and SHA-1 hashes as well. Same results.

    SHA-256 hashes for ChromiumPortable_26.0.1410.12.paf.exe and the chrome.exe within it were 0/46
     
    Last edited: Mar 6, 2013
  8. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    it's very odd
    but chrome.exe with the same hash it's included in a chome dev version , and sadly i don't remember which one
     
  9. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    Maybe sourceforge is the culprit?
     
  10. woomera

    woomera Registered Member

    Joined:
    May 21, 2004
    Posts:
    211
    had this issue before with chromium, for me emsisoft alerted me and quarantined the file and i deleted the whole zip file.
    few days later it prompted me after an update that the quarantined file was a false-positive.

    dont know why so many vendors are flagging it but download it from softpedia since they check their file before hosting them.

    hope that helps
     
  11. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,143
    do you remember the chromium version?

    i installed emsisoft todaty and updated and i flagged like kaspersky
     
Loading...
Thread Status:
Not open for further replies.