MSE detecting Chrome as PWS:Win32/Zbot

Warning:

It seems that MSE is detecting Chrome as PWS:Win32/Zbot.

See:

http://www.dslreports.com/forum/r26...t-uninstalled-chrome.exe-on-TONS-of-computers.

http://www.google.com/support/forum/p/Chrome/thread?hl=en&tid=42d6ba02d7eed070

PS:
I don't have MSE nor Chrome, so I cannot confirm it.

 

Not that it means anything, but a few days ago when my relative upgraded Google Chrome, Prevx did flag the installer as malicious as well. It actually flagged the latest two installers.

I'm going to see if my relative's MSE does flag Google Chrome in a bit, though. I don't want any surprises and complaints on my side.

 

It would be interesting to see google developing their own AV, and targeting Internet Explorer xD

 

Strange. MSE is known for low false positive scores in tests. Here it is flagging a digitally signed file of a popular browser.

 

i'd just be happy it didn't nuke windows datastores or something. of course, the support thread on google is rife with dummies talking about an anti-google conspiracy

 

I can confirm that it does detect chrome.exe as PSW:Win32/Zbot in my relative's system.

I've already added it to the allowed items. I don't know what those folks did for MSE to remove Google Chrome?

 

i'm using MSE and Chrome, both up to date. didn't had this detection until now.

 

they clicked "remove", because that's what users do. they click things.

unless you meant MMPC folks, then i'm guessing it was a change to the zbot generic detection routine.

 

This only proves that even antiviruses/antimalware apps are not tools for the Joes and Janes out there.

 

No, I meant Google Chrome users complaining over Google's forum. I would expect that if people are aware of forums, etc., they would at least be aware that this or that detection could be a false detection and ask in the forum what was wrong with it.

I know some of my relatives are not aware of Google's forum. They only know about facebook. But, I do know that if something was flagged as a virus (the word they know), then they would come to me.

 

The definition for PWS:Win32/Zbot was updated today [30 September]; the definition number is 1.113.631.0. If PWS:Win32/Zbot is detecting Chrome still, it's that definition update that is causing it.

 

lol, yeah - i reread what you said and thought that you mighta meant the MMPC dudes.

the "computer savvy" people on the google support thread are worse than regular users. regular users think there could be a threat and freak out over it, asking for help. the "savvy" users are the ones who spread conspiracy FUD because they're confident that they're not clueless, but to anyone with any experience or common sense, they're just as bad if not worse

 

weird, several users were reporting no problems with .631.0, but saw the zbot detection with .656 which doesn't have any changes to the zbot signature.

*edit*

Good on 'em for identifying and fixing it already. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot

 

LOL really funny

 

Explorer is already the most targeted,so let them bring it.

 

At least detect IE 6, which is obviously malware-prone lol.

 

Yeah, seems this issue was fixed in an MSE update before this thread was even made so..

 

No, the new malware definition update solving Google Chrome's false positive was issued after the thread was started.

As soon as I saw this thread (the Wilderssecurity's thread created by user FanJ), I turned on my relative's computer, updated MSE, just to be sure it was fully up-to-date, and then performed a manual scan of the Google Chrome directory. MSE flagged chrome.exe. After that, I added it to the exclusion list.

 

I guess I got lucky, either I missed that definition update and jumped straight to the new one or it simply wasn't flagged for me.

 

Glad to see they've fixed it, and fairly quickly too.

 

Google Chrome Blog

 

Phew! I have missed all of this. It is rare for MSE to have false-positives but there is a certain black humour about it removing Chrome inadvertently.

 

Google Chrome Releases Blog:
http://googlechromereleases.blogspot.com/