MSE detecting Chrome as PWS:Win32/Zbot

Discussion in 'other anti-virus software' started by FanJ, Sep 30, 2011.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not that it means anything, but a few days ago when my relative upgraded Google Chrome, Prevx did flag the installer as malicious as well. It actually flagged the latest two installers.

    I'm going to see if my relative's MSE does flag Google Chrome in a bit, though. I don't want any surprises and complaints on my side. :D
     
  3. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    It would be interesting to see google developing their own AV, and targeting Internet Explorer xD
     
  4. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    Strange. MSE is known for low false positive scores in tests. Here it is flagging a digitally signed file of a popular browser.
     
  5. m0unds

    m0unds Guest

    i'd just be happy it didn't nuke windows datastores or something. of course, the support thread on google is rife with dummies talking about an anti-google conspiracy :rolleyes:
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I can confirm that it does detect chrome.exe as PSW:Win32/Zbot in my relative's system.

    I've already added it to the allowed items. I don't know what those folks did for MSE to remove Google Chrome? o_O
     
  7. dansorin

    dansorin Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    233
    Location:
    EU
    i'm using MSE and Chrome, both up to date. didn't had this detection until now.
     
  8. m0unds

    m0unds Guest

    they clicked "remove", because that's what users do. they click things.

    unless you meant MMPC folks, then i'm guessing it was a change to the zbot generic detection routine.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    :D

    This only proves that even antiviruses/antimalware apps are not tools for the Joes and Janes out there. :ouch:
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No, I meant Google Chrome users complaining over Google's forum. I would expect that if people are aware of forums, etc., they would at least be aware that this or that detection could be a false detection and ask in the forum what was wrong with it.

    I know some of my relatives are not aware of Google's forum. They only know about facebook. :D But, I do know that if something was flagged as a virus (the word they know), then they would come to me. :argh:
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The definition for PWS:Win32/Zbot was updated today [30 September]; the definition number is 1.113.631.0. If PWS:Win32/Zbot is detecting Chrome still, it's that definition update that is causing it.
     
  12. m0unds

    m0unds Guest

    lol, yeah - i reread what you said and thought that you mighta meant the MMPC dudes.

    the "computer savvy" people on the google support thread are worse than regular users. regular users think there could be a threat and freak out over it, asking for help. the "savvy" users are the ones who spread conspiracy FUD because they're confident that they're not clueless, but to anyone with any experience or common sense, they're just as bad if not worse :D
     
  13. m0unds

    m0unds Guest

    weird, several users were reporting no problems with .631.0, but saw the zbot detection with .656 which doesn't have any changes to the zbot signature.

    *edit*

    Good on 'em for identifying and fixing it already. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=PWS:Win32/Zbot

     
  14. varunit

    varunit Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    79
    LOL really funny :D
     
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Explorer is already the most targeted,so let them bring it.:p
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    At least detect IE 6, which is obviously malware-prone lol.
     
  17. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Yeah, seems this issue was fixed in an MSE update before this thread was even made so.. o_O
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    No, the new malware definition update solving Google Chrome's false positive was issued after the thread was started.

    As soon as I saw this thread (the Wilderssecurity's thread created by user FanJ), I turned on my relative's computer, updated MSE, just to be sure it was fully up-to-date, and then performed a manual scan of the Google Chrome directory. MSE flagged chrome.exe. After that, I added it to the exclusion list.
     
  19. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I guess I got lucky, either I missed that definition update and jumped straight to the new one or it simply wasn't flagged for me.
     
  20. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
  21. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Google Chrome Blog

     
  22. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    Phew! I have missed all of this. It is rare for MSE to have false-positives but there is a certain black humour about it removing Chrome inadvertently.
     
    Last edited: Oct 1, 2011
  23. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Google Chrome Releases Blog:
    http://googlechromereleases.blogspot.com/

     
Loading...
Thread Status:
Not open for further replies.