Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2975
Total: 2978









Author Topic: Microsoft SE detect Google Chrome as Zbot Trojan, accidentally or intentionally?  (Read 4210 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Users of Microsoft Security Essentials and Google Chrome have been reporting a very unusual issue with their anti-virus program of choice. According to a thread originating on the official Google Chrome support forum: http://www.google.com/support/forum/p/Chrome/thread?tid=42d6ba02d7eed070&hl=en , the browser is being identified as a trojan. The first post about the issue was made at 8:02AM, with the following being a direct quote from the thread:
Quote

I have been using Chrome on my office PC for over a year.  This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed.  I clicked the Details button and saw that it was "PWS:Win32/Zbot".  I clicked the Remove button and restarted my PC.  Now I do not have Chrome.  It has been removed or uninstalled.  The Chrome.exe file is gone.  Was there really a problem, or is this just a way for Microsoft to stick it to Google?  If I reinstall Chome, will it have my bookmarks and other settings?  Not sure what to do about this, but I much prefer Chrome to Explorer.

Less than 10 minutes after this, the thread creator responded, confirming the issue. When attempting to reinstall the browser, Microsoft Security Essentials deleted the "chrome.exe" installer, citing it as PWS:Win32/Zbot, which is classified as a severe threat by MSE. It is possible that the issue comes from a a compromise with Microsoft Security Essentials or Chrome, but it seems more likely that it stemmed from a conflict between some code.

Microsoft were quick to confirm the issue, and also to try and fix it. They released a new virus definition, and added the following information to the Malware Protection Center page:
Quote

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update.

Quote

PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain Web sites. It allows limited backdoor access and control and may terminate certain security-related processes.

Just over an hour later, a Microsoft employee responded to ZDNet's Ed Bott about the issue via email. He said the following:
Quote

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue - we released an updated signature (1.113.672.0) at 9:57 am PDT - but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.

(NW)

Samker's Computer Forum - SCforum.info


Fintech

  • SCF VIP Member
  • *****
  • Posts: 367
  • KARMA: 49
  • Gender: Male
Oh, what a thing was really confusing! Fortunately, I do not use either of those! ;D
I do not like to Crome and Security Essential... I have not even tried! ::)
 :up:

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023