Google Chrome detected as PWS:Win32/Zbot by MSE

13

1

Microsoft Security Essentials detected Google Chrome as a Password Stealer:

PWS:Win32/Zbot

Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

file:%LocalAppData%\Google\Chrome\Temp\source\Chrome-bin\chrome.exe

I can't tell if it's a particular extension that I tried to synch from my other machine, the chrome application itself, or just a false positive. I've run a full scan on the another machine that Chrome is synched with and nothing was detected.

Should I be worried? What can I do to get rid of it?

PabloC

Posted 2011-09-30T14:19:10.667

Reputation: 233

Discussion on google chrome forum (which still doesn't have a solution as of this comment posting) http://www.google.es/support/forum/p/Chrome/thread?tid=42d6ba02d7eed070&hl=en

– pettys – 2011-09-30T15:52:16.563

Answers

8

As a workaround for now, the current Chrome Beta doesn't trip the MSE stuff.

UPDATE: Microsoft confirms it's a false positive and releases a fix, read about it.

pettys

Posted 2011-09-30T14:19:10.667

Reputation: 378

Thank you pettys. I couldn't find very much about it this morning (GMT). – PabloC – 2011-09-30T17:44:00.670

6

This is how I fixed it:

  1. Delete the entire Chrome directory under %LocalAppData%.
  2. Download the Google Chrome installer using another browser.
  3. Disable Microsoft Security Essentials.
  4. Install Google Chrome.
  5. Enable Microsoft Security Essentials.

Charles Nicholson

Posted 2011-09-30T14:19:10.667

Reputation: 161

3

I do believe Chrome launches its extensions in a secured environment within itself.

I would disable/delete all your extensions and scan the same file. If it is not detected as the same file, then an extension is the cause, and could be a real threat.

Of course MSE does use behavioral detection, so the chances of it beng a false positive is very high, I would simply use a website that uses several scanners to verify the file.

PWS:Win32/Zbot is also a generic threat.

Ramhound

Posted 2011-09-30T14:19:10.667

Reputation: 28 517

Asked: 2011-09-30T14:19:10.667

Viewed: 3 680 times

Active: 2012-02-16T08:00:30.207