Discussion:
[clamav-users] Google Chrome infected?
(too old to reply)
Frank Chan
2012-04-11 23:06:00 UTC
Permalink
I was doing scan of my hard drive of my MS Windows XP system and noticed
the scan results that some components of Google Chrome were infected by
W32.Virut.Gen.D-148. Here is the excerpt of the scan results.

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

I also found the same results for several other systems I have at work &
home so is Google Chrome truly infected or this a false positive. I have
scanned the Google Chrome for Apple Mac but it doesn't appear to be
infected (when I scan with clamav).
Anyone else seen this?

Frank


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Alain Zidouemba
2012-04-11 23:08:57 UTC
Permalink
Frank,

This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.

Thanks,

-Alain
I was doing scan of my hard drive of my MS Windows XP system and noticed the scan results that some components of Google Chrome were infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z: W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at work & home so is Google Chrome truly infected or this a false positive. I have scanned the Google Chrome for Apple Mac but it doesn't appear to be infected (when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-12 00:33:09 UTC
Permalink
Post by Alain Zidouemba
Frank,
This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.
Thanks,
-Alain
I was doing scan of my hard drive of my MS Windows XP system and noticed the scan results that some components of Google Chrome were infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z: W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at work& home so is Google Chrome truly infected or this a false positive. I have scanned the Google Chrome for Apple Mac but it doesn't appear to be infected (when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-13 03:09:03 UTC
Permalink
Post by Frank Chan
Post by Alain Zidouemba
Frank,
This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.
Thanks,
-Alain
Post by Frank Chan
I was doing scan of my hard drive of my MS Windows XP system and
noticed the scan results that some components of Google Chrome were
infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan
results.
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at
work& home so is Google Chrome truly infected or this a false
positive. I have scanned the Google Chrome for Apple Mac but it
doesn't appear to be infected (when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi Alain,
I checked it again today and it showed no infection in Google Chrome.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-18 17:38:49 UTC
Permalink
Post by Frank Chan
Post by Frank Chan
Post by Alain Zidouemba
Frank,
This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.
Thanks,
-Alain
Post by Frank Chan
I was doing scan of my hard drive of my MS Windows XP system and
noticed the scan results that some components of Google Chrome were
infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan
results.
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at
work& home so is Google Chrome truly infected or this a false
positive. I have scanned the Google Chrome for Apple Mac but it
doesn't appear to be infected (when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi Alain,
I checked it again today and it showed no infection in Google Chrome.
Thank you,
Frank
Hi Alain,
I checked it again this morning and I still get a possible false
positive with Google Chrome with the same file again.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Alain Zidouemba
2012-04-18 17:42:08 UTC
Permalink
What is the file being detected as? What is the MD5 for the file being detected?

- Alain
Post by Frank Chan
Post by Frank Chan
Post by Frank Chan
Post by Alain Zidouemba
Frank,
This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.
Thanks,
-Alain
Post by Frank Chan
I was doing scan of my hard drive of my MS Windows XP system and
noticed the scan results that some components of Google Chrome were infected
by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148
FOUND
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at work&
 home so is Google Chrome truly infected or this a false positive. I have
scanned the Google Chrome for Apple Mac but it doesn't appear to be infected
(when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi Alain,
I checked it again today and it showed no infection in Google Chrome.
Thank you,
Frank
Hi Alain,
I checked it again this morning and I still get a possible false positive
with Google Chrome with the same file again.
Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-18 21:10:37 UTC
Permalink
Post by Alain Zidouemba
What is the file being detected as? What is the MD5 for the file being detected?
- Alain
Post by Frank Chan
Post by Frank Chan
Post by Frank Chan
Post by Alain Zidouemba
Frank,
This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.
Thanks,
-Alain
Post by Frank Chan
I was doing scan of my hard drive of my MS Windows XP system and
noticed the scan results that some components of Google Chrome were infected
by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148
FOUND
C:\Documents and Settings\Frank\Local Settings\Application
W32.Virut.Gen.D-148 FOUND
I also found the same results for several other systems I have at work&
home so is Google Chrome truly infected or this a false positive. I have
scanned the Google Chrome for Apple Mac but it doesn't appear to be infected
(when I scan with clamav).
Anyone else seen this?
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit
http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi Alain,
I checked it again today and it showed no infection in Google Chrome.
Thank you,
Frank
Hi Alain,
I checked it again this morning and I still get a possible false positive
with Google Chrome with the same file again.
Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi Alain,
Here is the MD5 sums of the files you requested.

9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll

Again this is possible false positive is in the same folder location as
before and here is the excerpt from the log:

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

Other MS Windows systems that I did clamscan on show the same thing.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
aCaB
2012-04-19 08:11:37 UTC
Permalink
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
Hi Frank,

Have you submitted them on http://www.clamav.net/sendvirus/submit-fp/ ?
I can't seem to find them in our zoo.
If you haven't yet please do, so they can be processed ASAP.

Cheers,
-- aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-20 23:44:30 UTC
Permalink
Post by aCaB
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
Hi Frank,
Have you submitted them on http://www.clamav.net/sendvirus/submit-fp/ ?
I can't seem to find them in our zoo.
If you haven't yet please do, so they can be processed ASAP.
Cheers,
-- aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Done.

Than you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
aCaB
2012-04-23 08:15:07 UTC
Permalink
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
Done.
I still can't find them. Do you confirm the above md5's?

-- acab
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-23 23:31:51 UTC
Permalink
Post by aCaB
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
Done.
I still can't find them. Do you confirm the above md5's?
-- acab
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Hi acab,
I tried to submit it and it takes a long time but I didn't see the
expected successfully submitted message. I just see the "Sending
request" for a long time (about 1-3 minutes per file) for I get the FP
submission webpage again. BTW I did submit some samples of malware today
without any problems.
Here are the md5sum of these files again which I did double check the
md5sum again:

5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z

Thank you,
Frank






_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
aCaB
2012-04-24 14:43:11 UTC
Permalink
Post by Frank Chan
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
I'm sorry Frank,
it appears the upload wasn't successful.
I can't find neither :/

Cheers,
-- acab
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
edwin+ (Török Edwin)
2012-04-24 19:30:18 UTC
Permalink
Post by aCaB
Post by Frank Chan
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
I got this file, but its not detected by ClamAV now (and the FP submission form won't accept it).
Post by aCaB
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
The 7z is different for me though (but maybe just beacuse my version is different)
4D22AB683E7772F82C642F99BA9B6A28 chrome.7z
Post by aCaB
I'm sorry Frank,
it appears the upload wasn't successful.
I can't find neither :/
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Frank Chan
2012-04-24 23:24:43 UTC
Permalink
Post by edwin+ (Török Edwin)
Post by aCaB
Post by Frank Chan
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
I got this file, but its not detected by ClamAV now (and the FP submission form won't accept it).
Post by aCaB
Post by Frank Chan
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
The 7z is different for me though (but maybe just beacuse my version is different)
4D22AB683E7772F82C642F99BA9B6A28 chrome.7z
Post by aCaB
I'm sorry Frank,
it appears the upload wasn't successful.
I can't find neither :/
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I tired to upload FP from Firefox which seemed to fail so now I've tried
it from Google Chrome to see if there something on the browser and it
seems to upload correctly (according to Chrome status message).
Here is log from clamd.log of the Google Chrome FP:

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Loading...