Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Google Chrome infected?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


fchan at molsci

Apr 11, 2012, 4:06 PM

Post #1 of 14 (3119 views)
Permalink
Google Chrome infected?
I was doing scan of my hard drive of my MS Windows XP system and noticed
the scan results that some components of Google Chrome were infected by
W32.Virut.Gen.D-148. Here is the excerpt of the scan results.

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

I also found the same results for several other systems I have at work &
home so is Google Chrome truly infected or this a false positive. I have
scanned the Google Chrome for Apple Mac but it doesn't appear to be
infected (when I scan with clamav).
Anyone else seen this?

Frank


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


azidouemba at sourcefire

Apr 11, 2012, 4:08 PM

Post #2 of 14 (3044 views)
Permalink
Re: Google Chrome infected? [In reply to]
Frank,

This is a FP that has already been taken care of. Please update your
signatures and let us know if you run into any problems.

Thanks,

-Alain

On Apr 11, 2012, at 7:06 PM, Frank Chan <fchan [at] molsci> wrote:

> I was doing scan of my hard drive of my MS Windows XP system and noticed the scan results that some components of Google Chrome were infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
>
> C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148 FOUND
> C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z: W32.Virut.Gen.D-148 FOUND
>
> I also found the same results for several other systems I have at work & home so is Google Chrome truly infected or this a false positive. I have scanned the Google Chrome for Apple Mac but it doesn't appear to be infected (when I scan with clamav).
> Anyone else seen this?
>
> Frank
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 11, 2012, 5:33 PM

Post #3 of 14 (3037 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 11-04-2012 16:08, Alain Zidouemba wrote:
> Frank,
>
> This is a FP that has already been taken care of. Please update your
> signatures and let us know if you run into any problems.
>
> Thanks,
>
> -Alain
>
> On Apr 11, 2012, at 7:06 PM, Frank Chan<fchan [at] molsci> wrote:
>
>> I was doing scan of my hard drive of my MS Windows XP system and noticed the scan results that some components of Google Chrome were infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
>>
>> C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148 FOUND
>> C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z: W32.Virut.Gen.D-148 FOUND
>>
>> I also found the same results for several other systems I have at work& home so is Google Chrome truly infected or this a false positive. I have scanned the Google Chrome for Apple Mac but it doesn't appear to be infected (when I scan with clamav).
>> Anyone else seen this?
>>
>> Frank
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Thank you Alain for clearing this up.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 12, 2012, 8:09 PM

Post #4 of 14 (3006 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 11-04-2012 17:33, Frank Chan wrote:
> On 11-04-2012 16:08, Alain Zidouemba wrote:
>> Frank,
>>
>> This is a FP that has already been taken care of. Please update your
>> signatures and let us know if you run into any problems.
>>
>> Thanks,
>>
>> -Alain
>>
>> On Apr 11, 2012, at 7:06 PM, Frank Chan<fchan [at] molsci> wrote:
>>
>>> I was doing scan of my hard drive of my MS Windows XP system and
>>> noticed the scan results that some components of Google Chrome were
>>> infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan
>>> results.
>>>
>>> C:\Documents and Settings\Frank\Local Settings\Application
>>> Data\Google\Chrome\Application\18.0.1025.151\chrome.dll:
>>> W32.Virut.Gen.D-148 FOUND
>>> C:\Documents and Settings\Frank\Local Settings\Application
>>> Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
>>> W32.Virut.Gen.D-148 FOUND
>>>
>>> I also found the same results for several other systems I have at
>>> work& home so is Google Chrome truly infected or this a false
>>> positive. I have scanned the Google Chrome for Apple Mac but it
>>> doesn't appear to be infected (when I scan with clamav).
>>> Anyone else seen this?
>>>
>>> Frank
>>>
>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide: visit
>>> http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
>>
> Thank you Alain for clearing this up.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Hi Alain,
I checked it again today and it showed no infection in Google Chrome.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 18, 2012, 10:38 AM

Post #5 of 14 (2804 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 12-04-2012 20:09, Frank Chan wrote:
> On 11-04-2012 17:33, Frank Chan wrote:
>> On 11-04-2012 16:08, Alain Zidouemba wrote:
>>> Frank,
>>>
>>> This is a FP that has already been taken care of. Please update your
>>> signatures and let us know if you run into any problems.
>>>
>>> Thanks,
>>>
>>> -Alain
>>>
>>> On Apr 11, 2012, at 7:06 PM, Frank Chan<fchan [at] molsci> wrote:
>>>
>>>> I was doing scan of my hard drive of my MS Windows XP system and
>>>> noticed the scan results that some components of Google Chrome were
>>>> infected by W32.Virut.Gen.D-148. Here is the excerpt of the scan
>>>> results.
>>>>
>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>> Data\Google\Chrome\Application\18.0.1025.151\chrome.dll:
>>>> W32.Virut.Gen.D-148 FOUND
>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>> Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
>>>> W32.Virut.Gen.D-148 FOUND
>>>>
>>>> I also found the same results for several other systems I have at
>>>> work& home so is Google Chrome truly infected or this a false
>>>> positive. I have scanned the Google Chrome for Apple Mac but it
>>>> doesn't appear to be infected (when I scan with clamav).
>>>> Anyone else seen this?
>>>>
>>>> Frank
>>>>
>>>>
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide: visit
>>>> http://wiki.clamav.net
>>>> http://www.clamav.net/support/ml
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide: visit
>>> http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>>>
>>>
>> Thank you Alain for clearing this up.
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
>>
> Hi Alain,
> I checked it again today and it showed no infection in Google Chrome.
>
> Thank you,
> Frank
Hi Alain,
I checked it again this morning and I still get a possible false
positive with Google Chrome with the same file again.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


azidouemba at sourcefire

Apr 18, 2012, 10:42 AM

Post #6 of 14 (2805 views)
Permalink
Re: Google Chrome infected? [In reply to]
What is the file being detected as? What is the MD5 for the file being detected?

- Alain

On Wed, Apr 18, 2012 at 1:38 PM, Frank Chan <fchan [at] molsci> wrote:
> On 12-04-2012 20:09, Frank Chan wrote:
>>
>> On 11-04-2012 17:33, Frank Chan wrote:
>>>
>>> On 11-04-2012 16:08, Alain Zidouemba wrote:
>>>>
>>>> Frank,
>>>>
>>>> This is a FP that has already been taken care of. Please update your
>>>> signatures and let us know if you run into any problems.
>>>>
>>>> Thanks,
>>>>
>>>> -Alain
>>>>
>>>> On Apr 11, 2012, at 7:06 PM, Frank Chan<fchan [at] molsci>  wrote:
>>>>
>>>>> I was doing scan of my hard drive of my MS Windows XP system and
>>>>> noticed the scan results that some components of Google Chrome were infected
>>>>> by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
>>>>>
>>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>>> Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148
>>>>> FOUND
>>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>>> Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
>>>>> W32.Virut.Gen.D-148 FOUND
>>>>>
>>>>> I also found the same results for several other systems I have at work&
>>>>>  home so is Google Chrome truly infected or this a false positive. I have
>>>>> scanned the Google Chrome for Apple Mac but it doesn't appear to be infected
>>>>> (when I scan with clamav).
>>>>> Anyone else seen this?
>>>>>
>>>>> Frank
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Help us build a comprehensive ClamAV guide: visit
>>>>> http://wiki.clamav.net
>>>>> http://www.clamav.net/support/ml
>>>>
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>>> http://www.clamav.net/support/ml
>>>>
>>>>
>>> Thank you Alain for clearing this up.
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>>>
>>>
>> Hi Alain,
>> I checked it again today and it showed no infection in Google Chrome.
>>
>> Thank you,
>> Frank
>
> Hi Alain,
> I checked it again this morning and I still get a possible false positive
> with Google Chrome with the same file again.
>
>
> Thank you,
> Frank
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 18, 2012, 2:10 PM

Post #7 of 14 (2801 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 18-04-2012 10:42, Alain Zidouemba wrote:
> What is the file being detected as? What is the MD5 for the file being detected?
>
> - Alain
>
> On Wed, Apr 18, 2012 at 1:38 PM, Frank Chan<fchan [at] molsci> wrote:
>> On 12-04-2012 20:09, Frank Chan wrote:
>>> On 11-04-2012 17:33, Frank Chan wrote:
>>>> On 11-04-2012 16:08, Alain Zidouemba wrote:
>>>>> Frank,
>>>>>
>>>>> This is a FP that has already been taken care of. Please update your
>>>>> signatures and let us know if you run into any problems.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -Alain
>>>>>
>>>>> On Apr 11, 2012, at 7:06 PM, Frank Chan<fchan [at] molsci> wrote:
>>>>>
>>>>>> I was doing scan of my hard drive of my MS Windows XP system and
>>>>>> noticed the scan results that some components of Google Chrome were infected
>>>>>> by W32.Virut.Gen.D-148. Here is the excerpt of the scan results.
>>>>>>
>>>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>>>> Data\Google\Chrome\Application\18.0.1025.151\chrome.dll: W32.Virut.Gen.D-148
>>>>>> FOUND
>>>>>> C:\Documents and Settings\Frank\Local Settings\Application
>>>>>> Data\Google\Chrome\Application\18.0.1025.151\Installer\chrome.7z:
>>>>>> W32.Virut.Gen.D-148 FOUND
>>>>>>
>>>>>> I also found the same results for several other systems I have at work&
>>>>>> home so is Google Chrome truly infected or this a false positive. I have
>>>>>> scanned the Google Chrome for Apple Mac but it doesn't appear to be infected
>>>>>> (when I scan with clamav).
>>>>>> Anyone else seen this?
>>>>>>
>>>>>> Frank
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Help us build a comprehensive ClamAV guide: visit
>>>>>> http://wiki.clamav.net
>>>>>> http://www.clamav.net/support/ml
>>>>> _______________________________________________
>>>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>>>> http://www.clamav.net/support/ml
>>>>>
>>>>>
>>>> Thank you Alain for clearing this up.
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>>> http://www.clamav.net/support/ml
>>>>
>>>>
>>> Hi Alain,
>>> I checked it again today and it showed no infection in Google Chrome.
>>>
>>> Thank you,
>>> Frank
>> Hi Alain,
>> I checked it again this morning and I still get a possible false positive
>> with Google Chrome with the same file again.
>>
>>
>> Thank you,
>> Frank
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Hi Alain,
Here is the MD5 sums of the files you requested.

9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll

Again this is possible false positive is in the same folder location as
before and here is the excerpt from the log:

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

Other MS Windows systems that I did clamscan on show the same thing.

Thank you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


acabng at digitalfuture

Apr 19, 2012, 1:11 AM

Post #8 of 14 (2767 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 04/18/12 23:10, Frank Chan wrote:
> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll

Hi Frank,

Have you submitted them on http://www.clamav.net/sendvirus/submit-fp/ ?
I can't seem to find them in our zoo.
If you haven't yet please do, so they can be processed ASAP.

Cheers,
-- aCaB
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 20, 2012, 4:44 PM

Post #9 of 14 (2661 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 19-04-2012 01:11, aCaB wrote:
> On 04/18/12 23:10, Frank Chan wrote:
>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
> Hi Frank,
>
> Have you submitted them on http://www.clamav.net/sendvirus/submit-fp/ ?
> I can't seem to find them in our zoo.
> If you haven't yet please do, so they can be processed ASAP.
>
> Cheers,
> -- aCaB
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Done.

Than you,
Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


acabng at digitalfuture

Apr 23, 2012, 1:15 AM

Post #10 of 14 (2580 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 04/21/12 01:44, Frank Chan wrote:
> On 19-04-2012 01:11, aCaB wrote:
>> On 04/18/12 23:10, Frank Chan wrote:
>>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
>>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll

> Done.

I still can't find them. Do you confirm the above md5's?

-- acab
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 23, 2012, 4:31 PM

Post #11 of 14 (2545 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 23-04-2012 01:15, aCaB wrote:
> On 04/21/12 01:44, Frank Chan wrote:
>> On 19-04-2012 01:11, aCaB wrote:
>>> On 04/18/12 23:10, Frank Chan wrote:
>>>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
>>>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
>> Done.
> I still can't find them. Do you confirm the above md5's?
>
> -- acab
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
Hi acab,
I tried to submit it and it takes a long time but I didn't see the
expected successfully submitted message. I just see the "Sending
request" for a long time (about 1-3 minutes per file) for I get the FP
submission webpage again. BTW I did submit some samples of malware today
without any problems.
Here are the md5sum of these files again which I did double check the
md5sum again:

5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z

Thank you,
Frank






_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


acabng at digitalfuture

Apr 24, 2012, 7:43 AM

Post #12 of 14 (2515 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 04/24/12 01:31, Frank Chan wrote:
> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z

I'm sorry Frank,
it appears the upload wasn't successful.
I can't find neither :/

Cheers,
-- acab
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


edwin+ml-clamav at etorok

Apr 24, 2012, 12:30 PM

Post #13 of 14 (2489 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 04/24/2012 05:43 PM, aCaB wrote:
> On 04/24/12 01:31, Frank Chan wrote:
>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll

I got this file, but its not detected by ClamAV now (and the FP submission form won't accept it).

>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z

The 7z is different for me though (but maybe just beacuse my version is different)
4D22AB683E7772F82C642F99BA9B6A28 chrome.7z

>
> I'm sorry Frank,
> it appears the upload wasn't successful.
> I can't find neither :/

--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


fchan at molsci

Apr 24, 2012, 4:24 PM

Post #14 of 14 (2487 views)
Permalink
Re: Google Chrome infected? [In reply to]
On 24-04-2012 12:30, Török Edwin wrote:
> On 04/24/2012 05:43 PM, aCaB wrote:
>> On 04/24/12 01:31, Frank Chan wrote:
>>> 5974bc2d26dc0f1e9755ccc2806cfda2 chrome.dll
> I got this file, but its not detected by ClamAV now (and the FP submission form won't accept it).
>
>>> 9652e7d2d40f72c4f4acec0e2dea28a1 chrome.7z
> The 7z is different for me though (but maybe just beacuse my version is different)
> 4D22AB683E7772F82C642F99BA9B6A28 chrome.7z
>
>> I'm sorry Frank,
>> it appears the upload wasn't successful.
>> I can't find neither :/
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
>
I tired to upload FP from Firefox which seemed to fail so now I've tried
it from Google Chrome to see if there something on the browser and it
seems to upload correctly (according to Chrome status message).
Here is log from clamd.log of the Google Chrome FP:

C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\chrome.dll:
W32.Virut.Gen.D-148 FOUND
C:\Documents and Settings\Frank\Local Settings\Application
Data\Google\Chrome\Application\18.0.1025.162\Installer\chrome.7z:
W32.Virut.Gen.D-148 FOUND

Frank
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.