Wednesday, October 08, 2008

Google chrome comes with a Trojan - false positive

Who in this world likes to download a trojan instead of the program you want to get?
In my case, when I tried to download Google Chrome, avast saved me from downloading a trojan called Win32:Midgare-OI [Trj] and it seems that I am not the only one who has run into it

I thought that I was being saved by avast but after reading the mentioned post in google groups, I have found that it might most likely be a false positive by avast. I do not think that Google is going to be happy with the impression given to many users that were using avast and tried to download chrome.

Here is the screenshots if you are interested.

Image 1: You can see that I did not even have time to "save" the file to the hard drive.

google-chrome-trojan(from IE)
Image 2: I tried to download Google Chrome with Internet Explorer and get asked if I want to "run" the program. If I cancel and go to next page to download the file, I get the same trojan warning



  2. Every few months, we used to get a frantic email from dveditz or Asa, asking the release "team" (all two of us) to investigate whether the Firefox binaries we had pushed were infected with viruses, as someone's AV software had complained.

    The search always turned out to be a false positive, which is why one of the steps (that beltzner... or maybe ss?) now usually performs is sending hashes/signatures to anti-virus vendors before shipping.

    Signing all the Win32 .dlls and .exes within the installer, while extremely painful to do at the time, also helped.

    I wouldn't be surprised to hear that these emails still come in. Packages, as you probably know, are still scanned for viruses on the main ftp.m.o file server, but there's a bug languishing somewhere about doing virus scanning (passive, most likely; active would be too much of a performance hit) on the build VMs/machines (win32, mostly) themselves.