New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 778121 link

Starred by 1 user
Status: Fixed
Owner:
vakh@chromium.org
Closed: Nov 2017
Cc:
mjcastner@google.com
brajkumar@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Chromium is detected as malware by several programs (injection type malware).

Reported by gigabyte...@gmail.com, Oct 25 2017 
Chrome Build         : 511377
URLs (if applicable) : https://download-chromium.appspot.com; https://www.virustotal.com/en/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/analysis/1508910570/

What steps will reproduce the problem?
(1) Extract chrome-win32.zip or open chrome.exe

What is the expected result?
Chromium will extract or launch

What happens instead?
My antivirus detects malware in the latest build of chromium (chrome.exe and UI test).
12/66 antivirus also detect the malware in chrome.exe on virustotal.
The mini installer does not cause any issues.

Please provide any additional information below. Attach a screenshot if
possible.
virus.PNG
22.2 KB View Download

Comment 1 by gigabyte...@gmail.com, Oct 25 2017 

After running for a while, my antivirus has blocked the mini installer files as well. I don't know about the appspot link but the mini installer came from the google APIs.

Comment 2 by brajkumar@chromium.org, Oct 26 2017

Components: Services>Safebrowsing
Labels: Needs-Milestone Needs-Feedback TE-NeedsTriageHelp
Could you please confirm is this issue is seen only with chromium browser? How about chrome market builds?  Re routing to services team for further triage.

Could some one look in to this issue?

Thanks!

Comment 3 by nparker@chromium.org, Oct 27 2017

Labels: -Pri-3 SafeBrowsing-Triaged Pri-2
Owner: vakh@chromium.org

Comment 4 by vakh@chromium.org, Oct 27 2017

Cc: mjcastner@google.com
+mjcastner -- let's discuss this offline.

Comment 5 by gigabyte...@gmail.com, Oct 29 2017 

This issue only occurs with Chromium, which is the browser I want to use. Google Chrome Stable, Beta, Dev and Canary have no issues when it comes to antivirus.
Project Member

Comment 6 by sheriffbot@chromium.org, Oct 29 2017

Cc: brajkumar@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by gigabyte...@gmail.com, Oct 29 2017 

Chrome Stable Scan (no detections): https://www.virustotal.com/#/file/b1ad1afbe24fad21bbb633124c4d21f36871a0d3cba498cfcc049eb3a358449e/detection
Chrome Beta Scan (no detections): https://www.virustotal.com/#/file/c99954bbf4653f5f71209ee78fe772c7791f2fcb76aa7366a16aeb959b648b60/detection
Chrome Dev Scan (1 antivirus alert): https://www.virustotal.com/#/file/dec8c4f767e82e66f0e44fddfe5663e1aa7682a00b15451492285499943cd4f9/detection
Chrome Canary Scan (no detections): https://www.virustotal.com/#/file/3166f915f9e43aa4b743abbaf4bd36ca657daf61c6b574d10219daa8ab617746/detection
Chromium Scan (1 detection):
https://www.virustotal.com/#/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/detection

With Old Virus Total (and my AV Software):
Chrome Stable (0 detections)
Chrome Beta (0 detections)
Chrome Dev (1 detection): https://www.virustotal.com/en/file/dec8c4f767e82e66f0e44fddfe5663e1aa7682a00b15451492285499943cd4f9/analysis/
Chrome Canary (0 detections)
Chromium (12 detections):
https://www.virustotal.com/en/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/analysis/1508910570/

I am not sure but apparently this is an issue on antivirus' part because the latest chromium scan on the old virus total returns 1 detection only, and that scan had the same hash and happened after my scan.
https://www.virustotal.com/en/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/analysis/

Comment 8 by gigabyte...@gmail.com, Oct 29 2017 

Just to clarify, I still cannot install chromium even after updating my antivirus. It is still detected. If I use the mini installer, before chrome.exe is detected as malware, I get this message from AV:
Bitdefender moved a threat to quarantine. File name: c:\users\ispl0it3r\appdata\local\temp\scoped_dir11452_2616\d11452_10000\default\cache\index. It is recommended that you run a System Scan to make sure your system is clean.

Comment 9 by vakh@chromium.org, Oct 30 2017 

Thanks for the detailed analysis.
Please know that I am working with VirusTotal to resolve this but since it has third-party dependencies, it is somewhat complicated and slow.

Comment 10 by vakh@chromium.org, Oct 30 2017

Labels: -TE-NeedsTriageHelp -Needs-Milestone M-62
Status: Started (was: Unconfirmed)

Comment 11 by vakh@chromium.org, Oct 31 2017 

The number of false positives have dropped from 12 to 1. See https://www.virustotal.com/en/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/analysis/

Comment 12 by gigabyte...@gmail.com, Nov 1 2017 

My antivirus is updating, hopefully fixing the problem. It may still be an issue to fix the false positive from CAT-QuickHeal but if the antivirus companies have fixed it themselves, then it is in their hands, not yours.

Comment 13 by vakh@chromium.org, Nov 1 2017

Status: Fixed (was: Started)
All cleaned up: https://www.virustotal.com/en/file/7cb235d530c73c3076c7a08f9aa6be77e5703288683fc7dba0a148209c69e4ae/analysis/

Marking as Fixed.

Comment 14 by gigabyte...@gmail.com, Nov 6 2017 

Thank you very much.

Sign in to add a comment