Google Chrome detected as PWS:Win32/Zbot by MSE
Microsoft Security Essentials detected Google Chrome as a Password Stealer:
PWS:Win32/Zbot
Category: Password Stealer
Description: This program is dangerous and captures user passwords.
Recommended action: Remove this software immediately.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
file:%LocalAppData%\Google\Chrome\Temp\source\Chrome-bin\chrome.exe
I can't tell if it's a particular extension that I tried to synch from my other machine, the chrome application itself, or just a false positive. I've run a full scan on the another machine that Chrome is synched with and nothing was detected.
Should I be worried? What can I do to get rid of it?
Solution 1:
As a workaround for now, the current Chrome Beta doesn't trip the MSE stuff.
UPDATE: Microsoft confirms it's a false positive and releases a fix, read about it.
Solution 2:
This is how I fixed it:
- Delete the entire Chrome directory under
%LocalAppData%. - Download the Google Chrome installer using another browser.
- Disable Microsoft Security Essentials.
- Install Google Chrome.
- Enable Microsoft Security Essentials.
Solution 3:
I do believe Chrome launches its extensions in a secured environment within itself.
I would disable/delete all your extensions and scan the same file. If it is not detected as the same file, then an extension is the cause, and could be a real threat.
Of course MSE does use behavioral detection, so the chances of it beng a false positive is very high, I would simply use a website that uses several scanners to verify the file.
PWS:Win32/Zbot is also a generic threat.