You are here

Clamwin detecting W32.Virut.Gen.D-148 in Portable Chrome

6 posts / 0 new
Last post
PortaJohn
Offline
Last seen: 11 years 10 months ago
Joined: 2012-05-06 13:46
Clamwin detecting W32.Virut.Gen.D-148 in Portable Chrome

Im new to portableapps, but just installed clamwin and chrome and clamwin is saying

PortableApps\GoogleChromePortable\App\Chrome-bin\18.0.1025.168\chrome.dll: W32.Virut.Gen.D-148 FOUND

Is clamwin have a lot of false notices ?

o1d_dude
Offline
Last seen: 7 years 11 months ago
Joined: 2005-12-22 01:06
Same issue

Just updated my USB from a much older version of Portable Apps and thought I'd give the ClamWin AV a test.

It detected the very same file and description.

A Norton 2012 scan of the same file showed no infection.

Just curious.

OD

Not older than dirt but I was there when dirt was new.

Ken Herbert
Ken Herbert's picture
Offline
Last seen: 2 hours 21 min ago
DeveloperModerator
Joined: 2010-05-25 18:19
Seeing as Chrome Portable is

Seeing as Chrome Portable is a widely used app I would expect a lot more people to report it if there really was a virus in it, and it would also be cleaned up quite quickly too.

The best bet is to always check the file out with VirusTotal before reporting it here.

VirusTotal will tell you how many of the popular virus engines detect malware in the file, and based on that it will give an indication of whether a real threat exists or if it is just a false positive.

Suya Lynx
Offline
Last seen: 9 years 15 hours ago
Joined: 2006-12-18 05:39
Ressurection

sorry for waking up old discussion
but I just got my portable apps cleaned by Microsoft Security Essential.

I just uploaded the exe to VirusTotal and here is the result

https://www.virustotal.com/en/file/02d4580d4a57ee4dcb1af68b6882bf2b7e538...

Ken Herbert
Ken Herbert's picture
Offline
Last seen: 2 hours 21 min ago
DeveloperModerator
Joined: 2010-05-25 18:19
Definitely looks infected

Which version of Chrome Portable?

If it is 28.0.1500.95, the md5 does not match that of a freshly installed copy, so you have definitely picked up something nasty from somewhere.

Edit: Here are the results for a fresh install of the same file from 28.0.1500.95.

John T. Haller
John T. Haller's picture
Online
Last seen: 16 min 57 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Wouldn't Run

That file was infected after the fact. It won't run (it has a built-in self check to alert you it has been altered) and, in theory, shouldn't start under Windows as the digital signature would now be wrong. Here's what the legitimate files scans as (100% clean):
https://www.virustotal.com/en/file/3fbc81e380c2cf819525515f3d9c23c6d3c01...

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments