300+ free and legal portable apps (over 9GB), up-to-date, & new apps regularly (Jul 28, 2014: Transmission-qt).
Get the fast, new 64GB PortableApps.com Companion, encrypted PortableApps.com Carbide, or carry your KeyZ.
PA.c Platform 12.0 Beta 3.2 (May 20, 2014) | PortableApps.com needs your help: Please donate today.

Clamwin detecting W32.Virut.Gen.D-148 in Portable Chrome

PortaJohn - May 6, 2012 - 1:50pm
Share on Facebook

Im new to portableapps, but just installed clamwin and chrome and clamwin is saying

PortableApps\GoogleChromePortable\App\Chrome-bin\18.0.1025.168\chrome.dll: W32.Virut.Gen.D-148 FOUND

Is clamwin have a lot of false notices ?


( categories: )

Same issue

Just updated my USB from a much older version of Portable Apps and thought I'd give the ClamWin AV a test.

It detected the very same file and description.

A Norton 2012 scan of the same file showed no infection.

Just curious.

OD

Not older than dirt but I was there when dirt was new.

Seeing as Chrome Portable is

Seeing as Chrome Portable is a widely used app I would expect a lot more people to report it if there really was a virus in it, and it would also be cleaned up quite quickly too.

The best bet is to always check the file out with VirusTotal before reporting it here.

VirusTotal will tell you how many of the popular virus engines detect malware in the file, and based on that it will give an indication of whether a real threat exists or if it is just a false positive.

It's not a bug, its a feature.

Ressurection

sorry for waking up old discussion
but I just got my portable apps cleaned by Microsoft Security Essential.

I just uploaded the exe to VirusTotal and here is the result

https://www.virustotal.com/en/file/02d4580d4a57ee4dcb1af68b6882bf2b7e538...

Definitely looks infected

Which version of Chrome Portable?

If it is 28.0.1500.95, the md5 does not match that of a freshly installed copy, so you have definitely picked up something nasty from somewhere.

Edit: Here are the results for a fresh install of the same file from 28.0.1500.95.

It's not a bug, its a feature.

Wouldn't Run

That file was infected after the fact. It won't run (it has a built-in self check to alert you it has been altered) and, in theory, shouldn't start under Windows as the digital signature would now be wrong. Here's what the legitimate files scans as (100% clean):
https://www.virustotal.com/en/file/3fbc81e380c2cf819525515f3d9c23c6d3c01...

Sometimes, the impossible can become possible, if you're awesome!