Microsoft Security Essentials detects Chrome as “trojan”: releases fix

Earlier today reports began amassing in a Google Chrome forum that Microsoft Security Essentials was detecting the PWS:Win32/Zbot trojan as being present in Google Chrome, and removing the web browser from user machines once they had consented to remove the program.

mse-chrome_thumb News

One user in the Chrome forums narrowed things down a little bit as to why some installations of Chrome were unaffected, according to him:

We have Chrome deployed in some parts of our enterprise. It seems like the Chrome users that do not send usage statistics to Google are unaffected. All of our users have the same virus definition, but some still have Chrome.

Both Ryan Naraine and Ed Bott at ZDNet reported on the issue, and Microsoft has just confirmed that MSE is reporting a false positive and has issued a fix (scroll to the bottom):

On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update.

We were able to install Chrome, run MSE, and it did indeed detect Chrome as a “password stealer” (see screenshot above).  After waiting a bit, we’ve just received the 1.113.672.0 update, installed it, reran a scan, and while the threat was still active, removing it did not remove Google Chrome.

If you’ve removed Google Chrome through the false positive shown by MSE, you should be able to now reinstall, and rerun a scan with the new definitions with no ill effects.