Users of Microsoft Security Essentials and Google Chrome have been reporting a very unusual issue with their anti-virus program of choice. According to a thread originating on the official Google Chrome support forum, the browser is being identified as a trojan. The first post about the issue was made at 8:02AM, with the following being a direct quote from the thread:
I have been using Chrome on my office PC for over a year. This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed. I clicked the Details button and saw that it was "PWS:Win32/Zbot". I clicked the Remove button and restarted my PC. Now I do not have Chrome. It has been removed or uninstalled. The Chrome.exe file is gone. Was there really a problem, or is this just a way for Microsoft to stick it to Google? If I reinstall Chome, will it have my bookmarks and other settings? Not sure what to do about this, but I much prefer Chrome to Explorer.
Less than 10 minutes after this, the thread creator responded, confirming the issue. When attempting to reinstall the browser, Microsoft Security Essentials deleted the "chrome.exe" installer, citing it as PWS:Win32/Zbot, which is classified as a severe threat by MSE. It is possible that the issue comes from a a compromise with Microsoft Security Essentials or Chrome, but it seems more likely that it stemmed from a conflict between some code.
Microsoft were quick to confirm the issue, and also to try and fix it. They released a new virus definition, and added the following information to the Malware Protection Center page:
On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified. On September 30th, 2011, Microsoft released an update that addresses the issue. Signature versions 1.113.672.0 and higher include this update.
PWS:Win32/Zbot is a password-stealing trojan that monitors for visits to certain Web sites. It allows limited backdoor access and control and may terminate certain security-related processes.
Just over an hour later, a Microsoft employee responded to ZDNet's Ed Bott about the issue via email. He said the following:
On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue - we released an updated signature (1.113.672.0) at 9:57 am PDT - but approximately 3,000 customers were impacted. Affected customers should manually update Microsoft Security Essentials (MSE) with the latest signatures. To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers.