Faulty Microsoft AV update nukes Chrome browser

Summary:Microsoft has confirmed that its security tools erroneously removed the Google Chrome browser from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

UPDATE: Microsoft has confirmed that this was caused by a faulty anti-virus definition update that affected about 3,000 Windows users.

Here's Microsoft's statement:

“On September 30th, 2011, an incorrect detection for PWS:Win32/Zbot was identified and as a result, Google Chrome was inadvertently blocked and in some cases removed from customers PCs. We have already fixed the issue -- we released an updated signature (1.113.672.0) at 9:57 am PDT -- but approximately 3,000 customers were impacted.

A Microsoft spokesperson says affected users should manually update Microsoft Security Essentials (MSE) with the latest signatures.

"To do this, simply launch MSE, go to the update tab and click the Update button, and then reinstall Google Chrome. We apologize for the inconvenience this may have caused our customers," the spokesperson said.

ORIGINAL REPORT:

There are numerous reports circulating that the Microsoft Security Essentials anti-malware utility is flagging Google's Chrome browser as a password-stealing trojan.

In what appears to be a crucial false-positive, Microsoft's security tools are removing Chrome from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

Complaints from Chrome users are lighting up support forums this morning:

I have been using Chrome on my office PC for over a year.  This morning, after I started up the PC, a Windows Security box popped up and said I had a Security Problem that needed to be removed.  I clicked the Details button and saw that it was "PWS:Win32/Zbot".  I clicked the Remove button and restarted my PC.  Now I do not have Chrome.  It has been removed or uninstalled.  The Chrome.exe file is gone.  Was there really a problem, or is this just a way for Microsoft to stick it to Google?  If I reinstall Chrome, will it have my bookmarks and other settings?  Not sure what to do about this, but I much prefer Chrome to Explorer.

And another:

follow Ryan Naraine on twitter

I just tried to reinstall Chrome, and Windows Security stopped it.  Again citing a "severe" threat, "PWS:Win32/Zbot".  What is going on here?

This Chrome user narrows down the problem:

I have the issue as well. Microsoft Security Essentials is removing it.

MSE Versions:

Security Essentials Version: 2.1.1116.0 Antimalware Client Version: 3.0.8402.0 Engine Version: 1.1.7702.0 Antivirus definition: 1.113.656.0 Antispyware definition: 1.113.656.0

In addition to Microsoft Security Essentials, the Microsoft Forefront Endpoint Protection product is also detecting and removing Google Chrome as a malware threat.  Both products share the same anti-malware engine.

* See more on this issue from Ed Bott.

Topics: CXO, Browser, Microsoft, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.