03/18/2009 15:58:05: MSITSJACK VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
GoogleChrome version 2.0.169.1
Second time this happens.
Chrome is not conterminated though! NO page was opened: Chrome was just started without any page.
btw… after the first alert I removed the application and reinstalled it again.
Used it many times since without any problem - and all of the sudden BOCLEANS pops up.
No change in CHROME (no update) and the only change in Boclean: auto-update malwarelist.
So why it pops up now and then and all other times not … beats me.
I also put the exe in BOCLEANS Program Excluders list - so why does it still get mis-judged when excluded?
Second time (now) I just restarted Chrome and no problemos… even no Boclean message popping up.
I don’t see how/why it’s in C:\Program Files.…
It should be in your “C:\Users\USER NAME HERE\AppData\Local\Google\Chrome”
Then Try Adding This To The Excluder
No… it depends on how you install Chrome.
If you install it seperately, it will be installed in the users path.
When installed via Google Updater, it will be installed in the program files.
The first alert I got on chrome by Boclean was when it was installed as standalone so in the users path.
I uninstalled and installed it via google’s software updater pack - which installed in the programs folder.
Then I once again removed and added chrome.exe from its location into excluder.
Thus remains… why does boclean intercept chrome on a very random delay as containing malware - and why does the added entry in the excluder not function…
This is a little bit confusing for me :-\ Normaly the excluder should work if you have excluded the right .exe file. That said, you could do us a favour by reporting this as a false positive :
Thanx for your reply.
The email will be sent out this weekend
The false-positive report on here … uhm… wasn’t this topic I created just that - or what info do you miss?
Maybe I did find the cause - that is: if BOClean detects changes in filesize as being attacked?
Chrome did have some minor under-the-hood-updates which caused the filesize to change while running.
If BOClean detects this - even with the app in it’s ‘exlude’ list it makes sense that it alerts.
for me this item can be closed then - I assume the message it showed (MSITSJACK VARIANT) is a general description for changes in filesizes so the alert was correct though somewhat confusing.
