Google Gears a Virus (Trojan.Downloader-90750) ?

Written by - 1 comments

Published on - Listed in Internet

Today our Squid proxy server denied the download of GoogleGears.exe saying it found a virus (Trojan.Downloader-90750). At the begin I thought, this must be a false-alert by ClamAV but by doing a refresh of the download site, the download worked and after another refresh the same virus was found again.

Here what the squid logs are saying:

1) Download blocked - Virus found:

1269416489.415 372 internal IP TCP_MISS/200 12879 GET squid.user DIRECT/ application/x-ms-application

Wed Mar 24 08:28:43 2010 [29891] LOG Redirecting URL to: http://squid. ip/clwarn.cgi?url= %7B283EAF47-8817-4c2b-A801-AD1FADFB7BAA%7D%26iid%3D%7BF5B2DDAE- AC72-6B11-E4D9-E2ADF4A58E0B%7D%26lang%3Den%26browser%3D2%26usagestats %3D1%26appname%3DGears%26needsadmin%3DTrue/gears/ GearsSetup.exe&source=internal.IP/-&user=squid.user&virus=stream: +Trojan.Downloader-90750+FOUND

2) Download worked, not blocked, no virus:

1269420614.010 26 TCP_MISS/200 379 HEAD - DIRECT/ application/x-ms-application
1269420614.060 50 TCP_MISS/200 12879 GET - DIRECT/ application/x-ms-application
1269420614.164 182 internal.IP TCP_MISS/200 12879 GET squid.user DIRECT/ application/x-ms-application

Note the different remote servers of Google: (Virus found), (download without problem).

I tried to contact Google but as everybody knows, it is difficult to get in touch with the admins over there. We'll see if there was really a virus on one of the Google servers.

Add a comment

Show form to leave a comment

Comments (newest first)

google virus guy from India wrote on Apr 30th, 2012:

Seems like Google servers also infected with viruses, Not good.