Google Gears a Virus (Trojan.Downloader-90750) ?

Written by - 1 comments

Published on March 24th 2010 - Listed in Internet


Today our Squid proxy server denied the download of GoogleGears.exe saying it found a virus (Trojan.Downloader-90750). At the begin I thought, this must be a false-alert by ClamAV but by doing a refresh of the download site, the download worked and after another refresh the same virus was found again.

Here what the squid logs are saying:

1) Download blocked - Virus found:

1269416489.415 372 internal IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.136 application/x-ms-application

Wed Mar 24 08:28:43 2010 [29891] LOG Redirecting URL to: http://squid. ip/clwarn.cgi?url=http://dl.google.com/tag/s/appguid%3D %7B283EAF47-8817-4c2b-A801-AD1FADFB7BAA%7D%26iid%3D%7BF5B2DDAE- AC72-6B11-E4D9-E2ADF4A58E0B%7D%26lang%3Den%26browser%3D2%26usagestats %3D1%26appname%3DGears%26needsadmin%3DTrue/gears/ GearsSetup.exe&source=internal.IP/-&user=squid.user&virus=stream: +Trojan.Downloader-90750+FOUND

2) Download worked, not blocked, no virus:

1269420614.010 26 127.0.0.1 TCP_MISS/200 379 HEAD http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.060 50 127.0.0.1 TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? - DIRECT/74.125.79.190 application/x-ms-application
1269420614.164 182 internal.IP TCP_MISS/200 12879 GET http://dl.google.com/update2/1.2.183.23/GoogleInstaller_en.application? squid.user DIRECT/74.125.79.190 application/x-ms-application

Note the different remote servers of Google: 74.125.79.136 (Virus found), 74.125.79.190 (download without problem).

I tried to contact Google but as everybody knows, it is difficult to get in touch with the admins over there. We'll see if there was really a virus on one of the Google servers.


Add a comment

Show form to leave a comment

Comments (newest first)

google virus guy from India wrote on Apr 30th, 2012:

Seems like Google servers also infected with viruses, Not good.