Jump to content
Sign in to follow this  
Kiant

Chrome_frame_helper.exe FP?

Recommended Posts

Hi, I haven't been online for about 4 days, my system was clean the last time I was on though, updated everything before I went online today and decided to do a scan and found that flagged as a Trojan.agent on the free malwarebytes. Did a scan with Kaspersky internet security 2013 and it didn't pick anything up, so is it safe to assume it's a FP? just I'm freaking out a bit :P ty

Regards,

Ben

Share this post


Link to post
Share on other sites

Same here.

BUT

as it turns out, it was an older version of the chrome_frame_helper.exe

Chrome does not clean up older versions.

The one "detected" was

Files Detected: 1

C:\Documents and Settings\**user name**\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe (Trojan.Agent)

Same file in latest version OK.

C:\Documents and Settings\**user name**\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64

Same in previous ones, no warnings

21.0.1180.89

21.0.1180.94

Share this post


Link to post
Share on other sites

As nosirrah implies above, but does not state explicitly, this is a false positive result.

This file is harmless and the detection can be ignored: ...Program Files (x86)\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe

It may be a good opportunity for some people to delete old versions of Chrome from their systems. These take up disk space, and there is no need for them. You may wish to leave the next-to-last version, in case you want to roll back to it.

To do this, navigate to "...\Application\" as above, then delete all the folders with names like 21.0.1180.83, except leave the most recent (or the two most recent). The most recent will have the "biggest number" as its file name, and will show the most recent "Date Modified" in Windows Explorer.

For more details, search for "delete old versions chrome". The top several search results (as of today on Google), all contain apparently reliable information. The two main choices are to delete the folders as above, or to install a utility someone has made called "OldChromeRemover". I can't really see much need to download and install a program to do this for you, and also, the program removes all versions of Chrome except for the current one.

Keywords: chrome_frame_helper.exe chrome frame helper.exe malwarebytes detection trojan agent

Share this post


Link to post
Share on other sites

I would tend to disagree, there is more of a story here than meets the eye.

chrome_frame_helper.exe is used as a legitimate executable to allow a sideloading attack from certain state actors.  The tell is if you see the dll and a third file in the same directory.  Chrome_frame_helper loads the dll which has been hinked to load the XOR encoded binary that is in the third file.  Many times that file will be a PlugX variant but it doesn't need to be, it can be Mimikatz, pwdump, or anything else the attacker is trying to load into memory.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.