Windows Defender calls Alexa Toolbar Trojan

Tom Keating : VoIP & Gadgets Blog
Tom Keating
| VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinions

Windows Defender calls Alexa Toolbar Trojan

This morning I discovered several PCs running Windows Defender and the Alexa Toolbar were receiving messages that the Alexa Toolbar was classified as a trojan. The name classfication within Windows Defender was Win32/VB.BZ as seen here: (click for large view)

Windows Defender Alexa Toolbar

I then tested installing the Alexa toolbar onto a brand-spanking new Windows Vista PC. As the file was downloading, Windows Defender popped up with a warning and said the risk/Alert Level was "High".

Windows Defender Warning

I installed the file anyway and it once again classified the Alexa Toolbar as Win32/VB.BZ, a "trojan clicker", according to the results I see via a Google search on Win32/VB.BZ.

The files it found were C:\WINDOWS\system32\alxres.dll and C:\WINDOWS\AlxTB1.dll - legitimate Alexa files.

So does Microsoft have it in for Alexa? What gives? This is a valuable tool used by millions of users to track their own traffic and their competitors traffic. Yes, it is a "form" of spyware since it reports your web surfing habits, but it certainly isn't a "trojan clicker".  Clearly this is a mis-classification on Microsoft's part. Also, the risk level should be "Medium" at worst - not "High". I should add that most users that install the Alexa toolbar are aware that it reports which websites you visit .

I'm going to research this some more and post more here. Stay tuned!

One theory I have is that the actual Win32/VB.BZ "TrojanClicker" uses a very similar "signature" that Alexa does. Anti-virus and anti-spyware programs rely on signature fingerprints to identify threats. It's possible Win32/VB.BZ "TrojanClicker"  was developed with a similar signature as Alexa on purpose to try and masquerade itself as the Alexa toolbar. In the process of trying to look like Alexa's signature, Microsoft Defender is probably identifying the Alexa Toolbar incorrectly.

Featured Events