tag:infinitekind.tenderapp.com,2009-01-14:/discussions/problems/79986-trojanscript-found-in-fmodulesyahooqtmxtInfinite Kind: Discussion 2022-08-15T16:10:18Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-05T14:36:06Z2022-05-05T14:36:06ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Hi Don,</p>
<p>We are sorry to hear about the problem you have encountered.</p>
<p>Unfortunately, this is a false alert and a known problem. The only work around for the time being is to allow this file/process until it’s fixed.</p>
<p>I hope this information is helpful. Please let us know if you have further questions or need more assistance.</p>
<p>--<br>
Maddy, Infinite Kind Support</p></div>Maddytag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-06T01:12:45Z2022-05-06T01:12:46ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Hi Maddy,</p>
<p>What is your source for characterizing this as a false alert/positive? The developer? My Defender app also quarantined the file/automatically removed the yahooqt.mxt extension from Moneydance's fmodules folder. Thanks.</p></div>esqacktag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-06T11:53:22Z2022-05-06T11:53:22ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Hi Don,</p>
<p>I've verified that the yahooqt.mxt extension is exactly identical to the one that I've created, and I can assure you that there were no viruses in it then, or added since. If you've used the built-in extension manager to find and install the extension, and not downloaded the yahooqt.mxt file from the web or received it via email, then it is safe to load.</p>
<p>I ran Windows Defender on the original file and it thought there was a virus in it, but I confirmed the contents of the file are exactly as when I packaged and digitally signed the extension. I've also extracted the contents of the file and verified that there isn't any malicious code within it.</p>
<p>When I looked up the details on the virus that Defender claims it is, it doesn't match up and there's no way that such a virus could infect something based on the way that moneydance loads the extension files.</p>
<p>I'm confident that this is a false alarm and the threat should be "allowed" by going into Windows Defender, clicking on the Actions menu for the thread and choosing "Allow".</p>
<p>Thanks,<br>
Sean</p>
<p>--<br>
Sean Reilly<br>
Developer, The Infinite Kind<br>
<a href="https://infinitekind.com">https://infinitekind.com</a></p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-06T12:38:15Z2022-05-06T12:38:16ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>I don't know if it helps with any resolution from the development side, but Windows Defender also claims that Trojan:Script/Oneeva.A!ml is also present in yahooqt.mxt. I thought this info might be useful in case iK is working with Microsoft towards a resolution. Thanks!</p></div>Scotttag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-06T20:40:52Z2022-05-06T20:40:54ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>I too had Windows Defender claims (May 6, 2022) that Trojan:Script/Oneeva.A!ml is also present in yahooqt.mxt and quarantined the file. Is this a false positive as well?</p>
<p>Thanks</p></div>Joetag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-07T04:56:47Z2022-05-07T04:56:48ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Thank you for the replies.</p></div>esqacktag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-08T17:27:29Z2022-05-08T17:27:29ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Today, after updating Windows "Security Intelligence Version" with version 1.363.1629.0 dated 05/08/2022 03:44 I was able to download and install fmodules/yahooqt.mxt v1032 without it being flagged. I even ran Windows Defender against the file itself.<br>
I am unsure if you worked with Microsoft, or they changed their "intelligence" on their own, or if you changed your yahooqt script. But for future reference, in my opinion, I think it unwise to recommend allowing flagged threats just to make your software work.</p></div>don.canovatag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-08T22:01:30Z2022-05-08T22:01:30ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Well... Unfortunately I spoke too soon. This afternoon I fired up my computer again and Windows Defender immediately found the Trojan:Script/Oneeva.A!ml once more. Maybe this will help diagnose the problem when you talk to Microsoft, but I won't be using your script until you or Microsoft fix this problem.</p></div>don.canovatag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-08T22:03:31Z2022-05-08T22:03:31ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Perhaps the Trojan:Script is downloading from Yahoo when the quotes are downloaded.</p></div>don.canovatag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-08T23:10:07Z2022-05-08T23:10:07ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>I did not get a hit on either yahooqt or oneeva today when I installed the extension and updated the security values. However, I do think don.canova's suggestion is prudent -- something is triggering the alerts, even if beyond The Infinite Kind's build, and it likely is best to put it on ice until the cause is determined or corrected and announced.</p></div>esqacktag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-16T13:28:58Z2022-05-16T13:28:58ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>Last Friday I again downloaded your Quotes and Exchange Rates Updater script v1032 and Micorosoft Defender allowed it to install without alerting. I used the script to download quotes on Friday and this morning (Monday) and so far, still no alerts from MS Defender. The MS Defender "Intelligence" version I now have installed is 1.363.2050.0 dated 5/16/2022. Hopefully this ends the drama.</p></div>don.canovatag:infinitekind.tenderapp.com,2009-01-14:Comment/541499722022-05-16T16:01:51Z2022-05-16T16:01:52ZTrojan:Script found in fmodules\yahooqt.mxt<div><p>I had the same experience. Thank you for following up, and in doing so, reminding me that I needed to reinstall the extension.</p></div>esqack