Author Topic: Drake (Tax Software) Files Detected (Read 4076 times)

REDACTED · « **on:** June 30, 2016, 05:43:49 AM »

Ran a full scan on one of our machines and had 3 files from Drake (professional tax preparer software) pop as infected.

Checked out Drake's site and while they mention that some false positives are possible due to e-filing support, they don't get into specifics. I can call their support tomorrow (too late today) but one of the first bullet points was pretty much 'we don't recommend/work with free AV' (we're on the business free since this is an approx 10 person company). Google wasn't much help either. So I'm hoping perhaps someone has insight here.

Oh, and MalwareBytes ran concurrently came back clean.

Files:
Drake06\FID\FID042.DLL
Drake06\CRP\CRP115.DLL
Drake10\FID\FID035.DLL

These are all application extensions that are among tons of others in their respective files and years. Numbering fits, file name fits, etc.

Asyn · « **Reply #1 on:** June 30, 2016, 06:13:36 AM »

You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

REDACTED · « **Reply #2 on:** June 30, 2016, 07:04:10 AM »

Quote from: Asyn on June 30, 2016, 06:13:36 AM

You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php

Thanks, I will.

Is there any way to go about double checking that these are actually FPs? I mean it would be very targeted malware (tax offices beware) but still possible, and we do deal in sensitive info so I'd rather not just ignore if there's a chance.

Edit: Just finished reporting the potential FP and saw that they do reply. Not sure what the turnaround is usually like. I'd still be interested in anything I can do to double check on my end. Just letting (potential) malware sit on a machine dealing with SSNs, bank accounts, etc is not a recipe for sleeping well, even if it's a pretty outside chance!

Asyn · « **Reply #3 on:** June 30, 2016, 07:10:30 AM »

Quote from: Christine91 on June 30, 2016, 07:04:10 AM

Is there any way to go about double checking that these are actually FPs? I mean it would be very targeted malware (tax offices beware) but still possible, and we do deal in sensitive info so I'd rather not just ignore if there's a chance.

You can test the files at VT (https://www.virustotal.com).

REDACTED · « **Reply #4 on:** June 30, 2016, 07:24:25 AM »

Two of the files coming up at about half, one is about a quarter.

https://www.virustotal.com/en/file/15064d761906bb0aacb626c5db26d4b6e7b6820bd11f3a1bf938b38c8502dff7/analysis/1467263527/
https://www.virustotal.com/en/file/03a59f1ae68b6f7f3ddf14d68bcab7a464a8f649b07c1215d194f8eb282e53f4/analysis/1467263752/
https://www.virustotal.com/en/file/a0098e50b98390520df5dd6c3a569bc74a014f6ff8432011960f75c788e0f60c/analysis/1467263659/

Sorry for not prettifying links, it's quite late here and I'm rather tired.

Seems like most of the 'big hitters' that I find trustworthy are ok with it, but it still bothers me that so many others - even if sub quality - seem to disagree I guess?

I submitted all 3 to Avast so perhaps we just wait and see... I'd uninstall Drake '10 and Drake '06 but I don't want to back up the files elsewhere if anything is infected. Catch 22 I suppose.

Edit: Heard back from Avast, they are escalating the files (to hand review I believe) so we'll see. Hopefully all good /fingers crossed.

misak · « **Reply #5 on:** July 12, 2016, 04:25:10 PM »

Hi Christine91,

all 3 files have been re-classified as clean on June 30th.

Author Topic: Drake (Tax Software) Files Detected (Read 4076 times)

REDACTED

Drake (Tax Software) Files Detected

Asyn

Re: Drake (Tax Software) Files Detected

REDACTED

Re: Drake (Tax Software) Files Detected

Asyn

Re: Drake (Tax Software) Files Detected

REDACTED

Re: Drake (Tax Software) Files Detected

misak

Re: Drake (Tax Software) Files Detected