Hello all,
An antivirus software flags Turbo Tax with not one but two pieces of malware.
I use VirusTotal at the website with the same name. The first is "TrojanDropper.Agent.lxk" by Jiangmin and the 2nd is "Adware.Presenoker" by VBA32. This is a fresh download directly from Intuit.com
This link shows the results of the virus scan.
https://www.virustotal.com/gui/file/5c045ea43ca1196202a1edb8901c3aa6eefe180d83132c086710911d05b5ebb3
Considering this is financial with all of the the most sensitive information, SSN, etc., I am particularly cautious.
I'm also putting in a support request with Intuit directly and plan on posting what they say here.
You'll need to sign in or create an account to connect with an expert.
AV apps are tools. Sometimes they will miss infected files or even indicate that a clean file is infected.
Now sure what you did because there is no download with the online version unless you are just using it to post this. As far as I can tell no one else has reported their AV app detected that a downloaded version had malware, but satisfy yourself.
I didn't say it was the online version. I downloaded the installer for the "Desktop" version or "offline" version.
I'm aware of the possibility of false positives by antivirus software. Still given major software, see the Solar Winds attack, companies have unwittingly distributed malware, I think caution is warranted.
Also, I don't see a way to email, chat with or otherwise contact intuit except by a support phone number. I'm not yet sure when I'll find the time to call them.
I did the same scan as you and noticed the issue. I then scanned the previous year downloads (2021,2022,2023) and they all have the exact same situation. the same 2 virustotal vendors flag the same TrojanDropper and Adware. I think that these are actually false positives. If it was an issue, I think it would have been noticed by now. Jiangmin is a company located in China. VBA32 is located in Belarus. I'm not sure how you would reach out to them to inquire or report the positive result. At this point, I'm probably going to install.
I too just saw this with the same issues
you should be safe if you bought the app from the Turbotx website or an authorized reseller. If you bought it from a website that had a huge discount be wary.
Edge download auto scan flagged it as a virus.
If this is a false positive Intuit needs to work with the antimalware vendors to identify this.
And, where are the file hashes for this download???
Bought from Costco, but this year there is no DVD. It requires I download from InstallTurboTax.com. That download yielded Edge antimalware scan alert.
Intuit, you have to fix this.
Try using a different browser to download it. And I turn off my anti-virus.
Let's assume that someone broke into Intuit's web server and injected malware/viruses into the download. Then let's assume you disabled malware/antivirus checking. Then let's assume you run the download to install TurboTax.
With these assumptions, when the downloaded installer runs, you are running malware. Since you will be entering super sensitive info like socsecurity # and your income ... malware now has that info.
This is why you don't disable antivirius/malware checking.
This is also why Intuit is supposed to provide antimalware vendors with their trusted signatures.
This is also why Intuit digitally signs the installation app. But their signatures use SHA1 digest ... which has not been trusted for a decade.
This is also why Intuit should provide the filehash of their installer.
Intuit, guys, you are expecting us to trust you. Do better!
That doesn't help, Mike.
Just because you don't know about the existence of a threat doesn't mean it's safe to dismiss it.
The process described here is correct: push a new .EXE file to virustotal.com before installing it. the goal is to check what other scanners and AV engines say about it (have they seen it before? is it related to malicious activities?).
TurboTax has a product that gathers and stores extremely sensitive information. With that said, I don't know what's worse here: TurboTax not knowing that their product is flagged as malicious by the most well-known scanner or their "champs" not knowing how to respond to a threat report.
@intuit: we need a better answer to this.
Still have questions?
Questions are answered within a few hours on average.
Post a Question*Must create login to post
Ask questions and learn more about your taxes and finances.
domerdoc
Level 3
michelledd90
New Member
Nickalh
Level 1
pop-mas-1242
New Member
xoxo232
Level 3