Windows 11 - Trojan horse installed today 8/18 with latest update #43.14?

Nlmbrd
Nlmbrd Member ✭✭
I installed the latest update. after the install, I closed Quicken and then restarted. The quicken icon was no longer valid. I searched for qw.exe and could not find it. My virus protection immediately flagged a trojan horse and quarantined it. I called tech support and they had other users with the same issue. it has been escalated but no solution as of yet. Is my data compromised?

Comments

  • @Nimbrd - What virus protection software are you currently using?  There have been several posts from users in recent months who use Kaspersky, and it is disabling, and quarantining Quicken as a Trojan Horse after an update.
  • markus1957
    markus1957 SuperUser, Windows Beta Beta
    Unlikely it is really a trojan. Windows Defender does not object to the update patch nor did a scan of the folders find an issue. The patch has other issues and likely your virus software didn't like the way it was configured.
  • rex.basham
    rex.basham Member ✭✭
    edited August 18
    Same error for me. Using Kaspersky (and have been for over 20 years) and I would trust it before trusting a new (unwanted) update from Quicken. The Quicken support rep I spoke with was [Removed - Disruptive] so the first thing I did was figure out how to prevent automatic program updates from happening.
    Problem solved.
  • markus1957
    markus1957 SuperUser, Windows Beta Beta
    Same error for me. Using Kaspersky (and have been for over 20 years) and I would trust it before trusting a new (unwanted) update from Quicken. The Quicken support rep I spoke with was [Removed - Disruptive] so the first thing I did was figure out how to prevent automatic program updates from happening.
    Problem solved.
    I think you will find you will still get certain automatic updates. 
  • slm12131
    slm12131 Member
    Same error and problem today as well. Same error with Quicken version 43.14 update at launch. Running Windows 10 and Kaspersky (and have for many years.) Looks like I will have to download and reinstall a prior version and prevent automatic updates. Data files and backups appear good, but backing all up before reinstalling.
  • Greg_the_Geek
    Greg_the_Geek SuperUser, Windows Beta ✭✭✭✭✭
    Why don't you just pause your AV software?
    Quicken Subscription HBRP - Windows 10
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    Why don't you just pause your AV software?
    Because they believe their anti-virus software is telling them the truth, when in fact it isn't.
    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
  • rex.basham
    rex.basham Member ✭✭
    Pausing one's AV software every time one wishes to open Quicken is NOT a useable solution.
  • rex.basham
    rex.basham Member ✭✭
    An appropriate solution would be for the Quicken developers to allow the end user the option of installing the update PRIOR to doing a push update with an unwanted/unnecessary update release. But apparently that is beyond the current capabilities of adding useful features.
  • Greg_the_Geek
    Greg_the_Geek SuperUser, Windows Beta ✭✭✭✭✭
    You would only need to pause Quicken when there's an update. An appropriate solution would be for you to contact Kaspersky (a Russian company) and complain about a false positive. I use Norton and have never had a problem updating Quicken.
    Quicken Subscription HBRP - Windows 10
  • mskofmehl
    mskofmehl Member
    I'm having trouble reinstalling quicken. what do I do?
  • Here is a solution another Kaspersky user found that might work - 

    - Pause protection
    - Restore qw.exe from Kaspersky AV quarantine
    - Add C:\Program Files (x86)\qw.exe to Kaspersky AV exclusions
    - Resume protection.

  • Nlmbrd
    Nlmbrd Member ✭✭
    I am using Kaspersky and will try pausing it and restoring qw.exe but where do I find qw.exe
  • Nlmbrd
    Nlmbrd Member ✭✭
    I just reinstalled quicken from their website so far so good. Stay tuned.
  • markslang
    markslang Member ✭✭
    I have the same problem with Quicken's latest update and Kaspersky. There was mention earlier of turning off Quicken updates. However, I can find no way to do that. It does not use the Windows update installer, it runs its own program when I open Quicken. Quicken support helped me get back to an earlier version, but I am afraid it will just update again automatically the next time I open it. Kaspersky is apparently not detecting known malware; it is detecting actions that suggest Quicken is acting like malware. It must be keylogging or sending data out on the internet when it starts. If anyone knows how to prevent the updates, please share. Thanks.
  • Chris_QPW
    Chris_QPW Member ✭✭✭✭
    markslang said:
    I have the same problem with Quicken's latest update and Kaspersky. There was mention earlier of turning off Quicken updates. However, I can find no way to do that. It does not use the Windows update installer, it runs its own program when I open Quicken. Quicken support helped me get back to an earlier version, but I am afraid it will just update again automatically the next time I open it. Kaspersky is apparently not detecting known malware; it is detecting actions that suggest Quicken is acting like malware. It must be keylogging or sending data out on the internet when it starts. If anyone knows how to prevent the updates, please share. Thanks.
    Quicken does use a Windows Installer, but when it is run when Quicken starts it is run silently.
    There isn't any setting in Quicken that prevents Quicken from running the install at startup, what people are talking about is setting your Windows Users Account Control settings so that Windows will prompt you whenever any program tries to "modify your system".

    Click Windows Start button and type: Change User Account Control settings
    It should be set to one of the two settings I have indicated below:

    Signature:
    (I'm always using the latest Quicken Windows Premier subscription version)
    This is my website: http://www.quicknperlwiz.com/
This discussion has been closed.