Re: NVDA Remote Infected?


Timothy
 

Update: Was able to reproduce the scan result you mentioned, but only by scanning the add-on file itself. When extracting the add-on to a test folder however, scanning said yielded no threats found. I did manually submit the add-on to Microsoft, indicating that I believed it to not be a threat. Will keep the list apprised of any updates as I did sign in with my account for updates.

Timothy

----- Original Message -----
From: "Timothy via Groups.Io" <tmthywynn8=aol.com@groups.io>
To: <nvda-addons@nvda-addons.groups.io>
Sent: Saturday, January 18, 2020 2:59 AM
Subject: Re: [nvda-addons] NVDA Remote Infected?


I just scanned url_handler.exe from my currently installed copy with Windows Defender, and it says that there were no threats found: The MD5 for the file is:
F767C514837023F8D69FF238625232CE

I also downloaded the add-on and extracted the same executable from the link you gave, and the MD5 is the same. I'm not sure what to tell you here. Can you try again and see?

Timothy


----- Original Message -----
From: "Luke Davis" <luke@...>
To: <nvda-addons@nvda-addons.groups.io>
Sent: Saturday, January 18, 2020 2:43 AM
Subject: Re: [nvda-addons] NVDA Remote Infected?


Thanks, but that is not the case here. This was first noticed on a brand new
laptop, with a brand new browser installation; and later verified on machines of my own.
And nvdaremote:// is not at issue, because this was in downloading directly from
nvdaremote.org via https. Pre-installation.

In the client's case, I zipped up my own known-good add-on folder of the
previous working version, emailed it, and had her install it via USB stick. In
which event Windows Defender gave no errors.
Not the best way, to be sure, but we were in a substantial hurry.

Luke

On Sat, 18 Jan 2020, Timothy via Groups.Io wrote:

I had a similar error on a client's computer I was working on a few months ago (maybe six). It turned out that their web browser was infected with a virus, but somehow that effected the add-on with a false positive. I suspect it has to do with the nvdaremote:// URI scheme and how it works, but I've never bothered investigating further due to (1) a lack of knowledge, and (2) the issue going away once I removed the virus from the infected browser, Google Chrome on that case.

Timothy

Join nvda-addons@nvda-addons.groups.io to automatically receive all group messages.