Downloads for new job; McAfee says it has a virus
September 22, 2020 7:42 PM   Subscribe

Of course I didn't d/l it and soon after McAfee deleted it.

HR contact knows nothing and suggests I get in touch with their Help Desk.
Help Desk asks me to push a button or two; then shortly afterward ask me to call back in an hour (Repeat 3-4X).
Tomorrow I will try the chat feature, which may be a bit easier to get into.

Is this a virus and if it is why are they sending it out? Any tips or tricks on getting into help desk besides calling at 7 a.m.? My orientation is scheduled Friday morning and they say I must have all the software d/l by then. I am not gonna download an .exe with a virus!
posted by Rumi'sLeftSock to Computers & Internet (16 answers total)
I don't know how to ask exactly, or how to help you know for sure, but is this job legit? Is it a company that really exists and hires real people for genuine jobs doing kinds of work that make sense? This sounds like an unusual way to start a job, but I know things are unusual right now. I just saw an acquaintance barely escape a complex scam, because they were desperate for work and some scammer offered them a fake job.
posted by fritley at 8:03 PM on September 22 [2 favorites]

Simply downloading an executable file won't cause you any grief, but you certainly don't want to be running it if you have reason to be suspicious of it, especially if that executable is in fact an installer for something whose purposes are unclear to you.

That said, McAfee is garbage. In your shoes I'd be pasting a copy of the download link into VirusTotal to see what a bunch of other scanners have to say about the executable it links to.

Make sure that VirusTotal shows the content type for the link you paste as "application/x-ms-dos-executable" near the top of the scan results page. This verifies that the link you've pasted is in fact a direct link to the executable, rather than one to some intermediate web page that merely contains or generates such a direct link. If in doubt, start a normal download for the file in question, pause it, then right-click the paused download in your browser's download manager and choose "Copy Download Link".

If VirusTotal confirms McAfee's opinion, I would be strongly questioning the legitimacy of your prospective employer.
posted by flabdablet at 8:06 PM on September 22 [2 favorites]

It's a real job (Alorica); has locations all over the world; and I met someone today who works there. I do appreciate your concern.

I will try your link.
posted by Rumi'sLeftSock at 8:21 PM on September 22

Most of your questions can really only be answered by the company.

It's not impossible for downloads to be compromised and contain viruses. The question is how the company is going to respond.

The preferred situation: you tell help desk that the download is being flagged as a virus. They look into it, discover there is a problem, and replace the compromised file. You download the new file without incident and they thank you for being cautious and bringing it to their attention.

Also very possible: help desk tells you to disable your anti-virus and download the file. In which case, you still have a decision to make. They might not be malicious, but merely incompetent.
posted by meowzilla at 8:57 PM on September 22

It's not impossible for downloads to be compromised and contain viruses.

Also not impossible for overzealous antivirus software to mischaracterize perfectly innocent software as malicious on no better basis than that the software in question is found to do certain things (like nailing up a persistent network connection to some server somewhere) that are also frequently done by malware.
At Alorica, we provide customer experience solutions that span the entire customer lifecycle. And it's our job to be insanely great at it.
Help Desk asks me to push a button or two; then shortly afterward ask me to call back in an hour (Repeat 3-4X).

The insanity of the greatness on display here is just overwhelming :-)

Best of luck with the new job. I'd be interested in a followup once this issue is resolved.
posted by flabdablet at 9:29 PM on September 22

A lot of corporate work-from-home software will get marked as malware because often, a part of its job is to spy on you to ensure that you're work and that stuff gets you automatically flagged as malware/stalkerware. Mostly because a lot of people don't really want their employer snooping on their personal machines, which can be not unreasonable. If you don't care about this, it's probably fine.

That having been said, my previous approach to this problem has been to somehow isolate it - usually inside a virtual machine. I don't know your level of tech savvy, though, and hence I don't know whether this is at all reasonable to suggest. There's this guide - - if you're interested in doing that.... but I do warn you that it can be, you know, a lot. But maybe it can give you peace of mind (virtualbox is free, so this should not cost any money).
posted by jaymzjulian at 2:33 AM on September 23 [2 favorites]

If you get no further with HR/Help Desk, you may want to just go into Orientation on Friday without the software installed. Be upfront with your orientation leader about this. If possible, reach out to your recruiter / HR person to tell them what’s going on.

Onboarding remotely is challenging for everyone; if the company is new at this (on boarding people remotely) they may not realize all the complexities. If the company is NOT new at this (this is a common procedure for them), they ought to have come across this issue before.

If you think you’re likely to be fired for “not following instructions” on this one ... idk, reconsider if you really want to work at a place that is going to fire you over a weird computer setup complexity. I don’t mean to be dismissive, but this is something they really should be HELPING you with, not firing you over.

Best of luck.
posted by kellygrape at 4:31 AM on September 23 [1 favorite]

A lot of corporate work-from-home software will get marked as malware because often, a part of its job is to spy on you to ensure that you're work and that stuff gets you automatically flagged as malware/stalkerware.

This. You don't say, exactly, what function this software fulfills. Keyloggers are a common tool employers require their remote employees install. If this is what it is, HR is obviously trying to hide it from you (and, assumedly, other hires.)
posted by Thorzdad at 6:47 AM on September 23 [1 favorite]

I should have thought of spyware to make sure I am working! I didn't say what it does because I don't know what it does. And, medium competency with computers. So the virtual machine is a possibility. HR says I "must" have it downloaded. And I can't place it in Virus Total; McAfee keeps blocking the download. My view is, if help desk can't provide the support necessary for me to solve this--maybe I don't need to be there and this job may not be worth all that.

Great feedback, thank you all.
posted by Rumi'sLeftSock at 8:16 AM on September 23

Regardless of whether you get the job, I would find a replacement for McAfee.
posted by Splunge at 9:15 AM on September 23

This business that is hiring you should send you a properly configured computer with the software needed to do your job, and someone from their IT department should call you up when you receive it to help you get it configured on your internet.

Are you getting paid for the time you are spending figuring this out for them? You should be.

(I was an IT manager for 20+ years)
posted by fritley at 10:22 AM on September 23 [8 favorites]

I can't place it in Virus Total; McAfee keeps blocking the download.

That's why I suggested that you supply VirusTotal with the download URL, rather than uploading the file itself. If you go to VirusTotal's URL page and paste in the same link your computer uses to download the file (preferably copied from your browser's download manager using Copy Link Location or similar) then VT will collect the file server-side and your McAfee will never be given the chance to object to it.

Also, what Splunge and fritley said.
posted by flabdablet at 10:54 AM on September 23

1. The IT man I chatted with told me to talk to my supervisor; the supervisor's return e-mail to me said everything now looked fine from his end. Hm. Magic (or computer sorcery).

2. Flabdabit I am truly sorry, but I didn't understand your instructions fully before. Or the download wasn't copyable, maybe. It was late. But I am glad to know about this site, thank you.

3. McAfee sucks (it was thrown in for free with my ISP.) I could get 5 million recommendations (and feel free), but I think (for now) I will go with this free Malware bytes that at least two folks suggested.

4. Yes, pay for my time would be nice, since both of my jobs have been gone since c/v.

5. It makes me wonder how actual working conditions will be, since everything on this side is baffling and confusing; but I guess I'll give it a shot (better than $0.0 per hour).
posted by Rumi'sLeftSock at 11:29 AM on September 23

If it isn't in-house software, what's the name of the software being flagged?
posted by a non mouse, a cow herd at 12:35 PM on September 23

a non mouse, a cow heard: rvp60plgiew.exe from
posted by Rumi'sLeftSock at 3:58 PM on September 23

rvp60plgiew.exe from

Doesn't seem to be on Google's radar. Is this something that needs some kind of Alorica new-employee credentials to get to? If not, could you provide the actual URL of the page you're supposed to download it from? I can't even get to serve me a web page.

the supervisor's return e-mail to me said everything now looked fine from his end.

Given that you've presumably not installed this thing, that's kind of weird. I wonder what, exactly, "his end" is actually looking at.

I could get 5 million recommendations (and feel free)

MalwareBytes is a good tool, but to my way of thinking it's mostly redundant in a Windows 10 installation. MS merged Microsoft Security Essentials into Windows Defender in Windows 8, and the version that's in Windows 10 is now quite competent.

Always-on anti-malware tools always involve a compromise between malware detection ability and direct increases to the system's attack surface purely by virtue of their own operation. The Windows 10 version of Defender, in my fairly well informed opinion, sits about as close to the sweet spot of that compromise as any.

MalwareBytes is a bit more stringent about detecting stuff it classifies as "potentially unwanted programs" - the kind of useless cruft like "system optimizers" and "registry cleaners" and assorted kinds of advertising-linked browser toolbars that commonly get foisted on users by stealth-bundling into installers for software that's actually useful.

Personally I prefer to deactivate the Premium features that come temporarily turned on by default and just leave Defender in charge of always-on scanning. It's worth having MB installed, though, just to run the occasional manual MB scan over your machine to find out whether any of that stuff has sneaked in.

The best adjunct to Windows Defender, in my opinion, is a good content filter like uBlock Origin installed inside your web browsers. Compromised and/or straight-up malicious advertising servers have been the vector for more malware than anything else for about a decade now.

And of course you'll be making regular backups of everything you care about, onto at least two separate devices that spend most of their time disconnected from your PC. Good offline backups give you far more reliable protection against e.g. ransomware attacks than any anti-malware suite ever could.
posted by flabdablet at 5:48 AM on September 24

« Older Music from Blueprints? Dancing about architecture?   |   Greatest Albums of All Time, Metafilter version Newer »

You are not logged in, either login or create an account to post comments