Jump to content

Adobe Reader identified as dangerous program


Recommended Posts

Hi,

Happy New Year.

I'm running OA 5.1.1.1395 on WinXP SP3 and attempted to install Adobe Acrobat Reader 9 today as part of an install. I had numerous red popups advising termination of the program, to block the program etc.

The installer appears to be signed by Adobe but OA identifies it as dangerous, is this a blip because the program is trying to install items in the user temp folder? If so can it be corrected?

Rib-rider

Link to post
Share on other sites

Hi Cat Princess,

Unfortunately I didn't take screenshots, although I guess I could go through the install again. I was unable to view the screenshots of the popups in the link since I don't appear to have permission to view them and couldn't see an obvious way around that (ideas welcomed).

However, assuming that the popups are similar is there a way to check the validity of the data that triggered the OA popup? The McAfee approach (I use Avira) seems to be download the installer, install the program and then check for rootkits which strikes me as the software equivalent of poking a croc with a stick just to check it's alive.

rib-rider

Link to post
Share on other sites

I can't view the screenshots in the other thread either (I am going just on the description and circumstances as outlined by the OP and ctrlaltdelete and andrewf. I think attachments in that section are only accessible to Emsisoft. I doubt there's anything wrong with the installer assuming you got it from a reputable source.

Link to post
Share on other sites

The source is Adobe and the email trail from McAfee identifies that the incorrect dlls can be loaded during installation specifcally mentioning Adobe as well as the fact that their certificates have been compromised in the recent past. So OA throwing up an alert suggests either;

1) the Adober installer download is compromised in some way and OA is detecting that on execution or

2) that the certificate used by Adobe is black-listed by OA as a precaution to prevent bad downloads

Either way I have no ready way of identifying what OA has discovered to trigger the popup since the message contained within the popup is not particularly helpful in determining the risk being run. That doesn't leave me with a particularly warm feeling.

rib-rider

Link to post
Share on other sites

I had a similar virus/malware warning from OA today when attempting to install an update to Adobe's Shockwave plugin.

Tried it twice with same warning popping up from OA advising that the installation should be aborted / blocked (which I did since I didn't think it worth risking).

Link to post
Share on other sites

The source is Adobe and the email trail from McAfee identifies that the incorrect dlls can be loaded during installation specifcally mentioning Adobe as well as the fact that their certificates have been compromised in the recent past. So OA throwing up an alert suggests either;

1) the Adober installer download is compromised in some way and OA is detecting that on execution or

2) that the certificate used by Adobe is black-listed by OA as a precaution to prevent bad downloads

Given what you've said about intentionally installing Adobe Reader, I'd say 2) is correct in this case.

Either way I have no ready way of identifying what OA has discovered to trigger the popup since the message contained within the popup is not particularly helpful in determining the risk being run. That doesn't leave me with a particularly warm feeling.

While the article explains how the legitimate flash player exe is forced to load the "bad" dll it doesn't explain how this bad dll would get on your system in the same directory as the legitimate flash player in the first place. There is a thread here on Wilders http://www.wildersse...ad.php?t=313426 where people have speculated on possible ways it could happen (social engineering, drive-by download etc). Basically, if you are downloading Adobe products from the official Adobe website, or installing them from a cd you have purchased, you shouldn't worry and just let the installation continue.

For what it's worth, reading this post http://support.emsis...dpost__p__40818, I'm not certain that OA is supposed to display red popups in this situation. It may be a bug.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...