rib-rider 0 Posted January 1, 2012 Report Share Posted January 1, 2012 Hi, Happy New Year. I'm running OA 5.1.1.1395 on WinXP SP3 and attempted to install Adobe Acrobat Reader 9 today as part of an install. I had numerous red popups advising termination of the program, to block the program etc. The installer appears to be signed by Adobe but OA identifies it as dangerous, is this a blip because the program is trying to install items in the user temp folder? If so can it be corrected? Rib-rider Quote Link to post Share on other sites
catprincess 19 Posted January 1, 2012 Report Share Posted January 1, 2012 Hi Rib-rider, Do you have screenshots of these popups? You might see this thread http://support.emsisoft.com/topic/6857-probable-false-positive-adobe-premeire-elements/ which sounds similar to what you are seeing (if so, it explains part of the reason for the popups). Quote Link to post Share on other sites
rib-rider 0 Posted January 1, 2012 Author Report Share Posted January 1, 2012 Hi Cat Princess, Unfortunately I didn't take screenshots, although I guess I could go through the install again. I was unable to view the screenshots of the popups in the link since I don't appear to have permission to view them and couldn't see an obvious way around that (ideas welcomed). However, assuming that the popups are similar is there a way to check the validity of the data that triggered the OA popup? The McAfee approach (I use Avira) seems to be download the installer, install the program and then check for rootkits which strikes me as the software equivalent of poking a croc with a stick just to check it's alive. rib-rider Quote Link to post Share on other sites
catprincess 19 Posted January 1, 2012 Report Share Posted January 1, 2012 I can't view the screenshots in the other thread either (I am going just on the description and circumstances as outlined by the OP and ctrlaltdelete and andrewf. I think attachments in that section are only accessible to Emsisoft. I doubt there's anything wrong with the installer assuming you got it from a reputable source. Quote Link to post Share on other sites
rib-rider 0 Posted January 1, 2012 Author Report Share Posted January 1, 2012 The source is Adobe and the email trail from McAfee identifies that the incorrect dlls can be loaded during installation specifcally mentioning Adobe as well as the fact that their certificates have been compromised in the recent past. So OA throwing up an alert suggests either; 1) the Adober installer download is compromised in some way and OA is detecting that on execution or 2) that the certificate used by Adobe is black-listed by OA as a precaution to prevent bad downloads Either way I have no ready way of identifying what OA has discovered to trigger the popup since the message contained within the popup is not particularly helpful in determining the risk being run. That doesn't leave me with a particularly warm feeling. rib-rider Quote Link to post Share on other sites
blues 1 Posted January 2, 2012 Report Share Posted January 2, 2012 I had a similar virus/malware warning from OA today when attempting to install an update to Adobe's Shockwave plugin. Tried it twice with same warning popping up from OA advising that the installation should be aborted / blocked (which I did since I didn't think it worth risking). Quote Link to post Share on other sites
catprincess 19 Posted January 2, 2012 Report Share Posted January 2, 2012 The source is Adobe and the email trail from McAfee identifies that the incorrect dlls can be loaded during installation specifcally mentioning Adobe as well as the fact that their certificates have been compromised in the recent past. So OA throwing up an alert suggests either; 1) the Adober installer download is compromised in some way and OA is detecting that on execution or 2) that the certificate used by Adobe is black-listed by OA as a precaution to prevent bad downloads Given what you've said about intentionally installing Adobe Reader, I'd say 2) is correct in this case. Either way I have no ready way of identifying what OA has discovered to trigger the popup since the message contained within the popup is not particularly helpful in determining the risk being run. That doesn't leave me with a particularly warm feeling. While the article explains how the legitimate flash player exe is forced to load the "bad" dll it doesn't explain how this bad dll would get on your system in the same directory as the legitimate flash player in the first place. There is a thread here on Wilders http://www.wildersse...ad.php?t=313426 where people have speculated on possible ways it could happen (social engineering, drive-by download etc). Basically, if you are downloading Adobe products from the official Adobe website, or installing them from a cd you have purchased, you shouldn't worry and just let the installation continue. For what it's worth, reading this post http://support.emsis...dpost__p__40818, I'm not certain that OA is supposed to display red popups in this situation. It may be a bug. Quote Link to post Share on other sites
rib-rider 0 Posted January 3, 2012 Author Report Share Posted January 3, 2012 Thanks catprincess, I'll try again. It seems others are experiencing similar issues with OA red popups flagging that downloads from Adobe are suspect. If it's of value to the emisoft team I can take screen shots next time I attempt to install the application. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.