Jump to content

Adobe file listed as dangerous - I'm still confused


skypilotpete
 Share

Recommended Posts

I've recently been finding that a variety of websites want me to install flashutil11e_activex.exe. This morning, in the course of startup, OA popped up saying that flashutil11e_activex.exe was trying to install itself, and asking me to decide what to do about it. I did a whole lot of googling, and everything seemed to indicate that it is a legitimate and safe Adobe product, so I allowed it. OA immediately popped up another red warning saying "Dangerous module is about to be loaded" - C:\Users\Me\AppData\Local\Temp\7D78.tmp. All the details listed clearly related to Adobe products, yet the OA warning was unequivocal "Online Armor has detected that this file is a virus or a dangerous program".

I then looked it up in the OA file database, where it was listed as safe, with no indication that it has ever been found in an unsafe form.

I have searched this forum, and read the explanation that some malware is forging Adobe signatures, hence just because it seems to be signed by Adobe, doesn't mean that it is necessarily safe.

However, I still don't understand why the OA warning for this file is so unequivocal - no "may be dangerous", but "this file is a virus or dangerous program - it is highly recommended that you block this action". Given that the OA file database lists it as safe, wouldn't a "check further before making a decision" be more warranted?

Also, I would have expected the OA file database to list the file locations where a legitimate file would be expected to reside, as this gives some guidance as to whether a file is legitimate or not. Is there some reason that OA does not do this?

Having found the suspect file in the OA database listed as safe, I then scanned it with Microsoft Security Essentials, Superantispyware Pro and Malwarebytes, all of which found no problems. Can I be confident that these steps are sufficient to decide that this, or any other flagged item, is safe to allow?

I run Windows 7 64 (home), OA Premium 5.5.0.1557

Link to comment
Share on other sites

Can you upload the file in question to VirusTotal and then post the link to the analysis for us?

The link is: https://www.virustotal.com/file/0f1e7e93af3afd25c3079bef7fcb387aa64b764760347314f50f174e25589680/analysis/1330473104/

I look forward to hearing what this means - it's gibberish to me - except that none of the scanners seem to indicate that it is a problem.

Link to comment
Share on other sites

Could you also upload the flashutil11e_activex.exe file to VirusTotal and post a link to the analysis?

Also, could you get us a screenshot of the notification you are seeing that says "this file is a virus or dangerous program - it is highly recommended that you block this action"? If you don't know how to take a screenshot, then here's a link to instructions.

Link to comment
Share on other sites

Could you also upload the flashutil11e_activex.exe file to VirusTotal and post a link to the analysis?

Also, could you get us a screenshot of the notification you are seeing that says "this file is a virus or dangerous program - it is highly recommended that you block this action"? If you don't know how to take a screenshot, then here's a link to instructions.

Here is the Virus Total link: https://www.virustot...sis/1330559522/

I unblocked flashutil11e_activex.exe in OA and ran it. The attached screenshot shows the warning. It appears that it generates a differently named .tmp file each time. This time it was DF48.tmp. Last time it was 7D78.tmp.

Link to comment
Share on other sites

OK, a quick chat with Fabian has revealed that this is an issue with Online Armor that our developers are already aware of. A quick check of our bug tracker shows that the issue is already fixed. I assume the fix will be included in the next program update to Online Armor, however I have not spoken to Andrey to confirm that. ;)

  • Upvote 1
Link to comment
Share on other sites

Just a quick follow up: I have just spoken to Andrey and he has confirmed the following information:

  • The fix will be tested in our next internal beta.
  • There is currently no ETA on a public release.
  • For now, simply mark the installer as Trusted and as an Installer in Online Armor to bypass the issue.
  • If proper rules are set up in Online Armor for the installer, then the temp file should be ignored.

Link to comment
Share on other sites

  • 1 month later...

I have a new laptop and last night a web site said I needed Flash, so started to download it and OA displayed the message as shown earlier in this thread. My OA appears to be up to date. Does this mean this is still a OA problem, or is this something different. This thread and problem seems to date from February???

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...