Adobe Virus?

[1LtCAP 4,264]

here's one i don't get.

 

 just within the last 2 weeks, my home puter keeps giving me reminder to update adobe reader. it doesn't do the popup window, but rather places the icon on the taskbar. i generally close these. before now, it has ALWAYS stayed closed once i've done that, unless i had to reboot the machine.

 well.....now, it will put itself back up there, usually within a couple hours.the icon is different slightly. it's more black/red, rather than being red. my experience has been that if something keeps opening up, then it's not legit.   i've run malewarebytes, superantispyware, and spybot search and destroy. they only found a couple cookies.

 

 i forgot to write it down, but when i open up the initial window, i think it says version 10.1.15. doing a google search i'd found stuff about this being a virus, but version 10.1.14.

 

 anyone got any ideas?

[tattooo 220]

Not sure but i was getting that alot recently but kep closing it

[HBecwithFn7 296]

http://malwaretips.com/blogs/remove-fake-flash-player-update/

 

http://www.bleepingcomputer.com/forums/t/491918/infected-by-adobe-flash-player-update-virus-desktop-icons-disabled/

 

 

You best do a complete system scan.

 

I like to use a combination of the following if someone has a problem:

 

1) download Rkill Latest version

 

2)  Download the latest ESET Antivirus

 

3)  Download the latest MALWAREBYTES

 

4) DISCONNECT FROM INET

 

5)  RUN RKILL; look at logs see if it termianted any nasty process

 

6) Do it again....make sure everything stays killed....some trojans spyware etc...will STOP some if not all anti packages from working

 

7)  Run ESET COMPLETE SCAN.

 

8) RUN malware bytes complete

Buy GOOD software for malware etc.........

 

 

Works for me  YMMV

 

I second the use of Malwarebytes. Just keep running it until it runs out of things it detects. But I would also recommend a good Rootkit detector as well. I use GMER. 

 

But ABSOLUTELY, disconnect a suspected PC from your network and the Internet FIRST!  Clean it while it's off the network. Use burnable CR-ROMS to transfer anti-virus software if you need them. 

[tattooo 220]

Good info

[1LtCAP 4,264]

THANKS man. i'd run the free version of currently updated malewarebytes. didn't know about rkill though.

[1LtCAP 4,264]

'nother dumb question though? what is a rootkit? is that what's making this fake adobe thing keep comintg up?

[HBecwithFn7 296]

The absolute best protection against malware, viri, rootkits, etc., is a solid set of "BACKUPS!"  There will be some malware etc. for which there is no cure. The only thing one can do is rebuild the box.  It's much easier if you're able to restore the system from a clean "system image" backup.  A "system image" backup copies the entire hard drive image, sector for sector (most can compress the free space to reduce back up file size), but it can restore to the exact sectors where it backed up originally. This is important because Windows has certain USN (Universal Serial Number) and other files that it expects to find on specific sectors on the hard drive. If it doesn't find them on the correct sectors of the hard drive, it won't boot.

 

The backup utility in Windows 7 and above does "system image" backups.  Get an external USB drive, back up to that, and then you can port that with you or place it in a secure location. 

 

Now, if the malware also infected the BIOS ROM, there may be more to do (re-flashing the BIOS), and that's something that should also be backed up. But for most infections that can't be cleaned, a restore with a current system image backup works wonders.

 

I usually back up once a week and keep three rotating sets of backups on file. I also don't keep "data" or data files on Drive C:\, even though WIndows encourages that with the C:\Users directory. I keep it separate.

[HBecwithFn7 296]

rootkit all you need to know....

 

""  A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) while at the same time masking its existence or the existence of other software. ""

 

http://www.techrepublic.com/blog/10-things/10-plus-things-you-should-know-about-rootkits/

 

Just enough to say it is bad. 

 

Basically what classic rootkits try to do is make the OS think it's the "Super User" or "System Administrator" with those level of privileges.  On Unix systems, that super user is called "root." Hence, the name "rootkit."  It can then perform actions at that level. It also attempts to hide itself from detection of the system and standard anti-malware software. Which is why one needs specialized rootkit detectors.

[1LtCAP 4,264]

got gmer running right now. already used the uninstall to remove recently added adobe stuff. how do i know what to get rid of in gmer though? there's a lot of shit comin' up. some in red.

 

 thanks guys!

[HBecwithFn7 296]

got gmer running right now. already used the uninstall to remove recently added adobe stuff. how do i know what to get rid of in gmer though? there's a lot of shit comin' up. some in red.

 

 thanks guys!

 

It will spit a lot of stuff at you. And not all the stuff in red is bad. None of the stuff in black is bad. It's just "informational."  You just have to look at the end report. PM it to me and I'll have a look when it's done.

[1LtCAP 4,264]

It will spit a lot of stuff at you. And not all the stuff in red is bad. None of the stuff in black is bad. It's just "informational."  You just have to look at the end report. PM it to me and I'll have a look when it's done.

thanks man, i will. it's still running. got adobe in common files in red, and a hidden process in red so far........