Author Topic: Virus or Not [FIXED] (Read 5780 times)

YellowFox · « **on:** July 20, 2013, 09:18:28 PM »

Once again I seem to have stumbled upon another odd thing this time being Adobe Flash Auto Update. Today I decided to rename my computer because USER-PC was taken by a computer on the LAN after restarting I see a thing from Adobe saying flash needs to be updated and I thought nothing of it. Once I clicked OK I get sent to a site called get3.adobe(.com)/(forgot what was here) and clicked the download button. The file that was downloaded was odd in name (Install_flashplayer11x32au_mssd_aaa_aih.exe) So I did the first logical thing which was to check it with Virus Total and it came up with 40 saying it was clean and Comodo saying it was bad. Second I deleted the file due to the single catch (I don't take chances) and finally I checked the link with virus total and that said it was completely clean. So what should I do? I've ran scans that have found nothing (Then again what I have heard are people are speculating that this is a rootkit) Or should I go to Essexboy or Polonus? P.S I restarted the computer and the prompt didn't re-appear, as a side note I run Chrome but I used to run Firefox and had to have a flash player for that so this might have been the legit auto update.

Thanks again, Fox.

polonus · « **Reply #1 on:** July 20, 2013, 09:37:47 PM »

Seems indeed depending on where it comes/came from: http://r.virscan.org/9f3a4ce04255f730850c79df7ddfa84d
This a bad download: http://www.mywot.com/en/scorecard/idatop.com?utm_source=addon&utm_content=popup-donuts
Here being given the all green: http://www.isthisfilesafe.com/sha1/F6905E093DF02E8A00B965662DBC60C49046424B_details.aspx
IDS alerts -> https://urlquery.net/report.php?id=3785636
And this http://urlquery.net/report.php?id=3869748
Could be some crap it was wrapped in, else a FP....
I would say it is OK, but if you like our good friend essexboy to give you a clean slate, I will PM the master remover...

pol

YellowFox · « **Reply #2 on:** July 20, 2013, 09:52:20 PM »

Did some searching around while waiting for a reply and found out that the get3.adobe is a sub site of Adobe (Lord knows why they couldn't just use the normal get.adobe) but it seems it was safe however currently the new version seems to have a few glitches so I think I'll stick with what I've got until I really need it. Thanks for asking though however I don't want to waste his time.

Fox.

Pondus · « **Reply #3 on:** July 20, 2013, 10:03:44 PM »

Quote

So I did the first logical thing which was to check it with Virus Total and it came up with 40 saying it was clean and Comodo saying it was bad.

posting the scan link here would have added som info....

polonus · « **Reply #4 on:** July 20, 2013, 10:24:28 PM »

With adobe you should always run the latest update with patches.
You have the avast software updater.
What is it's status?

polonus

YellowFox · « **Reply #5 on:** July 22, 2013, 06:31:12 PM »

It said critical but I've updated it now.

Fox

Author Topic: Virus or Not [FIXED] (Read 5780 times)

YellowFox

Virus or Not [FIXED]

polonus

Re: Virus or Not

YellowFox

Re: Virus or Not

Pondus

Re: Virus or Not

polonus

Re: Virus or Not

YellowFox

Re: Virus or Not