Author Topic: Adobe Acrobat Pro 7.0 false positive (Read 4029 times)

ElderGeek · « **on:** September 12, 2011, 06:39:52 PM »

I opened a ticket on this already, but I'm covering all the bases :-)

We are running ADNM with the latest clients (still 4.8-based, sadly), and
since Friday (update 110909-1), Avast has been reporting a component of
Acrobat 7 Professional as a virus:

avast! [CITYCLERK]: File "C:\Program Files\Adobe\Acrobat 7.0\Distillr\ARE.dll" is infected by "Win32:Renosator [Cryp]" virus.

This disables Acrobat 7, which we have a *lot* of users on. Only workaround is to disable
avast on the workstation, since adding the path to the exclusion list doesn't keep on-access
protection from checking it and complaining.

I'm hoping for a relatively speedy fix, but does anyone know of a workaround other than
shutting the network client off?

Pondus · « **Reply #1 on:** September 12, 2011, 06:53:23 PM »

upload suspicious file(s) to www.virustotal.com and test with 44 malware scanners
when you have the result, copy the URL in the addressbar and post it here for us to see

alternative
Jotti`s http://virusscan.jotti.org/en
VirSCAN http://virscan.org/
Metascan http://www.metascan-online.com/

False Positives can be reported here, see dropp down menu
http://www.avast.com/en-no/contact-form.php?loadStyles&subject=SALES

ElderGeek · « **Reply #2 on:** September 12, 2011, 06:58:49 PM »

Here's the URL - only Avast thinks it's infected:

http://www.virustotal.com/file-scan/report.html?id=9ed0be850ae3b234f5ba0e287d84fb4e6caa565fce66a9279807a8c9de913c2d-1315664951

I have already reported it as a false positive via a support ticket, but I'll do it via the contact form as well. My purpose in posting here was to see if there's a way to exclude this file from the on-access protection scanner, since that's explicitly excluded from processes which the built-in exclude list pertains to.

Pondus · « **Reply #3 on:** September 12, 2011, 07:14:58 PM »

you may add a link to this topic in the contact form...

anyway they monitor the forum so it is possible that they already have seen it......and sometimes respond here

polonus · « **Reply #4 on:** September 12, 2011, 07:42:04 PM »

Adobe's file check: File : ARE.DLL
Path : %programfiles%\adobe\acrobat 7.0\designer 7.0
MD5 : c515083f7f815f464d1e65e4a441e539 - (258048 Bytes)

polonus

ElderGeek · « **Reply #5 on:** September 13, 2011, 12:17:53 AM »

All seems to be peace and quiet here now.. the latest
update ( 110912-1 ) seems to like Acrobat 7 once again.

Thanks, folks....

polonus · « **Reply #6 on:** September 13, 2011, 12:42:34 AM »

Hi ElderGeek,

You are welcome.
Stay safe and secure online is the wish of,

polonus

P.S. to check all is well again: http://www.virustotal.com/file-scan/report.html?id=9ed0be850ae3b234f5ba0e287d84fb4e6caa565fce66a9279807a8c9de913c2d-1315859174

Maxx_original · « **Reply #7 on:** September 13, 2011, 10:49:10 AM »

this FP was fixed yesterday and current VPS shouldn't detect it anymore.. why a company like adobe don't sign all binaries with a proper certificate (authenticode) is a question.. valid signature would completely hush this particluar FP

Author Topic: Adobe Acrobat Pro 7.0 false positive (Read 4029 times)

ElderGeek

Adobe Acrobat Pro 7.0 false positive

Pondus

Re: Adobe Acrobat Pro 7.0 false positive

ElderGeek

Re: Adobe Acrobat Pro 7.0 false positive

Pondus

Re: Adobe Acrobat Pro 7.0 false positive

polonus

Re: Adobe Acrobat Pro 7.0 false positive

ElderGeek

Re: Adobe Acrobat Pro 7.0 false positive

polonus

Re: Adobe Acrobat Pro 7.0 false positive

Maxx_original

Re: Adobe Acrobat Pro 7.0 false positive