Fake Adobe Flash Player Install – Don’t Be Fooled

By Cenay Nailor | FAQ

Oct 15

This ugly critter has raised it’s head once or twice in the past (June 2007, Sept 2008), but seems to be back and even more realistic than ever.

You are surfing along and when you land on a site that contains any type of flash movie (and some that don’t!), you get a popup box that says your Adobe Flash version is out of date and needs to be updated.

Since it appears real enough, and because most computer users know they have Adobe installed, many will click on it. Don’t. It is Malware.

Malware often use many techniques to manifest itself onto their host, including these fake warnings to update something on your computer. This piece of malware masquerades itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A, and TrojanClicker.VB.395 as detected by TrojanHunter ).

To Repair Your Machine

Take these steps to clear your machine, and remember, a daily complete virus scan by reliable scanning software can save you a lot of grief.

First, since this is a FireFox Addon, open FireFox –> Tools –> Addons

Download dialog box to remove fake adobe flash player

You are looking for an addon that looks something like the one above. Remember it has undergone revisions over the years, so it might not appear exactly as shown. Uninstall this nasty little guy.

Next, the extension works in conjunction with a trojan executable. In the recent past it was smc.exe, though there are probably others by now. And if you are running SyGate as your firewall, smc.exe is a legitimate file! You will need an up to date virus and Trojan scan to remove the rest of the malicious software from your machine. TojanHunter is not a bad tool to add to your arsenal. You can download a free 30 day trial at that link.

Authors Note: Recently a few students have called to report my sites were infected. After 3 days of extreme review and re-installations of all the major files, I discovered it wasn’t me or my sites that were infected, it was the end users that were visiting. Please, take the steps above right now to clear your machine of any threat and let your surfing buddies know as well.

To Determine Your Real Version Of Flash

When in doubt, you should always visit the Adobe site for your downloads. In fact, this is true for ANY legitimate software or extension you have installed. Just like the fake email’s from PayPal or your bank, don’t trust the direct link. Type it into the address bar or closely review the link you are about to click. It should not have any extra characters in the link (for example www.AdobeX.com).

To determine the exact version of the flash player you have installed on your computer, you can visit Adobe’s Version checker at http://www.adobe.com/software/flash/about/

Follow

About the Author

Cenay is a self-proclaimed geek with mad technical skills she loves sharing with Videos, Coaching and Articles. Need help? Click the Book 30 Minutes to find out if this is a good fit.

Leave a Comment:

(27) comments

[…] news by Online Marketing Tips and Tricks» Online Marketing Tips | CenayNailor.com « Whats One Way I Can Promote And Get More Hits On My Online Gaming Store? Other […]

Reply

[…] Original post: Fake Adobe Flash Player Install – Don’t Be Fooled […]

Reply

[…] beverages through a straw while wearing this mask makes me excited it’s almost Halloween. Fake Adobe Flash Player Install – Don’t Be Fooled – cenaynailor.com 10/15/2009 This ugly critter has raised it’s head once or twice in the […]

Reply

[…] Adobe Flash Player Install – Don’t Be Fooled | http://www.cenaynailor.com?p=649 (Please RT)@deanhunt DM’s from people you’ve ever followed saying that they’ve […]

Reply

[…] This post was mentioned on Twitter by CharlesGraham and Cenay Nailor, Cenay Nailor. Cenay Nailor said: Fake Adobe Install virus is running rampant on the web. Here's how to clear it if you have it, and tips on how to avoid it http://ow.ly/uEBY […]

Reply

[…] Fake Adobe Flash Player Install – Don't Be Fooled : Online … […]

Reply

Many thanks Cenay, I am always learning as I go along, sorry for your hard your work, but thanks for this advice.

Bethune

Reply

Well, it appears there is more to it then just this. Despite all my hard work, was infected again (or perhaps never fully “cleaned”). Look for a new post soon that rants about the additional steps I had to take on more than 100 sites or blogs.

Today, my life bites, thanks to hackers. POS

Reply
Frank

I have this virus. I tried the above fix and trojan hunter to no aval. I’ve been an adobe user case for three weeks and they can’t help me. Any additional info or assistance.

Reply
lilkunta

Hello Cenay. I have the fake adobe virus.
Iim using a toshiba qosmio.
My OS is Windows 7. The virus is flashing on my desktop as a yellow/blue shield, so I dont think it has d/l yet. What do I do to remove it? Thank You.
Also any idea what website is spreading this infection? I do visit alot of cooking websites, netflix, & nickjr.com for my daughter.

Reply
lilkunta

hello again cenay,
Here are the processes running. I dont feel like qriting out all their descriptions so I’m indicating the ones without descriptions as those are probably the suspectt ones right?

The one with no description have an arrow to the right of them.

cAudioFilterAgent64.exe
ccSvcHst.exe *32
consent.exe <-
consent.exe <-
crss.exe <-
dwm.exe
explorer.exe
FlashUtil 10XActiveX.exe *32
HCMSoundChanger.exe *32
HDMICtrlMan.exe
iexplore.exe *32
ItSecMng.exe
iTunesHelper.exe *32
nvvsvc.exe
SmoothView.exe <-
SynTpEnh.exe
SynTPHelper.exe
taskhost.exe
taskmgr.exe
TCrdKBB.exe
TCrdMain.exe
Teco.exe
ThpSrv.exe
ToshibaServiceStation.exe
TosNcCore.exe
TosreelTimeMonitor.exe
TosSeNotify.exe
TPCHWMsg.exe
TPwrMain.exe
TWebCamera.exe *32
winlogon.exe <-
wuauclt.exe
wuaudlt.exe

Reply

@lilkunta, sorry to hear you are infected. This is a nasty little bugger, that’s for sure.

First, did you remove the Addon as shown above? In fact, did you do all the steps shown above and it didn’t work? What exactly is the problem?

Also, as mentioned in the article, it undergoes revisions. For me it was the smc.exe but that has likely changed. It’s important to get the latest virus protection you can, and run a FULL scan. Then I would schedule scan’s to run once a week at least (mine starts Sunday morning because it takes almost 24 hours to run).

Make sure your Windows Defeneder version is current and that your virus protection is always up to date. I use Avast as my virus protection and it does a wonderful job.

Reply
Tierney

My anti-virus software detected the virus and deleted it immediately, and I couldn’t find the add-on on my firefox. I uninstalled the real adobe software with a view to reinstalling it once this has been cleared but it still won’t go away.

Reply
Bren Halbert

Installed malwarebytes and was finally able to rid myself of this nasty little thing. It is 24.95 but I think it is worth it along with Avast.

Reply
Richard

You don’t have to click on anything, anymore. I just got (yet another) of these alerts. Before I could do anything, it began downloading. This is the second website that has done this. But, this one went further and actually attempted to install (I’ve not remained on a page long enough for that to happen previously). Fortunately, I have Windows 7 set up to require a password before any software installation.

Reply

Such a nice and informative blog About Adobe flash player.
Thank you for sharing such useful things with us

Reply
Add Your Reply

Leave a Comment:

..also