• Login

The Geek Speaks...

...another Geeky article by Cenay Nailor

Fake Adobe Flash Player Install – Don’t Be Fooled

This ugly critter has raised it’s head once or twice in the past (June 2007, Sept 2008), but seems to be back and even more realistic than ever.

You are surfing along and when you land on a site that contains any type of flash movie (and some that don’t!), you get a popup box that says your Adobe Flash version is out of date and needs to be updated.

Since it appears real enough, and because most computer users know they have Adobe installed, many will click on it. Don’t. It is Malware.

Malware often use many techniques to manifest itself onto their host, including these fake warnings to update something on your computer. This piece of malware masquerades itself as a flash player plugin for the Firefox browser (detected by Sophos as Troj/FFSpy-A, and TrojanClicker.VB.395 as detected by TrojanHunter ).

To Repair Your Machine

Take these steps to clear your machine, and remember, a daily complete virus scan by reliable scanning software can save you a lot of grief.

First, since this is a FireFox Addon, open FireFox –> Tools –> Addons

Download dialog box to remove fake adobe flash player

You are looking for an addon that looks something like the one above. Remember it has undergone revisions over the years, so it might not appear exactly as shown. Uninstall this nasty little guy.

Next, the extension works in conjunction with a trojan executable. In the recent past it was smc.exe, though there are probably others by now. And if you are running SyGate as your firewall, smc.exe is a legitimate file! You will need an up to date virus and Trojan scan to remove the rest of the malicious software from your machine. TojanHunter is not a bad tool to add to your arsenal. You can download a free 30 day trial at that link.

Authors Note: Recently a few students have called to report my sites were infected. After 3 days of extreme review and re-installations of all the major files, I discovered it wasn’t me or my sites that were infected, it was the end users that were visiting. Please, take the steps above right now to clear your machine of any threat and let your surfing buddies know as well.

To Determine Your Real Version Of Flash

When in doubt, you should always visit the Adobe site for your downloads. In fact, this is true for ANY legitimate software or extension you have installed. Just like the fake email’s from PayPal or your bank, don’t trust the direct link. Type it into the address bar or closely review the link you are about to click. It should not have any extra characters in the link (for example www.AdobeX.com).

To determine the exact version of the flash player you have installed on your computer, you can visit Adobe’s Version checker at http://www.adobe.com/software/flash/about/

25 Responses

  1. Pingback : Cenay Nailor

  2. Pingback : » Fake Adobe Flash Player Install - Don’t Be Fooled » Free Software

  3. Pingback : Fake Adobe Flash Player Install - Don’t Be Fooled

  4. Pingback : Posts about Digg as of October 15, 2009 » The Daily Parr

  5. Pingback : Robert Nelson

  6. Pingback : Fresh From Twitter

  7. Pingback : CharlesGraham

  8. Pingback : Tweets that mention Fake Adobe Flash Player Install - Don't Be Fooled : Online Marketing Tips and Resources -- Topsy.com

  9. Pingback : Mike Stokes

  10. Pingback : You’ve Got a Great Idea for a Web Site, But How Can You Make it Succeed? | Bright Ideas

  11. Pingback : Nicholas Cardot

  12. Pingback : Ivan Leko

  13. Pingback : Matt Dunn

  14. Pingback : Daniel Arteaga

  15. Pingback : Randall G Leighton

  16. Well, it appears there is more to it then just this. Despite all my hard work, was infected again (or perhaps never fully “cleaned”). Look for a new post soon that rants about the additional steps I had to take on more than 100 sites or blogs.

    Today, my life bites, thanks to hackers. POS

  17. Pingback : Web Success

  18. Pingback : Pardon The Dust And Swearing : How Do You Do That? : Your Online How To Source « How Do You Do That?

  19. Frank

    I have this virus. I tried the above fix and trojan hunter to no aval. I’ve been an adobe user case for three weeks and they can’t help me. Any additional info or assistance.

  20. lilkunta

    Hello Cenay. I have the fake adobe virus.
    Iim using a toshiba qosmio.
    My OS is Windows 7. The virus is flashing on my desktop as a yellow/blue shield, so I dont think it has d/l yet. What do I do to remove it? Thank You.
    Also any idea what website is spreading this infection? I do visit alot of cooking websites, netflix, & nickjr.com for my daughter.

  21. lilkunta

    hello again cenay,
    Here are the processes running. I dont feel like qriting out all their descriptions so I’m indicating the ones without descriptions as those are probably the suspectt ones right?

    The one with no description have an arrow to the right of them.

    cAudioFilterAgent64.exe
    ccSvcHst.exe *32
    consent.exe <-
    consent.exe <-
    crss.exe <-
    dwm.exe
    explorer.exe
    FlashUtil 10XActiveX.exe *32
    HCMSoundChanger.exe *32
    HDMICtrlMan.exe
    iexplore.exe *32
    ItSecMng.exe
    iTunesHelper.exe *32
    nvvsvc.exe
    SmoothView.exe <-
    SynTpEnh.exe
    SynTPHelper.exe
    taskhost.exe
    taskmgr.exe
    TCrdKBB.exe
    TCrdMain.exe
    Teco.exe
    ThpSrv.exe
    ToshibaServiceStation.exe
    TosNcCore.exe
    TosreelTimeMonitor.exe
    TosSeNotify.exe
    TPCHWMsg.exe
    TPwrMain.exe
    TWebCamera.exe *32
    winlogon.exe <-
    wuauclt.exe
    wuaudlt.exe

  22. @lilkunta, sorry to hear you are infected. This is a nasty little bugger, that’s for sure.

    First, did you remove the Addon as shown above? In fact, did you do all the steps shown above and it didn’t work? What exactly is the problem?

    Also, as mentioned in the article, it undergoes revisions. For me it was the smc.exe but that has likely changed. It’s important to get the latest virus protection you can, and run a FULL scan. Then I would schedule scan’s to run once a week at least (mine starts Sunday morning because it takes almost 24 hours to run).

    Make sure your Windows Defeneder version is current and that your virus protection is always up to date. I use Avast as my virus protection and it does a wonderful job.

  23. Tierney

    My anti-virus software detected the virus and deleted it immediately, and I couldn’t find the add-on on my firefox. I uninstalled the real adobe software with a view to reinstalling it once this has been cleared but it still won’t go away.

  24. Bren Halbert

    Installed malwarebytes and was finally able to rid myself of this nasty little thing. It is 24.95 but I think it is worth it along with Avast.

Leave a Reply

x
..also