Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Infamous flash player update

Sep 23, 2014 12:53AM PDT

I've seen this and got a pretty good idea how it gets onto users systems. It comes with some freebie s/w or demo and not paying attention can get on-board w/o the user knowing on slips unnoticed. The plain fact, its malware and while its a known problem it can become pest or annoyance.

I've tried repeatedly to remove it and in some cases been successful. Others not so, it just comes back. I'm sure its part of an installed pgm. but when you have pgms. that users want, its hard to reduce the problem. More to the point, it just hides itself. All links to remove do work, but it returns on others. The plain fact, you have to find the baddie pgm. that it came with or fully re-install the whole enchilada when nothing seems to locate it. Such an innocent looking update too, but NO!

I found besides a pop-up, it can hijack the smaller side resident info link windows as well. What a pest.

Anyone have a deeper removal process? Yeah, I tried all the links on the WWW, so please point to something new or you think is better, I'm still open to suggestions.

TIA -----Willy Happy

Discussion is locked

- Collapse -
Useful...
Sep 23, 2014 2:11AM PDT
- Collapse -
Is this from a fake update
Sep 23, 2014 2:23AM PDT

or the Real update direct from Adobe ?
I updated from Adobe's site and did see the offer for McAfee but un-check that and received a clean update.

Just curious...
Digger

- Collapse -
Not a real update...
Sep 24, 2014 2:26AM PDT

It's a false one that becomes a PITA as it warns you it needs a flash update, but none is really needed. Of course real updates are required but those are even posted differently to get. Understand it fools too many users once it gets installed.

tada -----Willy Happy

- Collapse -
Re: Infamous flash player update..
Sep 24, 2014 7:50AM PDT

Hi Willy,

I'm not sure if this is going to be of help, or only confirm what you already knew. Your post jogged my memory.

Last year I was reading a 2-page thread at the Computer Help forum ( How to uninstall Sweetpacks toolbar/bundle/viru ) where I noticed some members posted saying they became "infected" with Sweetpacks, as a result of a Flash Player update.

I posted about FAKE Flash Player updates. To serve as a warning, more than anything else. See ......
"FAKE Adobe Flash Player Updates | Sweetpacks | Removal, etc"

It may take some digging to find relevant information, if there's any to be had. For instance, I referenced an item titled "Malware you can "live with", but shouldn't". In this case, the fake update delivered the ZeroAccess rootkit.

The author writes:

"Since this is a rootkit, there are no toolbars/extensions/BHO's added to the browser. There are also no modified proxy settings or modified hosts files. What is interesting about this rootkit sample is that the redirects do not happen every time. The action will occur about once every three attempts." points out Webroot's Richard Melick. "The number of redirects caps out around 4-5 and then everything will seem normal until a restart of the browser.

"This erratic action can make it extremely difficult to troubleshoot. It can also prove to be very frustrating for a user to explain as it is not consistent and once the redirection occurs enough times, the issue stops for the rest of the browsing session. We have seen instances where consumers have just been 'living with it' for months," he adds
.

I'm not suggesting ZeroAccess is the cause. But only using it as an example of one of the endless possibilities.

Best of luck with your search..
Carol

- Collapse -
I want to think...
Sep 24, 2014 12:28PM PDT

I've tried many of the fixes, even manual removal. Overall, the removal has some success. One reason, I want to get it off, is now I'm seeing it on the library systems. They all pop-up and they have stronger protection, only being "freeze" it maintains the current setup and is suppose to not allow things to change for obvious reasons, yet it got on-board. The poor tech guy just can't keep up with it. Honestly, I don't see how it got that way, unless of some network link.

I tried the follwoing on many users with varying success:

1) adacleaner
2) rkill
3) malwarebtyes cleaner
4) hitman pro
5) direct removal instructions followed
6) avast
7) avira
Cool norton 360
9) webroot
10) windows defender/essentials
11) toolbar removal/PUPs
12) any s/w using REVO uninstall
13) McAfee rootkit remover
14) any instructions I found via WWW
15) remove restore points and then re-enable it

and any AV that the users had. the best so far has Hitman Pro, but pay for it? maybe now is a good time.

I scan downloads to verify they aren't false removal tools as well. The pgm. that started all this has to be there. So far, it keeps sprouting back more than once. So, either i didn't remove it fully or it hatches again. What a PITA.

tada -----Willy Happy

- Collapse -
Shades of ZeroAccess
Sep 24, 2014 10:30PM PDT

A few years back I ran into a ZeroAccess infection and after months of looking around for a free cure didn't find one. On top of that the cures I did find required a full Windows Retail DVD (which I did have.)

Some of these are getting nasty.
Bob