cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

We've been hacked, PDF's have a new modified date and asking to save after opened when no changes have been made

robi77429550
Community Beginner ,
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

Hi, I'm looking to figure out if the subject is a persistent problem that we should worry about.  New PDF's created do not ask us to after opening.  Only PDFs that were in the file storage that were attacked ask us to save when we close without making changes.  Also, on newly created PDFs when you run a report it shows two plug ins.  When you run a report on the hacked PDFs it shows no plug ins.

Thanks in advance for your help!

Rob

TOPICS
General troubleshooting

Views

1.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Dov Isaacs
Jun 26, 2018 Jun 26, 2018

Second things first. Simply modifying a PDF file's modification date by itself would not cause Acrobat to attempt to repair a PDF file. Whatever hacking tool modified the file's modification date must have also modified some internal aspect of the PDF file. If such files were previously known to open without any issues (i.e., attempting repair and then prompting to save when closing), then regrettably, you much assume that the hacking tool may have compromised your PDF file in some manner that m

...

Votes

Translate

Translate
replies 6 Replies 6
latest latest Jump to latest reply
Dov Isaacs
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

Acrobat prompts for saving if it detects a problem in a PDF file that it has opened and has silently corrected what was minimally necessary to display the content. The fact that files that previously didn't exhibit this issue now do is indicative that some process modified the internal structure or contents of the PDF file in some manner.

You mention that you “run a report” that “shows two plug-ins.” Exactly what “report” are you referring to? That would help us respond to that aspect of your question.

And when you indicate that you've “been hacked” exactly what do you mean? Unauthorized access to your system? Changes to files? Exactly what? Depending on what this “hacking” consisted of, it might be prudent to restore your files (or maybe your entire disk partition) from a previous system backup.

          - Dov

- Dov Isaacs, former Adobe Principal Scientist (April 30, 1990 - May 30, 2021)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
robi77429550
Community Beginner ,
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

In Response To Dov Isaacs

Thanks Dov.

The report I'm running is under "help" then "Generate System Report".

When I say we've been hacked, exactly what happened was that an unknown person gained access to our file server.  He or she converted many of our files to BIP files, but left accessible copies on the server for pretty much everything.  For the accessible PDFs only, the modified date is changed to the date of the hack, other files such as .csv or .pub or .indd have the original modified date.

Thank You!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dov Isaacs
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

In Response To robi77429550

Second things first. Simply modifying a PDF file's modification date by itself would not cause Acrobat to attempt to repair a PDF file. Whatever hacking tool modified the file's modification date must have also modified some internal aspect of the PDF file. If such files were previously known to open without any issues (i.e., attempting repair and then prompting to save when closing), then regrettably, you much assume that the hacking tool may have compromised your PDF file in some manner that might not be immediately obvious. Did you try running any virus scan against the compromised file server volume? In any case, I would do whatever I could to restore the server's volume from a backup. What you/we don't know about whatever changes were made to your files could really come back to haunt you later. There could be time bombs in there.

In terms of the report generated by Generate System Report, that is effectively a system configuration report, nothing more and nothing less. Depending upon when it is run, the list of plug-ins could range from a few to many. Acrobat doesn't load all its plug-ins at start-up; some are only loaded on demand. It is somewhat suspicious that no plug-ins show when the hacked PDFs are opened. That having been said, what shows in the dialog box isn't the entire report. Have the report sent to your own e-mail address and examine the results. If you want, we can take a look at it if you post the file somewhere.

          - Dov

- Dov Isaacs, former Adobe Principal Scientist (April 30, 1990 - May 30, 2021)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
robi77429550
Community Beginner ,
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

In Response To Dov Isaacs

Thanks a lot Dov.  Points taken.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

In Response To robi77429550

I would get back one of these files from an old backup and compare the length. If the lengths are different you know it has changed. If the lengths are the same, get an MD5 hash for each and compare that.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dov Isaacs
Jun 26, 2018 Jun 26, 2018

Copy link to clipboard

Copied

LATEST
In Response To Test Screen Name

It might be faster to simply restore the files! 

- Dov Isaacs, former Adobe Principal Scientist (April 30, 1990 - May 30, 2021)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Adobe Inc
Whats new in Acrobat DC
Adobe Inc
Plan and Pricing
Adobe Inc
Adobe Acrobat features and tools
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Edit Scanned PDFs
PDF Forms
Sign a PDF
FAQs
How to Edit Scanned or Secured document
Rotate | move | delete and renumber PDF pages
Acrobat download and installation help
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices