Flashplayer Malware?

Report · May 26, 2016

I recently tried to install the new flashplayer update, but Windows Defender automatically blocked it. I don't have any other Antivirus other than Malwarebytes and Advanced System Care. The error I received was called

Win32/Hopadef

According to BrowserModifier:Win32/Hopadef it is a possible malware. The "download link" that opened when trying to update Adobe is https://thooblists-n-profits.com/3681276781228/a25e6b06ce67056841926be95a6a1e14.html . Anyone know if this is a legitimate update or if this is a new Malware that Adobe is not aware of? And if it is a legit update, hos do I allow for it to bypass through Windows Defender?

Report · May 26, 2016

That is most definitely not a legitimate link to download Flash Player from. It sounds like you downloaded the installer from a malicious site, or got a prompt, from a malicious site, to download the installer, or something else, but it's not legitimate. I recommend scanning your site for malware/viruses/etc.

Adobe takes these incidents very seriously and follows-up on them. I have forwarded your message to the fraud department for follow-up.

Official Flash Player installers are posted at https://get.adobe.com/flashplayer

Report · May 26, 2016

i already scanned my laptop and removed it but it seems to keep returning every so often. I used Malwarebytes and Windows Defender and scanned it but came up with nothing. The last time it was detected it was placed in quarantine and then I removed it.

Report · May 27, 2016

Questioner94: What did you scan it with? I have the same problem.

Report · May 27, 2016

Malwarebytes and Windows Defender.

Report · May 27, 2016

But you just said you canned it with them and came up with nothing. Then you also said you scanned it and removed it. That is very confusing. Were you able to scan it and detect it and remove it? If you removed it, what were you using to remove it?

Report · May 27, 2016

Questioner 94: But you just said you canned it with them and came up with nothing. Then you also said you scanned it and removed it. That is very confusing. Were you able to scan it and detect it and remove it? If you removed it, what were you using to remove it?

Report · May 27, 2016

I removed it with Defender then it came back and removed it with Bytes. It keeps coming back up every week or so.

Report · May 27, 2016

Questioner94: How long has this been going on? Do you have any idea what it does? What OS are you using?

Report · May 27, 2016

Win 10 HP Pavilion. Been starting ever since early May.

Report · May 27, 2016

Questioner94: Thanks. I will try Malawarebytes. If you learn anything more, please post it here.

Report · May 27, 2016

Questioner94: What was the malicious file called when you found it?

Report · May 27, 2016

Look back up for the name and it just randomly appeared one day as a fashplayer update.

Report · May 27, 2016

Questioner94: What did Malawarebytes say the virus was called when it detected it and reported it to you?

Report · May 27, 2016

Questioner94: The only thing Malawarebytes found were several files called Rootkit. Is that what you got?

Report · May 28, 2016

I forgot what I got from malwarebytes

Report · May 31, 2016

Quesioner94: Could it have been Rootkit?

Report · Jun 06, 2016

Like the others, I got it with Chrome and Firefox. It opens a new tab by itself. MS Security Essentials catches it and will clear it, but it comes back anyway, with different URL's. Visually it looks like an Adobe site. Adobe, is there a place where it can be sent to your security people for analysis? FYI i deleted the browsers and reinstalled, to no avail.

Report · Jun 06, 2016

iopine

Adobe takes these issues seriously and follows-up on them. I forwarded the URL from the first post to the fraud team to investigate. If you have other URLs private message them to me and I'll forward to the fraud team. I'd rather you private message me the URL instead of posting it here to reduce the advertising of these malicious sites.

--

Maria

Report · Jun 06, 2016

Any info from Adobe on what is causing this and how to eliminate would be appreciated.

Report · Jun 06, 2016

This isn't from Adobe. It's malicious users who are doing this. I have received the URL you sent me and forwarded it to the fraud department.

Report · Jun 06, 2016

I've also received this malware from three different comic sites (so far), 6 Gun Mage, Supernormal Step and Twokinds. I was immediately redirected to a page that looked like Adobe.com but tried to download a malware progam called BrowserModifier:Win32/Hopadef. Fortunately my Microsoft Securities Essentials caught it and blocked the install. I'm suspecting it's an ad that's redirecting me as I don't block ads on comic sites.

Report · Jun 06, 2016

Try Malwarebytes.

Report · Jun 06, 2016

I have Malwarebytes as well but Microsoft Securities Essentials has caught the malware each time.

Report · Jun 06, 2016

Remember, if you have suspicious URL's, send them in a private message to the Adobe staff member who requested them.

Adobe Community

Flashplayer Malware?

Win32/Hopadef