36 Replies Latest reply on Jul 16, 2018 8:09 AM by maria__

    VIRUS with new Adobe Flash installer

    robertm39235891

      While visiting Apple.com, I got a message to update Adobe Flash. I did the update, and then noticed intermittent reloading of Safari and then all my tabs on Safari were deleted. After I downloaded the update, there was a page from Advanced Mac Cleaner (which I have not installed) to clean my Mac, installed new icon in my Dock that I didn't recognize, and changed the settings on my Dock. Finally, there was a link button in the Safari favorites bar that I didn't recognize and didn't make sense.

       

      Looking at Safari's history, I found this link appearing just after I had visited Apple's webpage:

      http://prepareupdate.theperfectsys2upgrade.date./?pcl=y6VPxBs3Pn8vJaswO9uFDee03s6zyagrT_eG S0Ozc_g.&cid=18b198b64b4aa4308c0b070f3d100ac5rv&v_id=uzzEUshMiK4Fc4yzE_1hStkxLogccMPc1R0rn f3kfSk

       

      Unfortunately I deleted the icon in my Dock and don't remember what it was. I changed my user password on my mac, and also downloaded and used Malware Bytes, which recognized Advanced Mac Cleaner as spyware/adware and quarantined it.

       

      I contacted Apple Support about this and they are unaware of this problem but I did find this website:

      Remove Advanced Mac Cleaner virus from Mac OS X

       

      Apple Support told me to continue using Malware Bytes and install MacOS High Sierra, which I am now doing.

       

      I am puzzled as to how this could have happened with the Adobe Flash update, and are there any other effects of this virus? Does anyone else know about this?

       

      Message was edited by: Jeromie Clark - Removed the blue text background

        • 1. Re: VIRUS with new Adobe Flash installer
          maria__ Adobe Employee

          Hi,

           

          Unfortunately, you were tricked into downloading and installing a malicious Flash Player installer.  The only official site to download Flash Player from is adobe.com.  I will forward the link you posted to the Security & Fraud team for follow-up and taken down.

           

          --

          Maria

          • 2. Re: VIRUS with new Adobe Flash installer
            ericwt85

            Just happened to me today from this site: softreadynow.thecontentservice2update.review

            I didn't run it once I saw where it came from and deleted it. I checked the Flash update tab and it said I am good to go.

            So this is an FYI for anyone else.

            • 3. Re: VIRUS with new Adobe Flash installer
              Colin Holgate MVP & Adobe Community Professional

              Thanks. I notice they use Google's Captcha too, I might mention it to Google too. Coincidentally, I'm going there tomorrow, I'll add it to my list of topics!

              • 4. Re: VIRUS with new Adobe Flash installer
                johnh2065

                I have just had this same problem. AND I went to Adobe.com to get the latest download for my iMac running the latest version of MacO. It installed the bogus scanware, deleted all my Safari and Chrome tabs, and who knows what else?!! I immediately deleted the app, and now I am in the process of doing a whole system restore from yesterday, taking no chances that something else is compromised.

                 

                So what is going on, Adobe? It appears your site has been compromised.

                • 5. Re: VIRUS with new Adobe Flash installer
                  maria__ Adobe Employee

                  If you still have the DMG file, please do the following:

                  • right-click on the DMG file select Get Info
                  • expand More info: section
                  • post a screenshot of the entire where from: path the file was downloaded from
                  • 6. Re: VIRUS with new Adobe Flash installer
                    johnh2065 Level 1

                    I am not absolutely certain this is the file, but the timeframe is right. Here is the screen capture, but there is no where from indicated. I have the file sitting in my trash.

                    Screen Shot 2018-05-07 at 11.21.40 AM.png

                    • 7. Re: VIRUS with new Adobe Flash installer
                      maria__ Adobe Employee

                      The downloaded from URL path will not display if the DMG is in the Trash.  If you move it out of the Trash, it should display the URL path.

                       

                      Also, what is the bogus scan-ware it installed?  Flash Player installer for Mac doesn't include any third party offerings (optional or otherwise).

                      • 8. Re: VIRUS with new Adobe Flash installer
                        johnh2065 Level 1

                        Thanks, Maria. I had tried that, thinking the same thing, but saw no where from. BUT I just tried it again and got what is below. The bogus scan-ware is an app that acts like it is scanning your machine, and lo and behold, it finds a zillion problems that require immediate attention...that's when I knew I had been scammed. I do not remember the name of the app, because I immediately shut it down and deleted it.

                        Screen Shot 2018-05-07 at 5.40.55 PM.png

                        • 9. Re: VIRUS with new Adobe Flash installer
                          Test Screen Name Most Valuable Participant

                          Was it definitely an app, rather than a browser window? I have seen this trick with browser windows which look like apps, and if clicked lead you into downloading an actual app - the scan is of course spurious.

                          • 10. Re: VIRUS with new Adobe Flash installer
                            maria__ Adobe Employee

                            Thanks for posting the screenshot.

                             

                            The path and website are from Adobe.  It's highly unusual for a Flash Player installer, delivered from Adobe servers, to have a virus.  In all the years I've been working on the product, I've not seen it happen.  We have a secure deployment process and all files are regularly checked for viruses.

                             

                            If you still have the installer, you can verify the md5/sha256 hash values, and the digital signature on the app.  They should be the following:

                             

                            md5 hash value for install_flash_player_osx.dmg: edec8c6e91d3263e066f1d0ba65d9c8b

                            sha256 hash value: 173d1201269371761460f36656edf92c23b90d1b21389c2b288c47be093951ae

                             

                            To verify the digital signature do the following:

                            1. Mount the install_flash_player_osx.dmg file (double-click on the DMG file)
                            2. Launch terminal app (/Applications/Utilities/Terminal.app)
                            3. In the terminal, type: codesign -vvd /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app
                              • Note that there is a space between -vvd and the path to the Install Adobe Flash Player.app file.
                              • Alternatively, type codesign -vvd and then drag and drop and Install Adobe Flash Player.app onto the terminal app
                            4. Click Enter
                            5. The Authority Developer ID should be:

                                    Authority=Developer ID Application: Adobe Systems, Inc. (JQ525L2MZD)

                                    Authority=Developer ID Certification Authority

                             

                            If the hash values and the codesign Authority match it's valid and doesn't have any viruses (ran a virus check on it again.

                             

                            Another check is to upload the DMG to VirusTotal, which is used by many companies and people to check files for viruses, malware, etc.  Go to https://www.virustotal.com then follow the instructions to upload the file and have VirusTotal scan it.

                             

                            --

                            Maria

                            • 11. Re: VIRUS with new Adobe Flash installer
                              johnh2065 Level 1

                              I'm pretty sure it was an app that popped up (could have been Advanced Mac Cleaner, as the original poster posted). I acted fast, and found it listed in my Applications list and deleted it, then reset my machine, hoping I cut it off fast enough.

                               

                              Also when I was running the installation, I first realized all was not right when I got a screen offering to also install some other unrelated app (something like a travel or hotel booking app), and then realized that the previous screen probably also offered an app (like the spurious scanner), but I did not catch it, just clicked through assuming it was normal acceptance verbiage. When I tried to cancel the whole thing, it proceeded anyway and made a mess.

                               

                              Here are the screenshots from terminal app and output from virus tool. Nothing appears amiss to me. Makes me wonder if this was indeed the file I tried to install from.

                              Screen Shot 2018-05-08 at 9.42.32 AM.png

                              Screen Shot 2018-05-08 at 9.07.52 AM.png

                              Screen Shot 2018-05-08 at 9.11.11 AM.png

                              • 12. Re: VIRUS with new Adobe Flash installer
                                maria__ Adobe Employee

                                Thank you for the additional information and the screenshots.  The info in the screenshots indicates it's the Flash Player installer, but the official installer does not include any 3rd party software. I suspect something else was downloaded/installed around the same time.  You can view a complete installation history in the System Information app.  To access the utility, go to /Applications/Utilities/System Information.app.  In the left panel, in the Software categories, select Installations.  This gives a complete history of all apps installed.  You can sort by the Install Dates column to quickly search for the date/time the event occurred.

                                • 13. Re: VIRUS with new Adobe Flash installer
                                  johnh2065 Level 1

                                  Possibly there was another file. Realize that I did a complete restore from Time Machine to the previous midnight backup, which wiped my disk clean first. I was surprised to find that installer at all since it was from 8am the same day. Looking at installation history as you suggest only shows the most recent actual installation before that on April 30.

                                   

                                  Screen Shot 2018-05-08 at 11.49.01 AM.png

                                   

                                  What is interesting to me is that there is no version listed for this or any downloads of Adobe Flash Player. Which is the reason I went to Adobe.com in the first place to find out how to check if I had the latest version or not, since I got a message from a website saying it was out of date (and I had just updated it on April 30, as this shows).

                                  • 14. Re: VIRUS with new Adobe Flash installer
                                    maria__ Adobe Employee

                                    Is there any installation entry for May 3rd? You're first post is on May 3rd stating "I have just had this same problem", so my assumption is the incident happened on May 3rd, not April 30.

                                    • 15. Re: VIRUS with new Adobe Flash installer
                                      johnh2065 Level 1

                                      Yes, the incident happened on May 3 right around 8:46am, the date of the file we have been examining. I did not post anything here until AFTER I had restored my machine to a May 3 at 12:06am backup. So I was surprised to see the 8:46am file. Nothing else is still around, since my machine was wiped clean as part of the restore.

                                       

                                      I guess at this point there is nothing left to pursue. If I get time (not likely now, but maybe the next time I want to update), I can ty to visit Adobe.com and see what happens, going slowly and carefully. I suppose you could try the same as well. Maybe a page on the website had been hacked to provide a bad download link. Thanks for trying to get to the bottom of this, Maria.

                                      • 16. Re: VIRUS with new Adobe Flash installer
                                        maria__ Adobe Employee

                                        The restore was definitely a good thing to do, unfortunately some forensics were lost that could possibly assist in resolving the issue. I had actually downloaded the installer file from get.adobe.com/flashplayer last week and nothing was amiss.  While we do have the installers posted internally, I regularly download them from the Adobe site to follow the same workflow a user would follow.


                                        We actually just deployed a new version (29.0.0.171) earlier today.  I have downloaded (from adobe.com) and installed the latest version with no issues encountered.

                                         

                                        The hash values for the latest version of install_flash_player_osx.dmg are:

                                        md5: d5b8ae527718b38b4265c27ccb2cb7a3

                                        sha256: 66c96d343af3bec3d4a76137ed62af35d844c7e5f2a905f878ed9806fe714baf

                                        • 17. Re: VIRUS with new Adobe Flash installer
                                          johnh2065 Level 1

                                          Ok, Maria. Had to try it again...just downloaded the .171 version and installed it. Nothing else came along for the ride. Installed fine, though it did make me enter my password twice which got me little anxious. All good now. Thanks for you help.

                                           

                                          If you are in northern CA...go Dubs!

                                          • 18. Re: VIRUS with new Adobe Flash installer
                                            maria__ Adobe Employee

                                            You're welcome.  Glad it installed successfully without any issues.  The second prompt for a password usually happens when taking too long to complete the installation (e.g. clicking Done in the final step) and there's a time-out (about a minute or so).  Essentially a security measure, due to the APIs used.

                                             

                                            I am in NorCal, not a basketball fan, but it is the local team - so yes, go Dubs

                                            • 19. Re: VIRUS with new Adobe Flash installer
                                              veravargas

                                              Hoje recebi notificação de atualização disponível e baixei. Havia programa malicioso junto - programa 1234 - deve ser jogo com cavalo de tróia.   Flash Player não baixou.

                                               

                                              Sempre observo barra de tarefas do site da Flash Player tinha cadeado verde - isto é - seguro!

                                               

                                              Que confiança sobra para  baixar novas atualizações  ????

                                               

                                              Favor solucionarem o problema de segurança.

                                               

                                              Grata Vera

                                              • 20. Re: VIRUS with new Adobe Flash installer
                                                jeromiec83223024 Adobe Employee

                                                I'm confident that you didn't get a virus-infected payload from the Adobe's website.  We've made huge investments to ensure that the downloads you get are legitimate, and there are a whole series of tight controls, separations of responsibility and continuous monitoring that ensure that we can confidently say that.

                                                 

                                                You were most likely tricked into downloading Flash Player from an impostor website.

                                                 

                                                What was the link to the page that offered the download?  You should be able to find it in your browser and/or download history.

                                                 

                                                Also, what operating system and browser are you using?

                                                • 21. Re: VIRUS with new Adobe Flash installer
                                                  veravargas Level 1

                                                  Caro Senhor Jeromi:

                                                   

                                                  Respondendo sua atenciosa msg informo que iniciei o PC e logo veio a

                                                  telinha escura, pequena do Adobe (como sempre ocorre) dizendo haver

                                                  atualização do Flash Player.   Permiti o download e estranhei que não foi

                                                  para a devida pasta "download".  Aparecia o ícone (integro) da Flash  na

                                                  barra de ferramentas no pé do navegador (Chrome).     Pensei ter me

                                                  equivocado na escolha da pasta e prontamente cliquei no ícone e iniciou a

                                                  instalação.

                                                  Outro fato curioso é que na segunda régua do download, onde fica o download

                                                  do  Scan Mcafee  havia uma linha truncada, mas como já tenho esse item

                                                  instalado o próprio Adobe não reprisa a instalação, achei não haver

                                                  preocupação.

                                                   

                                                  Sempre observo na barra superior se o site é aquele mesmo e se o cadeado

                                                  está verde e se o ícone  do Avast on line security também está. Ainda uso o

                                                  Trusteer  Endpoint Protection, da IBM, obrigatório na utilização do

                                                  internet bank.

                                                   

                                                   

                                                  Logo o Avast Internet Security interveio com tela dizendo haver programa

                                                  malicioso se instalando.

                                                   

                                                  Tentei parar a instalação e não consegui, pois comandos não respondiam.

                                                  Demorou algum tempo para o antivírus perguntar se era para guardar o

                                                  programa malicioso na caixa de vírus: o programa é o IDP generic

                                                  gamecenter.exe -  Confirmei e foi feito, estando lá confinado.

                                                   

                                                   

                                                  Limpei o histórico, o menu de programas instalados, fiz a varredura

                                                  completa do antivírus.  Observei que o programa malicioso desativou o

                                                  módulo dados sigilosos do antivirus.

                                                   

                                                  Agora parece estar normalizada a situação, mas confesso que estou com medo

                                                  de fazer novas atualizações e o pior que não se pode prescindir delas pela

                                                  própria segurança.

                                                   

                                                  Espero ter relatado este fato de forma compreensível e  agradeço sua

                                                  atenção.

                                                   

                                                  Vera

                                                   

                                                   

                                                   

                                                  2018-06-12 19:49 GMT-03:00 jeromiec83223024 <forums_noreply@adobe.com>:

                                                   

                                                  VIRUS with new Adobe Flash installer created by jeromiec83223024

                                                  <https://forums.adobe.com/people/jeromiec83223024> in Using Flash Player

                                                  - View the full discussion

                                                  <https://forums.adobe.com/message/10441156#10441156>

                                                   

                                                  • 22. Re: VIRUS with new Adobe Flash installer
                                                    veravargas Level 1

                                                    Caro Senhor Jeromi:

                                                     

                                                    Desculpe, mas acabou de ocorrer novamente, do mesmo jeito, mas desta vez

                                                    não instalei e fotografei as telas de instalação, que anexo para seu

                                                    conhecimento.

                                                     

                                                    Espero que ajude a sanar o problema

                                                    Grata.

                                                    Vera

                                                     

                                                    2018-06-13 10:08 GMT-03:00 Verars2003@gmail.com <verars2003@gmail.com>:

                                                     

                                                    Caro Senhor Jeromi:

                                                     

                                                    Respondendo sua atenciosa msg informo que iniciei o PC e logo veio a

                                                    telinha escura, pequena do Adobe (como sempre ocorre) dizendo haver

                                                    atualização do Flash Player.   Permiti o download e estranhei que não foi

                                                    para a devida pasta "download".  Aparecia o ícone (integro) da Flash  na

                                                    barra de ferramentas no pé do navegador (Chrome).     Pensei ter me

                                                    equivocado na escolha da pasta e prontamente cliquei no ícone e iniciou a

                                                    instalação.

                                                    Outro fato curioso é que na segunda régua do download, onde fica o

                                                    download do  Scan Mcafee  havia uma linha truncada, mas como já tenho esse

                                                    item instalado o próprio Adobe não reprisa a instalação, achei não haver

                                                    preocupação.

                                                     

                                                    Sempre observo na barra superior se o site é aquele mesmo e se o cadeado

                                                    está verde e se o ícone  do Avast on line security também está. Ainda uso o

                                                    Trusteer  Endpoint Protection, da IBM, obrigatório na utilização do

                                                    internet bank.

                                                     

                                                    >

                                                    Logo o Avast Internet Security interveio com tela dizendo haver programa

                                                    malicioso se instalando.

                                                     

                                                    Tentei parar a instalação e não consegui, pois comandos não respondiam.

                                                    Demorou algum tempo para o antivírus perguntar se era para guardar o

                                                    programa malicioso na caixa de vírus: o programa é o IDP generic

                                                    gamecenter.exe -  Confirmei e foi feito, estando lá confinado.

                                                     

                                                    >

                                                    Limpei o histórico, o menu de programas instalados, fiz a varredura

                                                    completa do antivírus.  Observei que o programa malicioso desativou o

                                                    módulo dados sigilosos do antivirus.

                                                     

                                                    Agora parece estar normalizada a situação, mas confesso que estou com medo

                                                    de fazer novas atualizações e o pior que não se pode prescindir delas pela

                                                    própria segurança.

                                                     

                                                    Espero ter relatado este fato de forma compreensível e  agradeço sua

                                                    atenção.

                                                     

                                                    Vera

                                                     

                                                    >

                                                     

                                                    2018-06-12 19:49 GMT-03:00 jeromiec83223024 <forums_noreply@adobe.com>:

                                                     

                                                    >> VIRUS with new Adobe Flash installer created by jeromiec83223024

                                                    >> <https://forums.adobe.com/people/jeromiec83223024> in *Using Flash

                                                    >> Player* - View the full discussion

                                                    >> <https://forums.adobe.com/message/10441156#10441156>

                                                    >>

                                                    • 23. Re: VIRUS with new Adobe Flash installer
                                                      maria__ Adobe Employee

                                                      Hi Vera,

                                                       

                                                      The forums software blocks email attachments.  Please log onto the forums and attach the screenshot you mention.

                                                       

                                                      Also, can you go into downloads history and obtain the URL the file was downloaded from?

                                                       

                                                      Thank you.

                                                       

                                                      --

                                                      Maria

                                                      • 24. Re: VIRUS with new Adobe Flash installer
                                                        fatiman85409685

                                                        Hi - same thing happened with me today. I downloaded Adobe from a random pop up and don't know what to do now

                                                         

                                                        Screen Shot 2018-06-20 at 12.53.15 AM.png

                                                        • 25. Re: VIRUS with new Adobe Flash installer
                                                          Robert Mc Dowell Level 3

                                                          never ever install any flash plugin out of adobe.com, you will get for sure virus and malware.

                                                          • 26. Re: VIRUS with new Adobe Flash installer
                                                            maria__ Adobe Employee

                                                            Hi,


                                                            Thank you for posting the screenshot.  It indicates the installer was downloaded from a non-Adobe site (s3.amazon.com, which is Amazon's cloud service).  Unfortunately, you were tricked into downloading an unauthorized installer, which is most likely malicious.  Recommend you run full virus, malware, adware, etc scan of your system.  If you can restore to a point prior to installing that unauthorized Flash Player, I recommend doing that.

                                                             

                                                            --

                                                            Maria

                                                            • 27. Re: VIRUS with new Adobe Flash installer
                                                              jeromiec83223024 Adobe Employee

                                                              Sorry this happened to you.  I'm going to leave some advice here for other folks that may run across this.

                                                               

                                                              Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.

                                                               

                                                              As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization.  In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).

                                                               

                                                              The result is that human factors are now the path of least resistance.  It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.

                                                               

                                                              In general, you're better off setting everything to update automatically.  You can then go through life assuming that any update notifications you get are bogus.  This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.).  The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.

                                                               

                                                              Here are a few guidelines that will minimize your risk of getting tricked into installing malware:

                                                               

                                                               

                                                              - Wherever possible, use your operating system's App Store for downloading and updating software

                                                               

                                                               

                                                              - When software you want (like Flash Player) isn't available from the App Store for your operating system, always navigate directly to the vendor's website.  If you need to search for the download, that's cool -- but avoid "download" sites, and find the vendor's actual download link

                                                               

                                                               

                                                              - Never download stuff from a link in an email or update dialog.  Type it in.  It's easy to disguise fake URLs in links using internationalized characters and things (e is not the same as è, but it might be really easy to miss if you're not looking closely).  If it's a link from a URL shortener

                                                              service like tinyurl.com/abcde or bit.ly/abcde, you don't know what the end result is going to be, and you're probably wise to just head to Google to find what you need instead.

                                                               

                                                               

                                                              - When the software offers automatic updates, just turn them on and stop worrying about maintaining all the moving parts running on your computer.  The threat landscape is so much different than it was 10-15 years ago.  Enable updates so that you're getting critical patches as soon as they become available.  Be confident that any subsequent update notifications are probably fake, and act accordingly (either ignore them, or consult the vendor for guidance before doing anything).

                                                               

                                                               

                                                              For Flash Player specifically:

                                                               

                                                               

                                                              Always download Flash Player from here:  https://get.adobe.com/flashplayer/

                                                               

                                                               

                                                              When you install, choose the default option of "Allow Adobe to Install Updates (recommended)", and we'll keep it updated for you.

                                                               

                                                               

                                                              Google Chrome ships Flash Player as a built-in component, and keeps it updated automatically.  There's nothing separate to download, install or configure.

                                                               

                                                               

                                                              Microsoft Edge and Internet Explorer on Windows 8 and higher also include Flash Player as a built-in component of their browser, and updates are handled automatically through Windows Update.  Again, as long as Windows Update is enabled, there's nothing to download or configure.

                                                               

                                                               

                                                              Also, while you've manually cleaned up the stuff that you can see, you installed malware on your machine.  There's a large universe of unknown unknowns, but the malware guys at this point are generally professionals.  They test against the popular antivirus and cleanup tools.  While you've removed the obvious visible signs of the malware infection, you're putting a lot of faith into the tools that you used.  This sort of requires a gut-check on your part about what your risk tolerance and confidence level is.  It also depends on what you do with the computer (health care, banking, etc.).  Good malware is going to first establish a foothold, but the second order of business would be to ensure resilience.  Without an exhaustive (and expensive) forensic analysis, there are no guarantees that you've eradicated everything that was installed.

                                                               

                                                               

                                                              If it were me, I'd probably back up all of the critical data on the machine and then burn the whole thing down and start from scratch (e.g. format the hard disk, reinstall the operating system and applications from pristine sources, install a reputable antivirus utility, scan my backups and then restore them.  I'd then go buy a password manager like LastPass/OnePass/KeyPass/etc. and set about ensuring that I have unique, strong passwords for each of the important online services that I use (including any email services that could be used to reset those passwords), and set up two-factor authentication wherever it's offered.

                                                              • 28. Re: VIRUS with new Adobe Flash installer
                                                                markb72018355

                                                                Its not just part of a search engine function, this was the site suggested by simple search sites.  Sick of fake Adobe downloads...whats the alternative community?

                                                                • 29. Re: VIRUS with new Adobe Flash installer
                                                                  jeromiec83223024 Adobe Employee

                                                                  I actually cover that in the post above, but in essence, you have three options:

                                                                   

                                                                  1.) Don't use Flash Player.

                                                                   

                                                                  Uninstall Flash Player - Windows:

                                                                  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

                                                                   

                                                                  Uninstall Flash Player - Mac:

                                                                  https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

                                                                   

                                                                  2.) Use a browser that ships Flash Player as a built-in component:

                                                                   

                                                                  Google Chrome on all supports platforms

                                                                  Internet Explorer and Edge on Windows 8 and Higher

                                                                   

                                                                  3.) Always download Flash Player from Adobe's website, and set it to automatically update

                                                                   

                                                                  You can always download Flash Player from here (make a bookmark for convenience, if you'd like):
                                                                  https://get.adobe.com/flashplayer

                                                                   

                                                                  When installing, set it to automatically update.  Consider all other update notifications and dialogs bogus, and ignore them.

                                                                  • 30. Re: VIRUS with new Adobe Flash installer
                                                                    maria__ Adobe Employee

                                                                    The alternative is to always go to https://get.adobe.com/flashplayer to download Flash.

                                                                     

                                                                    "this was the site suggested by simple search sites."

                                                                    Not sure what site you are referring to here, however, search engines use various algorithms to display results and don't necessarily display the best result. If you're searching for some specific software to install and the top results are not from the company that produces the software, don't go to those sites to download the software.  Go directly to the company's website and search for it there.  That's the best option for when downloading ANY software.

                                                                    • 31. Re: VIRUS with new Adobe Flash installer
                                                                      william mr37796152

                                                                      FakeFlashPlayer.jpg

                                                                      They tried to get me too. Didn't open it, it wasn't from the app store!

                                                                      It automatically downloaded to my downloads folder when I clicked

                                                                      a link on Facebook.

                                                                      • 32. Re: VIRUS with new Adobe Flash installer
                                                                        ridhijain Adobe Employee

                                                                        Hi William,

                                                                         

                                                                        Thanks for reporting the issue. I would forward the same to the phishing team.

                                                                         

                                                                        Thanks!

                                                                        • 33. Re: VIRUS with new Adobe Flash installer
                                                                          Test Screen Name Most Valuable Participant

                                                                          Be VERY cautious of using search engines to find ANYTHING important. Banks, bill payments, software downloads, even government sites - all of these, used in a search engine, can send you to fake sites that want to steal from you. Use common sense, look very closely at the web addresses and check certificates. If possible, use printed materials to double check.

                                                                          • 34. Re: VIRUS with new Adobe Flash installer
                                                                            Dave Tschirhart

                                                                            Just for information sake I too downloaded the latest Flash updater from Adobe's homepage today and it had this malware that has been referred to, some Mac cleaning app.  It messed with my browser settings too and was able to fix those. I was able to clear it from my Mac Pro by following some honest tips from online. But I am genuinely surprised how it somehow attached itself. You pros know, I'm a newb. But I am not buying the surprise the Adobe Tech's have shown. I can appreciate the team is working their hardest to stay ahead of these hackers. But this hack seems unprecedented.

                                                                            • 35. Re: VIRUS with new Adobe Flash installer
                                                                              Test Screen Name Most Valuable Participant

                                                                              Please check your  browser history to find the exact page at Adobe that you downloaded from. Flash Player is in several places, but not on the home page. Let us know the URL (web address).

                                                                              1 person found this helpful
                                                                              • 36. Re: VIRUS with new Adobe Flash installer
                                                                                maria__ Adobe Employee

                                                                                If you still have the file that was downloaded, right-click on the file and select 'more info', then post a screenshot of the complete URL from where the file was downloaded from, as the other user did in post 31.


                                                                                Thank you.

                                                                                 

                                                                                 

                                                                                 

                                                                                --

                                                                                Maria