18 Replies Latest reply on Oct 27, 2008 10:08 AM by tally95

    Trojan Horse Generic 11.PWW in my AIR download!

      Last week I downloaded and installed the latest version of Adobe (vers. 9) from the Adobe.com site. However, it wouldn't run and gave me a message that ran along the lines "Your software has been successfully installed. However, it might run slower than normal because your disc needs defragmenting," plus some advice to defrag the disc then run the program again. Well my disc was fine as I'd run a defrag a day earlier. All the same I defragged it again then re-tried the new Adobe program. Same message. So I uninstalled the whole thing and did a new d/load and install. Same problem still. Finally I gave up on it and uninstalled it. What's the point of having it if I can't use it?

      Well today I ran my anti-virus program (AVG 8) and it found this:

      Infection Trojan horse Generic11.PWW

      And the path:

      C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe

      This Trojan is now locked away in the AVG virus vault. What beats me is how this is still hanging around on my comp after I'd uninstalled, run CCleaner etc. I'm not a geek though so if anyone can advise then I'd be glad for it.

      Also, having browsed some recent AIR topics and seeing the problems people have been having, I'd like to know if anyone else has picked up a trojan in AIR in their virus scans. I'd appreciate any feedback, because until I can be sure this problem is fixed I'm not d/loading any new versions of the main Adobe s/ware.

      Many thanks,


        • 1. Re: Trojan Horse Generic 11.PWW in my AIR download!
          Ditto! Last week I also downloaded the Adobe 9 and this morning my virus scan picked up the same infection. My AVG virus scan indicated that the file was healed. Is there anything else I need to do?
          • 2. Re: Trojan Horse Generic 11.PWW in my AIR download!
            I got the same virus in the Adobe installer
            • 3. Re: Trojan Horse Generic 11.PWW in my AIR download!
              I am having the exact same thing happening to me. So anyone know what or how we can successfully, virus free load Adobe products?
              • 4. Re: Trojan Horse Generic 11.PWW in my AIR download!
                Frustrated_Atlantan Level 1
                Since several of us reported having this problem and you graciously provided all the detailed information better than I ever could, I used your posting and opened a Case #0180396897. I have been spinning my wheels too long trying to move forward with this issue and I continue to get no where. Opening the case may or may not provide any resolution or insight but I figured at this point it couldn't hurt to see if any new "light" can be shed on resolving this issue.
                • 5. Re: Trojan Horse Generic 11.PWW in my AIR download!

                  Adobe reached out to AVG and has received confirmation from AVG that they are *incorrectly* detecting a Trojan horse in the Adobe Reader/Adobe AIR installer. AVG has informed us that this issue will be resolved in the next AVG Definitions update. AVG recommends customers update AVG with the latest definitions update.

                  • 6. Trojan Horse Generic 11.PWW in my AIR download!
                    MikePraha Level 1
                    My thanks to Ipolanco for that information and to everyone else who's posted that they have been having the same issue. I thought it odd -- to say the least -- that such a reliable co. as Adobe would have a trojan in their s/ware, so if it is only a glitch in the latest AVG then I'm glad to hear it. It's a fact that the AVG scan didn't pick up anything last week but this morning it did. I have auto-updates so it must have been in the latest one that the problem occurred. Meanwhile, however, I still have misgivings about downloading version 9 yet again. Even if there is no real trojan, the s/ware just didn't work as it should. At least, my two attempts to install it so it would actually work were unsuccessful.

                    I suppose I'll have to find a fix, but as my Compaq Presario 2100 laptop runs a pretty standard Win OS (XP with sp2) and is apparently clean (besides that "incorrect" trojan), the task of fixing the problem might be beyond my meager knowledge. If anyone could save me a load of time by pointing me to a forum/thread here that could help then I'd be very grateful.

                    Meanwhile, is it possible to still download Adobe version 8 somehow? It worked perfectly with never a hint of a problem.
                    • 7. Re: Trojan Horse Generic 11.PWW in my AIR download!
                      lpolanco Level 1
                      Hi Mike,

                      Could you describe what issues you are encountering while installing Reader 9 on your system?

                      • 8. Trojan Horse Generic 11.PWW in my AIR download!
                        MikePraha Level 1
                        Hi Luis,

                        I downloaded the Adobe Reader v.9 s/ware again to see if things were now different, but the problems persist. Because it might be helpful to you I took screen shots of the following, which in respect of issues tell the story well enough:

                        the download confirmation (while on the Adobe.com download page),

                        the Run query box prior to running it that confirms it's ready to be run,

                        the Setup Successful box with its confirm of a successful install but an advisory that the program might not launch as quickly as possible as my disk needs defragmenting,

                        the defragment disk report which shows my disk doesn't need defragmenting,

                        the download page of an official govt. site where I wished to download some .pdf format application forms,

                        the Mozilla Crash Report that I got as soon as I clicked on the download link in the above page, and

                        the "Adobe Reader 9.0 has encountered a problem and needs to close" box that I got when I tried to read one of the same .pdf files (downloaded via another comp that doesn't have Adobe 9.0). Please note that same .pdf file reads fine on my PC which runs Adobe v 7.

                        Summary: the newly installed Adobe v. 9.0 wrongly says that my disk needs defragmenting; it crashes my Mozilla v.3 browser as soon as I try to download a .pdf file from a safe (Capital City Govt. Dept) website; it cannot read .pdf documents but has to close - even though those documents clearly show with the usual "Adobe" icon, showing that Adobe reader is installed on the laptop.

                        I have uploaded all of those screen shots to a photobucket site and am sending you a private message with the link. I hope this will help. Meanwhile, because I never had a Mozilla crash prior to installing Adobe v 9.0, I am uninstalling this software again to avoid any more possible crashes. I have also used the Mozilla Crash Report facility to advise them that I had installed Adobe 9.0 only minutes prior to the crash and would uninstall the new s/ware and see if that fixes the problem. (Because the fact is that there may be another issue involved.)

                        Meanwhile if there is any way to download an older version of Adobe reader I'd like to have it. My Adobe 8 was excellent.

                        Many thanks for taking the time to review this for us. (As I'm surely not the only one.) I understand that as it's freeware, Adobe has no liability or onus to do anything so your helpful approach is brilliant.

                        EDIT to add: On second thoughts I'll leave the new Adobe 9.0 installed. Makes more sense as there's no way to try any fixes if I uninstall it :)
                        • 9. Trojan Horse Generic 11.PWW in my AIR download!
                          Some software, of which I suspect Adobe Reader is one, may not install correctly if AVG's Resident Shield is activated, resulting in the new software's launch failure, non-response, and other random errors. Also, if the program integrates with the user's e-mail client, it may be necessary to disable AVG's e-mail scanner.

                          Since I have been disabling the Resident Shield and E-mail Scanner before installing any software, I have had no problems. However, when the Resident Shield is again activated, it will detect and remove what it thinks to be a Trojan, which is in reality a file that was installed by Adobe Reader. The file was put there by Adobe for a reason, and deleting it my cause a recurrence of the problems you describe in your post.

                          As for defragging your drive, I have gotten messages from Windows XP saying that my drive didn't need to be defragged when it actually did need it; so Microsoft's opinion apparently differs widely from other people's and mine as to when a hard drive needs to be defragmented. The advantage of defragging is that it helps ensure that the software components are clustered as closely together as possible on the hard drive and not scattered all over the drive in little nooks and crannies left by uninstalled software and deleted files. It is common knowledge that the closer the consolidation of the program's files, the better and faster the program will run.

                          By the way, I'm running Windows XP-SP2 with 80GB and 160GB hard drives, 512MB RAM, and a 2.6GHz Pentium 4 processor. My anti-virus program is AVG 7.5 Anti-Virus, Professional Edition (I tried 8.0, but experienced some compatibility issues due to flaws in the software--which were supposed to have been resolved by now according to a spokesperson for Grisoft).

                          • 10. Re: Trojan Horse Generic 11.PWW in my AIR download!
                            I am running Avast 4.8 Home Edition and have received a similar virus alert.
                            file c/user/name/appdata/local/adobe/reader 9.0/setup files/air/adobe air installer.exe is infected by win 32:trojan-gen <other>
                            I also downloaded directly from Adobe.com
                            Is this a false alarm or a virus?
                            There is no uninstaller, so how can I safely uninstall Adobe Air and be certain there are no traces left on my computer ?
                            • 11. Trojan Horse Generic 11.PWW in my AIR download!
                              Oliver Goldman Adobe Employee
                              This is most likely a false alarm. That said, this file is not part of the Adobe AIR install, but rather the installer *for* Adobe AIR. If you're nervous about it, you can delete it.

                              AIR itself *does* have an uninstaller. You'll find it in the Add/Remove Programs Control Panel, assuming AIR is installed on your machine.

                              • 12. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                lpolanco Level 1

                                Yes, this is likely a false positive. Adobe will be reaching out to this antivirus vendor like we did with AVG.

                                • 13. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                  lpolanco Level 1

                                  Avast has confirmed that this is a false positive. This issue should already be corrected in the latest Avast update. Avast recommends customers update their Avast version with the latest definitions update.

                                  • 14. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                    MikePraha Level 1
                                    Many thanks to MyOwnGrandpa for the advice. I have not found a way to disable any of AVG's features within the normal screens displayed so I suppose there must be another method of which I'm unaware. However I shall follow up on that.

                                    I understand about problems with defragmented disks and I agree that at times Windows' self-assessment of the need for it or otherwise may not be the best; however as I stated in my OP, I had defragged the disk the day before my first install of the new Adobe software, got the "need" to defrag" message from it and ran the defrag again. It took all of two minutes as there was very little that needed doing. The problem persisted.

                                    Thanks also to the Adobe reps for their input... These false positive situations will obviously need to be addressed. It makes me think that the Adobe designers should test-run their s/ware against all major anti-virus products to see if there are any issues -- before releasing new versions. That is, if they don't do this already. At least in that way, if there is a problem a work-around or an advisory could be issued.

                                    I still have no idea what to do about V 9.0 It's sitting here on my laptop and still crashes my browser if I click on a file (in a website or even in a search page) that's pdf format. Sometimes I notice the "pdf" extension too late and can only groan as my browser goes down. It's quite irritating. Anyway, seeing as there does not seem to be a fix on offer I guess it's time to uninstall it. I certainly don't wish to uninstall my anti-virus software and download something older or less efficient.

                                    Pity you couldn't create a version of Adobe reader with anti-virus s/ware built in, that can run in the background. I don't know what's possible but that would be quite a product...
                                    • 15. Trojan Horse Generic 11.PWW in my AIR download!
                                      APG19 Level 1
                                      Thank You Oliver,
                                      Avast is no longer detecting Adobe Air installer.exe as a trogan.
                                      However, I am still having a problem removing the installer.exe from my computer.
                                      My operating system is Vista Ultimate currently up to date. In the control panel under uninstall software I have the following Adobe products: (1) Adobe Flash Player Active X. (2) Adobe Reader 9. (3) Get Plus (R).
                                      When I search my hard drive for installer.exe it shows up as Adobe Air Installer.exe (size 6.689 kb) at the following location: c/user/name/appdata/local/adobe/reader 9.0/setup files/air.
                                      My questions are as follows:
                                      1) Is this an application that is not installed and is safe to simply delete from its current location.
                                      2) If I decide to install this application is this Adobe Air, and do you think it is safe to install or could there be a problem with it given its location and size.
                                      3) If I install Adobe Media and/or Adobe Flash Media Player do I need Adobe air installer.exe.
                                      4) What is Get Plus (R).
                                      5) Are all of the progam downloads from Adobe.com saveable to disk prior to installation because most of what I downloaded installed automatically. This creates a problem if you get a virus alert after the program is installed. if you can save it to disk and scan it for viruses prior to installation this saves the user lots of time and problems.
                                      Thank you & I am very impressed with the quality of the info from this forum.
                                      • 16. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                        APG19 Level 1
                                        Thank You lpolanco,
                                        Avast is no longer detecting Adobe Air installer.exe as a trogan.
                                        • 17. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                          Oliver Goldman Adobe Employee
                                          1) No, this is not an installed application. It is safe to delete.

                                          2) It is safe to install AIR. If you decide to do so, I recommend downloading the latest version of the installer from adobe.com.

                                          3) Adobe Media Player does require that AIR is installed first, yes. However, that'll happen as part of the Media Player install process; you don't have to install AIR first yourself.

                                          4) I have no idea. :)

                                          5) Should be, yes.

                                          • 18. Re: Trojan Horse Generic 11.PWW in my AIR download!
                                            We also have AVG and I'm getting the following message:

                                            "Get Plus (R) Adobe: Please close "internet explorer" before uninstall can proceed!"

                                            Can anyone help me out with this??