7 Replies Latest reply on Aug 18, 2010 6:09 PM by pwillener

    reader_sl.exe Trojan Dropper.Generic2.Aliz???

    thrillos

      Hi folks

       

      I'm new in here so be gentle with me....

      I've got an ACER laptop (vista) which came with the Acrobat Reader preinstalled. At times to times, it notifies me for updates, so i do the update quite frequently.

      I also have the AVG Antivirus program installed, and i perform a full scan every 2 weeks (manually). Two weeks ago, nothing critical showed up from AVG.

      But today, when the scan process ended, it showed that the file c:windows\system32\oem\data1.cab:reader_sl.exe was infected with the Trojan Dropper.Generic2.Aliz

      Because the file data1.cab is too large (98mb) the avg cannot interfere to delete it. Is this Trojan an error of avg, or is it truly a Trojan?

      Did you have any similar complaints about that file???

      And why is the reader_sl.exe in the system32 folder and not in the ProgramFiles folders?

      Thanks in advance!!!

        • 1. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
          pwillener Level 8

          The C:\windows\system32\oem folder is most likely something that your computer manufacturer put there.  Can you tell me the date of the "infected" cab file?  If you currently have the latest Reader installed, you most likely don't need that cab file any more.  If it was my computer, I would simply delete the file.

           

          On my system, reader_sl.exe is located in the Program Files folder.  Can you right-click on that file in the system32 folder, then check the Properties (version) of that file?

          • 2. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
            thrillos Level 1

            Would you delete the entire oem folder or the data1.cab?

            ------------------------------------------------------------------------------------------ --------------------------------

            The reader_sl.exe inside the data1.cab (oem) has the followin dates:

            1. date created 08/03/2007 (dd/MM/yyyy)

             

            The data1.cab has:

            1. date modified :14/07/2007

             

            The reader_sl.exe in my program files folder has:

            1. version 8.0.0.0

            2. date modified 15/10/2008

            2. date created 15/10/2008

            • 3. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
              pwillener Level 8

              thrillos wrote:

               

              Would you delete the entire oem folder or the data1.cab?

               

              From the date you provided, this seems a really old file - I would just delete it.  But I don't know what else is in that folder, so I would leave the rest alone - especially if you have no HD space shortage.

               

              Does that 8.0.0.0 version number of reader_sl.exe correspond with your Reader version?  I have Reader 8.2.3, and my reader_sl.exe shows version 8.2.3.231 (dated 2010-06-17).

              • 4. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
                thrillos Level 1

                I am at work now, so seeing the version of Adobe Reader would be a little difficult

                right now. But all your answers are really helpful. So two ideas are passing my mind right now:

                 

                1. Uninstall the entire Adobe Reader from my machine

                Would that action uninstall both the oem version and the program files version or just one of them?

                 

                2. Delete the cab file as you ordered

                Would i have any other complication with that action?

                • 5. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
                  pwillener Level 8
                  1. Uninstall and reinstall (if you actually need it) Adobe Reader is sometimes a good idea.  But depending what your update level is, the uninstall may not remove reader_sl.exe from the system32 folder.
                  2. I would first run the antivirus scan again, and see if it was maybe a false positive warning.  The OEM folder may be used to restore the machine to its factory settings, so perhaps it would be better not to fiddle with that folder.  (Or make a complete backup of that folder before you delete the file and/or other contents in there.)
                  • 6. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
                    thrillos Level 1

                    So if i delete the data1.cab, i may have future problems when i want to reset to my factory settings you say?

                    I thought you said that you would delete this file if it was your pc...

                    • 7. Re: reader_sl.exe Trojan Dropper.Generic2.Aliz???
                      pwillener Level 8

                      That was a thought that came to me later, sorry for confusiong you.