Adobe Flash Player detected as Trojan

Norton Security | Norton Internet Security
1

Hi there.

 

Planning to update my flash player for firefox.

Get straight to : http://get.adobe.com/flashplayer/

 

as usual, downloaded a small installer file DIRECTLY FROM ADOBE SERVER

http://aihdownload.adobe.com/bin/live/install_flashplayer11x32_mssd_aih.exe

 

When download finished, my NIS showed this :

adobe.png

 

My NIS 2013 v20.3.1.22 with latest virus def.

Is this false positive?
Or adobe really really intended to 'spread' that trojan???

Thank you.

Big regards.

2

Hi, RADITZDJ.  There are a couple of reasons this could happen.

 

1. As you say, NIS could be detecting this as a false-positive.

 

2. You could be the victim of a "man in the middle" attack - where you are being redirected from the Adobe server to a malware server - where you download an infected version of the software - rather than the valid one from Adobe.  And yes, it is possible for the redirect to have things "look" like they are coming directly from Adobe - when they are not.

 

This redirection issue is one of the reasons NIS has many different levels of "detection and test" procedures.  This is called "Defense in depth" - and thus the bad-guys get trapped in one layer or the other - never knowing which layer may detect their sleaze.  Welcome to the cat-and-mouse game which is the ongoing battle between malware developers and anti-malware developers.  :smileywink:

 

 

Things to try:

 

1. Manually remove flash and delete your old Flash folders.  No, flash does not properly and fully clean up after itself when it is uninstalled, even using Adobe's own uninstaller.  There is a manual procedure required for full and complete uninstallation - google "Complete Flash Uninstall" for instructions from Adobe on how to do this.

 

Note:  I do my flash uninstalls following the abovementioned manual procedure as a matter of course - but then again I'm paranoid at a level that can only be achieved because I know how devious malware-developers are.  There's that old saying "Just because I'm paranoid doesn't mean they're not out to get me..."  :smileywink:

 

2. Manually download the latest Flash Player installer from Adobe's website.  Google "Download Flash Player" and select an option that does not go to the "get.adobe.com" URL.   This should avoid "man in the middle" attacks.

 

3. When downloading, File Insight should appear, and if NIS does not have screaming fits - then you should be good to go.  If NIS still screams at you, then there is either a false-positive - or you may have some malware that is auto-redirecting - no matter that you are trying to get a legitimate version of flash player by trying to avoid "man in the middle" attacks.

 

 

Hope this helps.

 

3

Raditzdj
I have always had problems downloading flash player from Adobe (the active x)
The progress bar always would hang. If you go to the trouble shoot flash player installation for windows, there is a super direct link to download flash

4

Sorry it cut me off
A direct link to download flash player active x
When I use that ( which I did just last week) the NIS file insight approves the file. Mine also shows the file coming from macromedia which is Adobe as you probably know

5

The best way to download Flashplayer is through the main page of www.adobe.com, right bottom side.

Download links may have changed; you might be using an old one or even a malicious one in the meantime.

So there on the mainpage is the only right link.

 

--> Do not forget to untick the McAfee download they want to force you to.

 

Hugo