AdobeFlashPlayerInstaller is full of malware, Norton won't identify it as a threat

Hello,

My browser received a prompt to update flash from this website:

https :// deloton . com/?auction_id=70cdb3fb-3362-4a96-987c-4a0c61879c8d&xref=a2lrbG9naW5vbmxpbmVlLmNvbQ&ip=dc6619579521eb48f74807ec1a0bb168&pbk3=f9196e3a37fcf7fe4102d47c3fb864ec6565286722622800025&r=%2Foc%2Fhan&uuid=4d07fa49-9f9c-443a-8e1c-58b806d45142&co=1&rf=1&zoneid=1622486&fs=0&cf=0&sw=1280&sh=800&sah=777&wx=0&wy=32&ww=1280&wh=737&cw=1280&wiw=1280&wih=676&wfc=8&pl=https%3A%2F%2Fkikloginonlinee.com%2F2016%2F09%2Fhow-to-find-groups-on-kik.html&drf=https%3A%2F%2Fwww.google.com%2F&np=1&pt=0&nb=1&ng=1&ix=0&nw=1

It installed:

SearchModule 
Advanced Mac Cleaner software
More Free Promos 
and
something from Booking . com

I think I was able to remove everything by hand, and let malware take care of Search Module,

But shortly there after, I noticed that there were apps on my iPhone marked as offloaded as well as Photos sending pictures to my iCloud for storing , (I do not have either or those features activated) trying to download the offloaded apps I was promoted with a message that they were not available inshore, even though I could go to the store and see them.

I have since wiped my phone, and did a factory restore over wifi, not synching it with my laptop.

Why didn't NAV scan and catch the files? before my dumba@# installed it?

Scanning the dmg file, Norton says it is safe, as does Malwarebytes.

it is 111KB in size, and do not wish it assume that everything is OK.

How should I proceed?

 

It is now completely fine after resetting over wifi, circumventing iTunes. This leads me to believe that the problem is with the MacBook. Would you agree?

I have no experience with Macs, so I'll ask this thread be moved to the Mac forum board for better exposure to Mac users.

I also suggest again, that this does not appear to be anything to do with Norton, so you should find and post in an Apple support forum.    Try     https://support.apple.com/en-ca

 

 

https://www.virustotal.com/en/file/071edad7ac7fbdc56d926123c453b29d4b2b5657bcab150fa3321eb48dd16892/analysis/1529716379/

I uploaded the DMG file to Virus total.

Looks as if I have a starting point.

Preface: One cannot get a virus on a stock iPhone. I have a stock iPhone.

 

Is this whole thread about issues on your iPhone?  

 

Good question: In over 10 years of owning one, I've never seen an iPhone do the opposite of what its preference settings dictate. The comment you just responded to? It was supplied as evidence that something was wrong.

 

my iPhone had been slow, first the screen was flashing, and then the offlloaded app icon caused issue. I'd restored it to factory settings twice via iTunes to no avail.

 

It is now completely fine after resetting over wifi, circumventing iTunes. This leads me to believe that the problem is with the MacBook. Would you agree?

 

I cannot uninstall iTunes to reinstall it, and I cannot trick iTunes into redownloading the latest version of iOS to see if that would install without issue. Now I'm reticent to pair the two until I can figure out what was occurring and either how to control It or guarantee its no longer issue.

 

What would you do instead?

 

Is this whole thread about issues on your iPhone? If so, Norton would not have any way to detect any malware as there is no malware features in the IOS version of Norton Mobile Security. The only features for IOS are a phone finder and a contact backup.

For your apps you are having issues with. Have you checked the Google Play Store to see if you can find the problem app(s) listed? I just did a quick search and could not find them. Can you provide a link to the download?

The problems you are seeing seem to be Apple related. No connection to Norton. You should try posting in an Apple support forum.

 

btw, I've been on a chat with tech support, and the last tech looked that PDF (or maybe he didn't)  told me to clear my history, because the adobe flash malware was causing the pop up.

how could malware (if it still exists) affect applications on an iPhone?

 

Everyone ,thank you for your assistance, thinking this though, feel I've gotten more head way asking you seasoned vets questions. appreciate it.

I've had to reformat my phone twice, because the first time, I kept seeing window animations without a program opening or closing, and then the second time I restored to factory settings, from iTunes ,to find the next morning that there were app icons denoting being stored off in the cloud, but I did not have that setting actually set to offload the file.

 

when I clicked on the cloud, I was prompted with this message , this app is totally in the App Store, what caused it to become both offloaded and corrupted?

BTW I had my iPhone tethered by bluetooth and set to sync with iTunes by wifi

It installed:

SearchModule 
Advanced Mac Cleaner software
More Free Promos 
and
something from Booking . com

......

Why didn't NAV scan and catch the files? before my dumba@# installed it?

It looks like you have picked up PUPs,  Possibly Unwanted Programs. While they are annoying, they do not cause damage to your system. Some people actually want the 'Features' offered by these programs. They are usually downloaded alongside a legitimate download when you do not uncheck the option for the additional download. Or, as what appears may have happened in your case, a malicious ad on some page you visited.

Norton products concentrate on malware that can damage your system, that is why some PUPs are not detected.

What device did you get this on? You mention a laptop and an iPhone. Is the Laptop a Mac?

To help battle this kind of false update message, you can try installing an ad blocker extension in your browser.

 

Sorry, phillyguy question is over my pay grade.

Does that mean I should speak to a support and open a live case? Or submit the malware.DMG for Synamtec to analyze?

  

What would you do, were you me?

  

Thank you kindly, BJM_ you’re and excellent soundboard and good help at talking out the issue! I appreciate it.

  

PS, I’ve used Snagit on my Wintel PC for over 10 years. Never had an issue or virus because of it.

phillyguy:  I have one follow up question. is it possible that installing that malware opened a backdoor in my machine? 

Sorry, phillyguy question is over my pay grade.   


FWIW ~ may be related: phillyguy SnagIt.pdf

     [edit note: picture with private date removed by admin on request]

https://www.symantec.com/security-center/writeup/2017-121515-5652-99

File: Setup_FileViewPro_2018.exe
File size: 1.29 MB (1,350,384 bytes)
MD5 checksum: 448AFC6CBE9630C4DF0ABDC19C4926C8
SHA1 checksum: FA4A357E487957D638FA9D16DCF5F0C1DD861EBB
SHA256 checksum: 925AB675EEB5F7A729B8CB1C5926FAE31C5702F778E8E352BE94D4CCE45A398B

VirusTotal 8/67 <here>
YMMV

Thank you Floplot, and thank you BJM_ I have one follow up question. is it possible that installing that malware opened a backdoor in my machine? The following just might possibly be bias due to ignorance on my own part, but possibly not? The .DMG file info screenshot (attached to the first post), shows the main site (explorerlauncher.com) as the DMG source with delton.com as a URL parameter, (am I reading that correctly?) How else would the offloaded apps appear when my iPhone is not set to offload apps... Was unable to redownload by clicking as they would say "not available from iTunes store) But i could delete just fine and download a fresh copy from the iTunes store. FYI I had iTunes set to WiFi synch with Bluetooth enabled on the iPhone for fast information transfer. Two other things not previously mentioned: Wintel laptop, SEP picked a file out of my IE download folder to quarantine (wasn't using the laptop at the time). Shortly after my router seized when I told it to not respond to pings. Had to factory reset to get back in back up and running. (had reset it a few weeks prior due to the Russian router /network IOT discovery) Would you agree that these might just be too many coincidences to all be isolated events?

    [Edit note: Snaglt_0pdf removed by Admin on request] 2018-06-22BS

3094.pnghttps://safeweb.norton.com/report/show?url=deloton.com

Hello phillyguy

Welcome to the Norton Community Forum

I will ask the Safe Web Team to evaluate the site you have mentioned that gave you malware. Have you checked the website with virustotal.com? You should only download Adobe Flash Player from Adobe. It is best to update your programs from the manufacturer's website. You will have less chance of getting malware.

Please stay tuned to this thread for a response from the Safe Web Team on Thursday night after midnight EDT.

Have a Good Night and

Thanks.