Avatar of stevenjcane
stevenjcane
 asked on

Flash update virus

Am getting a fake Flash warning on my brand new Win7 64 systems.

"Attention! Your current version of adobe Flash player is outdated! Your computer is vulnerable to malware now. Update your adobe Flash player now."

then it will try to download the file "Install_flashplayer_12_x32_64_msaa.aax_latest.exe"
This appears as a popup  on an otherwise clean computer (brand new)

Has to be coming in over LAN but I need to know where from.  Have run many anti malware & virus programs, don't see how a new computer with MS intune is getting this pop up.
Thanks for your time,
PS, have run Rkill, malware bytes, Combo Fix, tdskiller, JRT, MS offline defender. and maybe a few others I don't remember, Keeps getting pop up when on internet,
Thanks
Anti-Virus AppsWindows 7

Avatar of undefined
Last Comment
stevenjcane

8/22/2022 - Mon
Kimputer

Why would you say it's fake?  Where does the download come from (which server? ).
Tony Giangreco

Download the app, burn the cd, boot from it, start the scanner, let it download the latest definition file and run the full scan over-night. It’s free and works very well. You can move the CD to any pc and run it as needed.

I tried it last week and was surprised at what it found. It works great!

http://www.comodo.com/business-security/network-protection/rescue-disk.php
comfortjeanius

Tell if you have this in Programs and Features

Window key + r

Type: appwiz.cpl  and press ENTER

Look for these programs and uninstall them

    DefaultTab
    DownloadTerms
    LessTabs
    TidyNetwork.com
    WebCake
    and any other recently installed application

Plus check "addons" in your Internet browsers and remove them as well.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
stevenjcane

ASKER
It's fake because all the scanners I ran say it a virus. I have updated flash to ver 13 anyway.
stevenjcane

ASKER
No extra programs. This is a brand new computer, no web browsing, just joined domain. Not a drive by down load, not a phishing site.
aadih

Could you restore your computer to an earlier point then?

[Recommended way: Boot up into safe mode with command prompt and type rstrui.exe to restore.]

Also you could try going to the adobe site and install the flash player from there:

http://get.adobe.com/flashplayer/ >
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
stevenjcane

ASKER
This is an BRAND NEW computer, no restore points, already updated to flash 13
aadih

Boot up to safe mode with networking. And try. Does the same problem happens?

Could you provide any more details?
jcimarron

stevenjcane--
Are you still getting the warning pop-up now that you have installed Flash Player 13?  What does Control Panel|Programs and Features indicate as the installed version of Flash?
Your help has saved me hundreds of hours of internet surfing.
fblack61
stevenjcane

ASKER
Control panel is 13.0.0.206
Seems to happen most often when going to google.com while using IE 10.
Have moved to another network, First time booting and went to google.com, got popup.
Ran malwarebyets, and got no errors.
Deleted reg entries with "IFlashBroker5" entries (as these showed as locked for everyone)
Have been random surfing with  both IE and Chrome. so far nothing bad, Will keep surfing and rebooting.
Crossing fingers.
stevenjcane

ASKER
Just as a point of procedure, I had done all updates offsite before delivering computers to client, Did all updates, install flash, install reader, install Microsoft Intune.
I had thought installing Intune (full paid subscription) would stop any of this nonsense.

Got popup for flash when IE was open, is happening on an irregular basis. Sometime can x out of popup window and continue, sometimes it goes to what sure looks like the official Adobe site and auto downloads the file referenced in the opening post.

I look like a bumkin to my client. Can't make any headway. No other posts with my exact systems.
Not phishing, no rootkits found, WTF
stevenjcane

ASKER
screen shot of popup
Fake Flash Popup
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
stevenjcane

ASKER
after closing popup this is the next site to appear
2nd site to open
Kimputer

Did it happen after you delivered the computer, and you were working on it? Or did it happen after a few days you delivered them? Any of the users have admin rights?
Was the firewall down during any time during first installations and updates, or did you use IE to browse websites? Did you install any programs while you were at the customer's site?
Tony Giangreco

Did you run that anti virus scan from the rescue CD I suggested above?  If so, did it find the virus? Any feedback?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
stevenjcane

ASKER
Hi TG-TIS, yes I ran the comodo disk, nothing found. Downloaded update and am running now.
We were having the same problem on the network before I installed the new Win7 computers.
The users have Admin rights on the local computers. Is part of a domain. Windows firewall was, and is still up.
aadih

Your PC is infected. How? I don't know. Please use a stand-alone boot up CD (from any reputable antivirus vendor) and scan with it.

Also, before you do that, scan your PC with TDSSKiller from:

http://www.bleepingcomputer.com/download/tdsskiller/ >
stevenjcane

ASKER
Upgrade IE to 11, make sure only Java 7 is installed.
Seems to only happen now when using IE and going to google.com, and then not every time.
Remove google as search provider.

Seems like something in the stack got changed, when it sees www.google.com it somehow kicks me to the first screenshot. The address bar (which I didn't get in the shot) shows google.com
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
stevenjcane

ASKER
aadih, already did so. nothing found. Offline with comodo and Microsoft Offline defender.
Ran several rootkit removers including TDSSKiller. no joy.
stevenjcane

ASKER
OK, seems as though the bad download has been stopped/removed.
Now the only thing bad is that I can no longer user www.google.com with IE. goes directly to popup as in first screen shot.
Can user bing or other sites, just not google. What and where could create this behavior?
Host file is blank.
aadih

[Does the same thing happen from safe mode with networking?]

What addons have you installed? Toolbars?  Disable them all.

Scan with AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/ >
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
stevenjcane

ASKER
ADW shows nothing, no toolbars no addons.
stevenjcane

ASKER
OK safe mode is working correctly. Any Ideas?
aadih

Certainly some program or service is the cause.

You may try selective startup to diagnose.

http://windows.microsoft.com/en-us/windows/run-selective-startup-system-configuration#1TC=windows-7 >

or using msconfig.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
stevenjcane

ASKER
aadih-
OK good Idea. Am tinkering now.
ASKER CERTIFIED SOLUTION
stevenjcane

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
aadih

Great. You solved the problem. :-)
stevenjcane

ASKER
Was not a virus as such, bad router, after elimination of everything else, replacing router cleared everything up.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy