Results 1 to 9 of 9
  1. #1
    Star Lounger
    Join Date
    Nov 2009
    Posts
    64
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Earlier today a new PDF icon appeared on my desktop.
    Hovering brought up the following:

    Nine Free Programs Ebook-2E
    Type: Adobe Acrobat Reader
    Date Modified: 26/11/2009
    Size: 2.45 MB

    I have no idea how the icon got there but I had recently
    updated my Adobe reader, and may have clicked on it
    and downloaded what I thought was a further update.
    I don't remember.

    Only afterwards did I read the warning on Woody's website
    <askwoody.com> about the 0Day attack - Adobe Reader.

    If this icon represents that threat, how do I get rid of it, as well as
    get rid of whatever I may have downloaded?

    Has anyone else had a run-in with this?

    Addendum: I just noticed that my AVG email protection is marked
    NOT ACTIVE and I can't seem to download an update.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Usually, a new attack vector is used to install well known malware, so your usual anti-malware scans are the first step.

    == Edit ==

    If AVG is not working, try using the online HouseCall scanner (use IE if possible):

    http://housecall.trendmicro.com/

    Also grab: Malwarebytes Anti-malware.

  3. #3
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Are you sure you didn't download that one from Windows Secrets? I'm sure several people have a similar file from around that date.

    But of course, do scan everything you download and use.

  4. #4
    Star Lounger
    Join Date
    Nov 2009
    Posts
    64
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jscher2000 View Post
    Usually, a new attack vector is used to install well known malware, so your usual anti-malware scans are the first step.

    == Edit ==

    If AVG is not working, try using the online HouseCall scanner (use IE if possible):

    http://housecall.trendmicro.com/

    Also grab: Malwarebytes Anti-malware.
    Thank you, jscher2000. I was assuming it was something new but rereading Woody's
    warning, I see it's been around before.

    AVG was working, but for some reason the email component had disappeared -- which
    I finally managed to get back. A total drive AVG scan found nothing.

    I'm not familiar with the online HouseCall scanner. Does that mean that they do
    the scan on your computer directly from their site?

    I'll also look into malwarebytes. Is it a separate AV program or can it run in
    concert with AVG?

    Thanks again for your input.

  5. #5
    Star Lounger
    Join Date
    Nov 2009
    Posts
    64
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Argus View Post
    Are you sure you didn't download that one from Windows Secrets?
    I'm sure several people have a similar file from around that date.

    But of course, do scan everything you download and use.
    Good question. I recall Windows Secrets offering something or other
    but I'm almost certain I didn't download anything because I was strapped
    for time and there were 3 or 4 other unread Windows Secrets issues, only
    one of which I looked at. They are still unread. I'll check the one
    I did look at.

    === UPDATE: You have a good memory for dates. I checked the 26 November
    issue of Windows Secrets -- the same date on the PDF icon on my desktop --
    and the download offer was for excerpts from a book on Windows-7. I'm
    XP so I certainly didn't download it. ===

    There's another anomaly. On the net yesterday, almost every site I went to
    had a pop-up that said something like:

    This website would like you to download Adobe flash reader.

    ===EDIT=== That should be: "Adobe Flash Player Installer"

    I would say that this happened at least 10 times. Even more unusual since I have
    all pop-ups blocked.

    I'm still confused. Exactly what is the 0day attack anyway?

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by bobthebear View Post
    I'm not familiar with the online HouseCall scanner. Does that mean that they do the scan on your computer directly from their site?
    The site uses an ActiveX control (IE) or Java applet (other browsers), so you don't need to pre-install any software. However, your hard drive is not uploaded to the site.

    Quote Originally Posted by bobthebear View Post
    I'll also look into malwarebytes. Is it a separate AV program or can it run in
    concert with AVG?
    It is an on-demand scanner, so it does not conflict with real-time scanners.

  7. #7
    Star Lounger
    Join Date
    Nov 2009
    Posts
    64
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by jscher2000 View Post
    The site uses an ActiveX control (IE) or Java applet (other browsers), so you don't need to pre-install any software. However, your hard drive is not uploaded to the site.


    It is an on-demand scanner, so it does not conflict with real-time scanners.
    I'll check both of these out. Thanks for the info.

  8. #8
    5 Star Lounger PaulB's Avatar
    Join Date
    May 2002
    Location
    Ottawa, Ontario
    Posts
    765
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by bobthebear View Post
    Earlier today a new PDF... snip
    As Argus pointed out, this is in all probability a download from the Windows Secrets site. Here is a graphic from Windows Secrets from that time period:

    [attachment=87383:Capture.PNG]
    Regards,
    PaulB

  9. #9
    Star Lounger
    Join Date
    Nov 2009
    Posts
    64
    Thanks
    22
    Thanked 0 Times in 0 Posts
    Thanks, Paul, for putting it so graphically, and bad on me for not paying more attention
    to my very own post -- which does exactly quote the image.

    Mystery solved. At least the mystery of what it is. The mystery
    of how it got there is still up in the air, because I very rarely download anything without
    checking it out first. However, one can never negate the factor of a little
    early holiday cheer.

    Apologies to Argus, who got it right the first time round, and holiday cheers to all.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •