How do I remove Adobe Reader X 10.1.1 Update Virus?
Susan
Older Windows XP Pro SP2/Windows 6 hard drive infected with Adobe Reader X 10.1.1. Used Spybot S&D scan and looked gone, only to find again on re-boot. Scanned w/,ThreatFire, ClamWin, McAfee free versions to no avail. Using TF and Avira w/ Sygate Firewall free real time versions but acquired anyway. Please suggest a known program for removal, as well as better protection. Realize Adobe Security Bulletins recommended downloading Adobe Reader 10.1.2 and another for 9 versions for older computers, but that is now a Monday Morning quarterback issue for me. Thanx and much obliged for responses of known, real solutions. I’ll be watching here.
tintin98
Jan 20, 2012 @ 16:21:33
If you acquire this Adobe Reader X 10.1.1 Update from a fake email messages that masquerade as legitimate sofwtare upgrade from Adobe then I am 100 percent sure that it was part of the Braviax family of Trojans.
http://www.precisesecurity.com/tools-resources/adware-tools/malwarebytes-anti-malware
Make sure that database is update and you run the scan in safe mode of Windows. My second recommended anti-malware (based on my experience) is Superantispyware. It may catch other threats not detected earlier.
Lastly, run TDSSKiller or Norton Power Eraser to eliminate rootkit Trojan that is associated with Braviax.
Susanoz
Jan 20, 2012 @ 23:38:37
Thank you tintin98… I acquired it as an adobe red icon appearing on my task bar, simulating an automatic update. Have learned it is referenced on the internet as w32.fakeupver.trojan in Softpedia and other tech forums (posted below). Still no one has a recommend fix–Adobe Security Bulletins recommend AR X 10.1.2 download but don’t know if that will overite/fix? No instructions on internet for virus name. One posted stated Malwarebytes tried/failed.
Security researchers from Vietnamese security vendor Bach Khoa Internetwork Security (BKIS) have identified a computer trojan, which copies itself over the update components of popular software. So far, Adobe Reader and Java Runtime have been targeted.
The malware, which Bkis has named the W32.Fakeupver.trojan, is written in Visual Basic and uses the technique to fool even experienced users. Malicious Trojans that employ file names similar or identical to known components in order to hide their process and startup routine are not new.
However, this trojan also imitates the icons and versions of the targeted programs. For example, checking the version information on the fake AdobeUpdater.exe file will show the developer as being Adobe Systems Incorporated and a “Copyright (c) 2002 – 2010 by Adobe Systems Inc” notice will also be displayed.
Version information of fake AdobeUpdater.exe
Enlarge picture
Furthermore, the researchers point out that the malicious executable is overwriting the original file, thus breaking legit functionality and making it harder to detect. “Ordinary users, sometimes even virus researchers themselves, are easily ‘fooled’ and skip such malware without raising an eyebrow,” said Nguyen Minh Duc, senior security researcher and security director at BKIS.
SOFTPEDIA.COM – “TROJAN MASQUERADES AS ADOBE READER UPDATER
The trojan creates a registry entry called Adobe Update Manager under HKLM\Software\Microsoft\Windows\CurrentVersion\Run pointing to where the legit AdobeUpdater.exe should normally reside. Otherwise, a file named AdobeUpdater.exe appearing in a process or startup listings with a different path would look very suspicious.
After infecting a computer, the trojan starts several services if they are not already running, including DHCP client, DNS client and network share. It also opens a special port in order to listen for commands from the hackers.
Adobe is not the only company whose products are targeted by this threat. The update component from Oracle’s newly acquired Java Runtime Environment is also masqueraded and deleted. BKIS has seen a variant of this trojan using the “C:\Program Files\Java\jre6\bin\jucheck.exe” path and file name.”
ANYONE BEEN SUCCESSFUL IN REMOVING THIS SOPHISTICATED FAKE, PLEASE POST KNOWN FIX ASAP AND THANKS!!! I’M SURE I CAN’T BE THE ONLY ONE WITH THIS NIGHTMARE GOING ON.
sherell
May 02, 2012 @ 19:10:55
Did you ever find the fix?
Justin
Jul 29, 2012 @ 15:57:25
I simply open the task manager, look for AdobeARM.exe, (that will do 300,000kb + of memory usage if you don’t stop it or has been operating for some time) and terminate the process. This isn’t a REAL solution, but for now, it helps, because if you don’t do this, the virus will consume so much space that it will make your computer hang.
Adobe Reader X 10.1.1 Update Virus Remover
For quick removal of Adobe Reader X 10.1.1 Update Virus, we highly recommend scanning the computer with anti-malware tool. This program is created to delete threats including Trojan, Malware, Adware, and Viruses. It can also stop unwanted pop-up advertisements and browser redirects from the computer. To scan PC with this anti-malware program, please follow this guide.
1. Click on the Download button to access the location of the removal tool. Save the file on your hard drive or any accessible spot on your computer.
2. Once the download is complete, execute the file and install with default settings. You don’t have to change anything on the installation process.
3. Update the tool once installation is finish. Normally, updating is an automated process when the program detects that your computer is connected to the Internet.
4. Open the tool and click on Scan to start detecting and removing any files and components of Adobe Reader X 10.1.1 Update Virus.