How do I remove Adobe Reader X 10.1.1 Update Virus?

Older Windows XP Pro SP2/Windows 6 hard drive infected with Adobe Reader X 10.1.1. Used Spybot S&D scan and looked gone, only to find again on re-boot. Scanned w/,ThreatFire, ClamWin, McAfee free versions to no avail. Using TF and Avira w/ Sygate Firewall free real time versions but acquired anyway. Please suggest a known program for removal, as well as better protection. Realize Adobe Security Bulletins recommended downloading Adobe Reader 10.1.2 and another for 9 versions for older computers, but that is now a Monday Morning quarterback issue for me. Thanx and much obliged for responses of known, real solutions. I’ll be watching here.


  1. tintin98

    If you acquire this Adobe Reader X 10.1.1 Update from a fake email messages that masquerade as legitimate sofwtare upgrade from Adobe then I am 100 percent sure that it was part of the Braviax family of Trojans.

    Make sure that database is update and you run the scan in safe mode of Windows. My second recommended anti-malware (based on my experience) is Superantispyware. It may catch other threats not detected earlier.

    Lastly, run TDSSKiller or Norton Power Eraser to eliminate rootkit Trojan that is associated with Braviax.

  2. Susanoz

    Thank you tintin98… I acquired it as an adobe red icon appearing on my task bar, simulating an automatic update. Have learned it is referenced on the internet as w32.fakeupver.trojan in Softpedia and other tech forums (posted below). Still no one has a recommend fix–Adobe Security Bulletins recommend AR X 10.1.2 download but don’t know if that will overite/fix? No instructions on internet for virus name. One posted stated Malwarebytes tried/failed.

    Security researchers from Vietnamese security vendor Bach Khoa Internetwork Security (BKIS) have identified a computer trojan, which copies itself over the update components of popular software. So far, Adobe Reader and Java Runtime have been targeted.

    The malware, which Bkis has named the W32.Fakeupver.trojan, is written in Visual Basic and uses the technique to fool even experienced users. Malicious Trojans that employ file names similar or identical to known components in order to hide their process and startup routine are not new.

    However, this trojan also imitates the icons and versions of the targeted programs. For example, checking the version information on the fake AdobeUpdater.exe file will show the developer as being Adobe Systems Incorporated and a “Copyright (c) 2002 – 2010 by Adobe Systems Inc” notice will also be displayed.

    Version information of fake AdobeUpdater.exe
    Enlarge picture
    Furthermore, the researchers point out that the malicious executable is overwriting the original file, thus breaking legit functionality and making it harder to detect. “Ordinary users, sometimes even virus researchers themselves, are easily ‘fooled’ and skip such malware without raising an eyebrow,” said Nguyen Minh Duc, senior security researcher and security director at BKIS.

    The trojan creates a registry entry called Adobe Update Manager under HKLM\Software\Microsoft\Windows\CurrentVersion\Run pointing to where the legit AdobeUpdater.exe should normally reside. Otherwise, a file named AdobeUpdater.exe appearing in a process or startup listings with a different path would look very suspicious.

    After infecting a computer, the trojan starts several services if they are not already running, including DHCP client, DNS client and network share. It also opens a special port in order to listen for commands from the hackers.

    Adobe is not the only company whose products are targeted by this threat. The update component from Oracle’s newly acquired Java Runtime Environment is also masqueraded and deleted. BKIS has seen a variant of this trojan using the “C:\Program Files\Java\jre6\bin\jucheck.exe” path and file name.”


  3. sherell

    Did you ever find the fix?

  4. Justin

    I simply open the task manager, look for AdobeARM.exe, (that will do 300,000kb + of memory usage if you don’t stop it or has been operating for some time) and terminate the process. This isn’t a REAL solution, but for now, it helps, because if you don’t do this, the virus will consume so much space that it will make your computer hang.

  5. cjchr

    Ever notice that it uses a small star instead of the adobe symbol? I’ve been trying to get rid of it for weeks. Still working on it. If you remove Adobe altogether, it tells you to update auslogics, or irfanview, or some other program. It also likes to hide files, and/or move them around. I thought it would help to install Comodo–and now it has tricked Comodo into doing some of its dirty work.

    No answers, yet.

    Nice to know it’s really out there and not just in my head!

  6. Bru

    I read about a wonderful program a while back in a forum that a couple of Geeks recommended Its called WinPatrol. You can Google it. It sits in your system tray and monitors what your computer is up to. Every time Flash or Adobe wants to do an update without my knowing about it, it pops up a window and asks me if I’d like the update to go through.

    If you have run-away updates occurring on your computer take a look at this small very useful program. There’s a free and paid version. I went with the pay version since I was so impressed. Your choice though.

Comments are closed.