Problem downloading from Adobe website

Discussion in 'ESET Smart Security' started by 39steps, Aug 14, 2009.

Thread Status:
Not open for further replies.
  1. 39steps

    39steps Guest

    Hi everyone:

    I was downloading Adobe Flash Player from the Adobe website. I got a warning from ESET and the connection was stopped. I copy below details from my log files.

    -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab probably a variant of Win32/Genetik trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

    -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab » CAB » getPlusPlus_Adobe.exe probably a variant of Win32/Genetik trojan

    When I scanned with ESET, I was advised of the following infiltration, which I subsequently cleaned.:

    C:\Documents and Settings\xxxxxxxxx\Local Settings\Temporary Internet Files\Content.IE5\YTO7K173\gp[1].cab » CAB » getPlusPlus_Adobe.exe - probably a variant of Win32/Genetik Trojan

    Could this be a false positive? If not, do I need to take any further action? I still need to download Flash Player.

    Thanks in advance.
     
    Last edited by a moderator: Aug 14, 2009
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
  3. 39steps

    39steps Guest

    I tried again, entered the adobe.com website (the genuine one again) and clicked on get Adobe Flash Player. ESET terminated the connection and the log files show the same warnings as before. Scanning showed up the same intrusion.

    Regards
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    I'm not seeing any warning at all on the get adobe link.
     
  5. 39steps

    39steps Guest

    ronjor

    I've just clicked on your get.adobe link above. A red ESET warning pops up as soon as you click on the yellow "Agree and install now" button on that page.

    Regards
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET's virus lab has been notified. Thank you for the report.

    Regards,

    Aryeh Goretsky
     
  7. 39steps

    39steps Guest

    agoretsky

    What should I now do? I deleted, after each scan, the temporary internet file that was flagged but I see there are related items in quarantine, as shown in my logs above.

    Also, I want to download Flash Player.

    Thanks.
     
  8. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    As soon as I hear back from the virus lab I will let you know. I understand it is frustrating to wait, but please be patient; depending upon the complexity of the object it can take some time for analysis to be completed.

    Regards,

    Aryeh Goretsky

     
  9. Nineball

    Nineball Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    3
    You are losing sales with that attitude Aryeh.

    I've had NOD32 on one system since 2004. I have Smart Security on another.

    Today, I decided to install a trial of NOD32 on my notebook which I use as a jukebox player. However, I will not purchase NOD32 - from the ESET site: "We are experiencing a delay in sending licenses from online orders, please be patient and note that your license will be sent as soon as services are restored."

    Now I have three systems that think Adobe's Flash Player and Reader downloads are Trojans. However, ESET wants me to 1) be patient while you complete your analysis of the false positives and 2) be patient while you figure out how send licenses to those who order your products.

    I will install a competitor's product on my notebook. Please be patient Aryeh as I will reevaluate my AV needs in a few years.
     
  10. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The virus lab is working on the false positive issue. Even though the file is not especially large, solving these types of issues often requires some fairly intricate assembly language dissection which takes time to perform and then to verify the results, as they do not want to introduce any further issues, such as false negatives (missed detections).

    The North American office's e-commerce system is performing scheduled maintenance right now and will be back up in a few hours. This was scheduled for Friday evening because most purchases typically occur during business hours. Maintenance is performed periodically, and sometimes it requires systems be brought offline. If you have an existing license purchased in North America, you can use the form at http://www.eset.com/support/lost_license.php to re-send your credentials.

    Regards,

    Aryeh Goretsky





     
  11. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I just spoken with the head of ESET's virus lab.

    The false positive report has been fixed and be downloaded by the software with the next update of the virus signature database.

    Apparently, the issue was due in part to unusual runtime packing with the file.

    Regards,

    Aryeh Goretsky
     
  12. Nineball

    Nineball Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    3
    Good timing Aryeh!

    I just popped in to Wilders before ordering a competing AV product. I may yet order another copy of NOD32 for my notebook.
    Thank you for the updates.
     
  13. 39steps

    39steps Guest

    Aryeh

    Thanks for the update.

    Shall I now just delete the relevant quarantined objects? Do I have to turn off/ on system restore afterwards (I once read that deleting quarantined files get saved by Windows?)

    Regards
     
  14. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    You should be able to delete the quarantined objects and then download the Adobe software after you have received the next virus signature database update.

    There should be no need to make any changes to the System Restore settngs in the operating system.

    Regards,

    Aryeh Goretsky
     
  15. 39steps

    39steps Guest

    Aryeh

    I've just downloaded the latest virus signature database (4337) but immediately afterwards an ESET window popped up requesting submission of suspicious files iro getPlusPlus_Adobe.exe.

    Do I now wait for it to be cleared?

    Regards
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The files is stored in the ThreatSense.Net cache. Deselect the file in the prompt window and click Submit so that you won't be prompted again.
     
  17. 39steps

    39steps Guest

    Marcos

    I'd like to thank you and your fellow Moderators for all your help with this.

    Regards
     
Thread Status:
Not open for further replies.