Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AcroRd32.exe? Virus or just really laggy annoying program?


  • Please log in to reply
1 reply to this topic

#1 FuturePerfect

FuturePerfect

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:36 PM

Posted 28 February 2010 - 06:06 PM

After cleaning out my computer somewhat, I told my mom about a malware program I had. She said she had been having a problem with her computer as well, but doesn't know exactly when it started. Everything seemed fine but after a few minutes the computer almost froze completely. When I finally got task manager up I saw a program running, AcroRd32.exe, and it was using a lot of memory.

I always understood AcroRd32.exe to be acrobat reader, but never had that kind of problem before. When I closed it her computer was fine, but it eventually came up again. I read that it could be a virus if it's in the Windows or System32 folder, but I can't seem to find it. I ran a virus scan and nothing came up. How can I find out if this is a virus?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,886 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 01 March 2010 - 09:37 AM

Most of the processes in Task Manager will be legitimate as shown in these links.Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program (AcroRD32.exe: Added by the Troj/Dloadr-BDK Trojan) or service so that it can run automatically each time the computer is booted. Keep in mind that a legitmate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users