Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Acrobat 10 Root Kit?


  • Please log in to reply
3 replies to this topic

#1 oliver sweeney

oliver sweeney

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 29 April 2011 - 11:45 AM

I recently ran combofix dated the 22 of April 2011 on my pc and it told me I had a root kit and it needed to restart to clean it. Combofix completed after it restarted my PC but the log file it created had no reference to the root kit or any other problems. I ran combofix again and it still complained, but the log files still contained no data. After running multiple programs to check for root kits my computer was still coming up as clean except by combofix so I formated my disks and reloaded a fresh copy of XP SP3 and all drivers, no updates. I then took a check point and installed combofix dated 29 April 2011 and ran it. It said my computer was clean, Happy Days.... I then installed Acrobat reader 10.1 from memory stick and ran combofix again. Now my computer was infected by a root kit again same as before. I uninstalled Acrobat and rolled back to my check point and ran combofix again. All clean. Downloaded Acrobat 10.1 from the official website, installed it and ran combofix again - infected again. I have to ask is this a false positive or is acrobat loaded. I also tried with acrobat 10.0 and got the same results. I have used combofix for a long time and never noticed this behavior before, although I cant say I ever paid attention to the version of Acrobat people were using before. Any thoughts would be appreciated.


regards Ollie.

BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:08:27 PM

Posted 30 April 2011 - 12:11 AM

..I then installed Acrobat reader 10.1 from memory stick...

I don't know Acrobat is "loaded" or not but perhaps your memory stick is.:whistle:

FYI: Security updates available for Adobe Reader and Acrobat

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. These vulnerabilities, including CVE-2011-0611, as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.



#3 oliver sweeney

oliver sweeney
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 04 May 2011 - 11:46 AM

Thanks for the reply but i rulled out the memory stick, reformated that and downloaded acrobat from the adobe ftp site at ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.1/en_US/ and got the same results on a fresh load without any memory sticks being plugged into the machine at all. Beginning to think its a false positive.

regards Ollie

#4 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:08:27 PM

Posted 04 May 2011 - 12:19 PM

Combo Fix Fp issues notwithstanding, I still don't understand why you insist on installing a confirmed vulnerable version (10.0.1) or is it necessary to install 10.0.1 and subsequent versions are Update patches and not full installer versions? Forgive my ignorance, I don't use Reader and haven't for years,
I use PDF XChange Viewer http://www.tracker-software.com/product/downloads?key=ed93cc00e9c27a5effcc1c2f3cf16f89

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems...Adobe recommends users of Adobe Acrobat X (10.0.2) for Windows and Macintosh update to Adobe Acrobat X (10.0.3) http://www.adobe.com/support/security/bulletins/apsb11-08.html


Edited by Union_Thug, 04 May 2011 - 12:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users