Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does Windows update adobe itself?


  • Please log in to reply
28 replies to this topic

#1 aworrier

aworrier

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 19 September 2015 - 10:13 PM

I noticed new versions of Adobe Flash player 18 Active X and NPAPI were installed on 8/15/15, the same time my update history shows security updates. Searching around it seems these versions were released by Adobe as security updates indeed. Although, I don't remember ever downloading Adobe myself. Does Windows do Adobe updating itself?


Edited by hamluis, 21 September 2015 - 09:58 AM.
Moved from Win 7 to Web Browsing/Email - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 19 September 2015 - 10:22 PM

Hi aworrier :)

Starting in Windows 8, Adobe Flash Player updates for Internet Explorer are released throught Windows Updates. This isn't the case for Windows prior to Windows 8. Adobe have a background updater service for its programs, which most likely silently updated the program without you noticing it. It's also possible that you installed another program that required Adobe Flash Player and it installed it.

What web browsers are you using?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 19 September 2015 - 10:26 PM

Hi Aura!

 

The computer has Chrome, IE, and Firefox. I checked the IE addons, and the ActiveX was updated 8/15/15, just like it shows in the control panel. I haven't used this computer much lately, just turn it on and off every so often for updates. Maybe IE came with Adobe?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 19 September 2015 - 11:02 PM

I really doubt that Internet Explorer came with Adobe on Windows 7. Can you give me the KB numbers of the updates that were installed on the 8/15/15?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 19 September 2015 - 11:15 PM

Name:                   Shockwave Flash Object
Publisher:              Adobe Systems Incorporated
Type:                   ActiveX Control
Architecture:           32-bit and 64-bit
Version:                18.0.0.232
File date:              ‎Saturday, ‎August ‎15, ‎2015, ‏‎5:05 PM
Date last accessed:     ‎Tuesday, ‎November ‎26, ‎2013, ‏‎12:17 PM
Class ID:               {D27CDB6E-AE6D-11CF-96B8-444553540000}
Use count:              112
Block count:            0
File:                   Flash64_18_0_0_232.ocx
Folder:                 C:\Windows\System32\Macromed\Flash
 
I'll post these details I found first. The time of the file (5:05 PM) is about 6 hours earlier than the time of all the Windows updates. The Macromed folder is from 1/15/2013. The flash player programs of interest show a good rating on Norton's file insight. Does this give you any clue as to their origin?
 
Should I still post the kb numbers?
 
Thanks again!
 
PS. On a side note, ESET online scanner corrupted Winzip on my computer some time ago. I can't uninstall the rest of it. Any tips or could someone manually remove it from the registry with FRST and such?

Edited by aworrier, 19 September 2015 - 11:18 PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 20 September 2015 - 10:02 AM

Where did you get that information? Where did you copy/paste it from, from the Windows Update panel?

You could always reinstall WinZip, and then uninstall it after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 20 September 2015 - 03:26 PM

I went from control panel>internet option>manage browser addons>(internet properties interface opens)>manage add-ons>in toolbars and extensions, there's shockwave flash object > right-clicked it for "more information" and copied the info from there (there's a copy option).

 

I'll do that for Winzip, thanks!

 

Edit: The winzip thing didn't work, it just installed a different version of the program, and oddly restarted my cpu during the install.


Edited by aworrier, 20 September 2015 - 03:34 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 20 September 2015 - 03:37 PM

Does the old version still shows in the Control Panel when you go to uninstall a program?

I still think that Flash Player updated itself silently in the background. If you have the service running and automatic updates enabled for it, this will happen.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 20 September 2015 - 03:40 PM

Yes, Winzip 17 (I think that's the name), is still there. I get a message stating the .msi can't be found, and I'm pretty sure ESET did the damage. By the way, is the restart when DLing winzip normal?

 

Maybe flashplayer was installed on the computer. It's 4 years old I think, maybe even older, so I wouldn't be surprised that flash was installed sometime during then, as it's needed for a lot, at least back then. 


Edited by aworrier, 20 September 2015 - 03:40 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 20 September 2015 - 03:45 PM

The restart isn't normal, no.

What you can do, is use the portable version of Revo Uninstaller to uninstall WinZip. Even if it fails, set the search mode to Advanced after and delete every files, folders and Registry entries related to it.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 20 September 2015 - 03:54 PM

I'll try Revo, thanks.

 

Any idea why the restart happened? In my worry, I ran a Norton Power Eraser and it removed this:

psm3mME.png

I googled it and it seems like its from Firefox? Did NPE detect a false positive or should I be worried about malware? The computer's been scanned with MBAM weekly and Norton Security is working full time.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 20 September 2015 - 03:57 PM

Looks like a FP to me. And a restart could have happened for multiple reasons, you might find an answer if you check in the System logs of the Event Viewer for an unexpected shutdown and/or restart.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 20 September 2015 - 04:02 PM

Revo doesn't show winzip on the uninstall list. I've checked advanced mode but I'm not sure where to search for the files?

 

Also, is the portable a program I have to uninstall after, as I don't see it on my program list, I just have its folders.

 

Edit:Here's the error, any translation please?

 

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Edited by aworrier, 20 September 2015 - 04:20 PM.


#14 aworrier

aworrier
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:02:33 PM

Posted 20 September 2015 - 10:15 PM

Looks like installing Winzip did help. Previously, when I tried deleting the winzip files myself, it said the program was in use. After the Winzip new version uninstall, I was able to delete the Winzip folder manually. 

 

Still wondering about the error, but awesome that this got fixed :D .



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:33 PM

Posted 21 September 2015 - 05:19 AM

Revo doesn't show winzip on the uninstall list. I've checked advanced mode but I'm not sure where to search for the files?


I could install WinZip in one of my Virtual Machine and let you know what folders to delete.

Also, is the portable a program I have to uninstall after, as I don't see it on my program list, I just have its folders.


If you used the portable version of Revo, the program isn't installed on your system, all you have to do is to delete the .zip archive you downloaded for it and the extracted folder.

Edit:Here's the error, any translation please?

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Not important, you can ignore it.

Looks like installing Winzip did help. Previously, when I tried deleting the winzip files myself, it said the program was in use. After the Winzip new version uninstall, I was able to delete the Winzip folder manually.


So you deleted every files and folders that belongs to WinZip?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users