Jump to content

MB Quarantines Acrobat.exe


tzetter
 Share

Recommended Posts

Auto Protect is detecting Acrobat.exe at launch and quarantining it as Tronjan.downloader.BD. This BREAKING pc's ALL OVER our company (AGAIN!).

 

Log file:

 

2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting protection
2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Protection started successfully
2013/11/01 06:10:00 -0400 BEDROOM (null) MESSAGE Starting IP protection
2013/11/01 06:10:04 -0400 BEDROOM (null) MESSAGE IP Protection started successfully
2013/11/01 06:47:06 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.10.31.08 to version v2013.11.01.02
2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 06:47:12 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 06:47:22 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 06:47:25 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 07:56:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 07:56:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 09:11:37 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.01.02 to version v2013.11.01.03
2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 09:11:42 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 09:11:43 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 09:11:51 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 09:11:53 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 10:04:53 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 10:04:54 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 10:57:09 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 10:57:10 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 11:45:38 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 11:45:43 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.01.03 to version v2013.11.01.04
2013/11/01 11:45:44 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 11:45:46 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 11:45:49 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 13:01:43 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 13:01:44 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 14:13:17 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.01.04 to version v2013.11.01.05
2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 14:13:23 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 14:13:32 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 14:13:34 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 15:13:00 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 15:13:01 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 16:09:22 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.01.05 to version v2013.11.01.06
2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 16:09:28 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 16:09:37 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 16:09:40 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 17:09:31 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Scheduled update executed successfully:  database updated from version v2013.11.01.06 to version v2013.11.01.07
2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Starting database refresh
2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE Stopping IP protection
2013/11/01 17:09:37 -0400 BEDROOM Travis MESSAGE IP Protection stopped successfully
2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Database refreshed successfully
2013/11/01 17:09:40 -0400 BEDROOM Travis MESSAGE Starting IP protection
2013/11/01 17:09:42 -0400 BEDROOM Travis MESSAGE IP Protection started successfully
2013/11/01 17:52:21 -0400 BEDROOM Travis MESSAGE Executing scheduled update:  Hourly | Silent
2013/11/01 17:52:22 -0400 BEDROOM Travis MESSAGE Database already up-to-date
2013/11/01 18:06:22 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE
2013/11/01 18:08:18 -0400 BEDROOM Travis DETECTION C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe Trojan.Downloader.BD QUARANTINE
 

Acrobat.zip

Link to post
Share on other sites

got the same issue; with software is installed from the package downloaded directly from adobe!

 

Files Detected: 2

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe (Trojan.Downloader.BD)

C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\Exch_Acrobat.exe (Trojan.Downloader.BD)
Link to post
Share on other sites

Hi, nauliv:

 

This was already fixed yesterday. :)

 

I am just a forum volunteer.

So, please feel free to wait for Nosirrah, MysteryFCM or one of the other staff to assist you, if you wish...

 

Otherwise, this ought to work:

Please restore the file from the quarantine, and then check for rule updates and it should no longer be detected.

Video tutorial here:

How to restore items from Quarantine

 

HTH,

 

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.