Jump to content
Rbuck117

Adobe ace.dll Backdoor.Remcos

Recommended Posts

Same problem here.

The funny thing is, I had already some pdf opened in acrobat DC and I could read them all.

Tried to open a new file and ACE.dll file got quarantined

Share this post


Link to post
Share on other sites

Copped the same notification just now. Nothing to worry about I guess, just a false positive. I'm sure Adobe already knows about the problem and are rectifying it as we speak. I guess you can exclude the file in malware bytes for the mean time if you really need to view some pdf's

Share this post


Link to post
Share on other sites
Just now, askanioff said:

Same problem here.

The funny thing is, I had already some pdf opened in acrobat DC and I could read them all.

Tried to open a new file and ACE.dll file got quarantined

That's because MBAM's AV definitions will only be picking up the suspected malware string at runtime.

Share this post


Link to post
Share on other sites
Just now, Dunco171 said:

Geez! a great way to boost your forum membership ....  we're all newbies here by the looks 😂

HAHAHA!!! Truth. I literally just joined to comment on my findings on this.

Share this post


Link to post
Share on other sites
1 minute ago, RedHatAugust said:

HAHAHA!!! Truth. I literally just joined to comment on my findings on this.

Same Here Red!!. Thanks for the input everyone... I guess we just wait now and cross our collective fingers.

Share this post


Link to post
Share on other sites
1 minute ago, Dunco171 said:

Geez! a great way to boost your forum membership ....  we're all newbies here by the looks 😂

yeah... I had to make a account to let others know. I bet people are shook after seeing a malware bytes notification malware has been found.

Share this post


Link to post
Share on other sites

Same problem here, very frustrating!

As I'm 99.9% certain the trouble is with MBAM and not Adobe Reader, I have added the entire Adobe Reader DC folder to exclusions until this issue is fixed.

Share this post


Link to post
Share on other sites

For those who need immediate access to PDF files, I just tested Foxit PDF Reader (free version) and it doesn't trigger the quarantine. 

Share this post


Link to post
Share on other sites

No need to change your product. We will have a fix out very shortly. You should be able to restore the file from quarantine if you did quarantine it once the update is ready and been applied.

Please be patient

 

 

Share this post


Link to post
Share on other sites

WTF!!?? All of a sudden -- beginning about 9:30pm PDT -- Adobe Acrobat DC stopped working.  Malwarebytes identified "backdoor.remcos" in the ProgramFiles (x86)/Adobe/AcrobatDC folder.  This gets quarantined everytime I tried to print a document.  Using Creative Cloud, I uninstalled the program, deleted the directories/folders, and reinstalled Acrobat.  The program fails to launch with and error message "Acrobat failed to load its core .dll".  

This is obviously a systemic attack at Adobe, since it is here being reported as a widespread phenomenon.  Without the ability to use Acrobat, I'm f****d.

Share this post


Link to post
Share on other sites

I disabled real-time malware protection. Didn't need to uninstall/reinstall adobe acrobat - everything works ok.

I'm just working on some documents locally so no risk of external malware. Pretty big stuff up from Malwarebytes - some users will be stuck without adobe reader until this is fixed and think they have an infection.

Share this post


Link to post
Share on other sites

I'm having the same issue. It appears that consensus is that there is no danger in removing this file from quarantine...

Share this post


Link to post
Share on other sites
Quote

No need to change your product. We will have a fix out very shortly. You should be able to restore the file from quarantine if you did quarantine it once the update is ready and been applied.

Please be patient

Completely understood, I just wanted to give folks an alternative in the meantime for those with edge cases (e.g. my wife's working on her dissertation, so the temporary jump to an alt reader was necessary). 

Share this post


Link to post
Share on other sites
9 minutes ago, AdvancedSetup said:

Hello everyone

Yes, this is a false positive. We're currently working on pushing out an update to correct the issue.

 Thank you

 

Thanks for the confirmation Malwarebytes! 

Share this post


Link to post
Share on other sites
4 minutes ago, MaxHerr said:

WTF!!?? All of a sudden -- beginning about 9:30pm PDT -- Adobe Acrobat DC stopped working.  Malwarebytes identified "backdoor.remcos" in the ProgramFiles (x86)/Adobe/AcrobatDC folder.  This gets quarantined everytime I tried to print a document.  Using Creative Cloud, I uninstalled the program, deleted the directories/folders, and reinstalled Acrobat.  The program fails to launch with and error message "Acrobat failed to load its core .dll".  

This is obviously a systemic attack at Adobe, since it is here being reported as a widespread phenomenon.  Without the ability to use Acrobat, I'm f****d.

Add the ACE.dll file to your exclusions list until MalwareBytes puts out a patch. It'll start working again after that.

Share this post


Link to post
Share on other sites

Yes, if you're in a hurry you can exclude that file in Malwarebytes, then restore if from quarantine. Once the update is out you can then remove the exclusion

I would not recommend disabling real-time protection

 

Share this post


Link to post
Share on other sites

ACE.dll does not exist on my computer.  Apparently it is being blocked during the Creative Cloud install.

 

Share this post


Link to post
Share on other sites

Yes and deleted it along with other files PUPs.... then Adobe could not open.  Did an uninstall & reinstall and there was that Nasty file again (according to MalwareBytes,  so added an exception:  C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader   Program now works. 

Share this post


Link to post
Share on other sites
3 minutes ago, AdvancedSetup said:

You can exclude the entire folder for Adobe. Then reinstall and it should work just fine. The update should be out within the next 30 minutes or less

 

That is helpful information. Thanks very much!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.