Jump to content
Rbuck117

Adobe ace.dll Backdoor.Remcos

Recommended Posts

Hello, the latest update was just published. Please have MBAM update itself and rescan. The false positive should be gone.

Share this post


Link to post
Share on other sites

Glad to know that the folks at Malwarebytes are on top of things like this. Thanks. Am uninstalling and reinstalling after excluding the Acrobat folder.  Will update on this shortly.

Share this post


Link to post
Share on other sites

The fix should be live now. Please open Malwarebytes and click on the update link. Depending on what region you're in though it may still take up to an hour before all update servers around the World get the new file.

Once updated the Adobe ace.dll file should no longer be detected.

Thank you and we apologize for the inconvenience

Ron

 

Share this post


Link to post
Share on other sites
25 minutes ago, Dunco171 said:

Geez! a great way to boost your forum membership ....  we're all newbies here by the looks 😂

yup, newbie tonight! LOL...at least I found a fix-it for the problem.  Was afraid to download a different PDF viewer...though don't care much for Adobe as their support is non existent for photo editing software I have. 

Share this post


Link to post
Share on other sites

Is it safe to  now assume this is a false positive?

Given how many are reporting it. I hadnt downloaded anything tonight. Yesterday's Malwarebytes scan was clean.

I uploaded the Reader\ACE.dll file to VirusTotal.  Malwarebytes was only engine that detected it (so far..)

I get prompted to qurantine this "backdoor.remcos" by Malwarebytes. This happens whenever I try to open a .pdf file . Began about 1 am EDT.

The installed Acrobat reader tries to reinstall Adobe Acrobat Reader, but then is blocked again by Malwarebytes.

Location of the supposed infection is:

Backdoor.Remcos, C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll

If its not safe to remove from Quarantine and make exception for this ACE.dll file, how would I go about downloading and installing a fresh copy of Acrobat reader?

I'd hate to have to do all this if this is really a false alarm!

So will someone kindly advise me?

Eliuri

Windows 10 Version 1809

Malwarebytes Premium 3.7.1

=======================================

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/15/19
Protection Event Time: 1:53 AM
Log File: efecad6a-8f31-11e9-a462-782bcb979dbc.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11060
License: Premium

-System Information-
OS: Windows 10 (Build 17763.557)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Backdoor.Remcos, C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll, No Action By User, [3811], [696603],1.0.11060


(end)

Share this post


Link to post
Share on other sites

OK, so the problem originated within Malwarebytes, not Adobe software.  This begs the question, "Was this due to Malwarebytes being hacked?"

If yes, what is the future reliability of Malwarebytes . . . my trusted safety net for the past 8-10 years (or longer . . . I don't remember when I first started using it).

If no, then what caused the problem?

.

Share this post


Link to post
Share on other sites

 

22 minutes ago, MaxHerr said:

WTF!!?? All of a sudden -- beginning about 9:30pm PDT -- Adobe Acrobat DC stopped working.  Malwarebytes identified "backdoor.remcos" in the ProgramFiles (x86)/Adobe/AcrobatDC folder.  This gets quarantined everytime I tried to print a document.  Using Creative Cloud, I uninstalled the program, deleted the directories/folders, and reinstalled Acrobat.  The program fails to launch with and error message "Acrobat failed to load its core .dll".  

This is obviously a systemic attack at Adobe, since it is here being reported as a widespread phenomenon.  Without the ability to use Acrobat, I'm f****d.

I'm in your same situation.

You could also open pdf files from firefox extension. Drag and drop the files into your browser and they will open.

 

Share this post


Link to post
Share on other sites

Well . . . excluding the Acrobat folder has resolved the problem.  Will wait about 24 hours to remove it from the excluded list.

Share this post


Link to post
Share on other sites
1 minute ago, MaxHerr said:

OK, so the problem originated within Malwarebytes, not Adobe software.  This begs the question, "Was this due to Malwarebytes being hacked?"

If yes, what is the future reliability of Malwarebytes . . . my trusted safety net for the past 8-10 years (or longer . . . I don't remember when I first started using it).

If no, then what caused the problem?

.

No there was no hack. False Positive happen with all security software. I've been doing this almost 30 years and even back in those early days they too had false positive detections.

Thank you again.

 

Share this post


Link to post
Share on other sites
3 minutes ago, AdvancedSetup said:

No there was no hack. False Positive happen with all security software. I've been doing this almost 30 years and even back in those early days they too had false positive detections.

Thank you again.

 

I suppose anything is possible.  This is the first time I've ever experienced this with Malwarebytes.  I have never experienced it with ESET NOD32 in over 10 years.

Share this post


Link to post
Share on other sites

I can assure you that ESET has had many many FP in 10 years as we've had to deal with their issues too. But again, nothing wrong, the program is safe.

Ron

 

Share this post


Link to post
Share on other sites
49 minutes ago, AdvancedSetup said:

The fix should be live now. Please open Malwarebytes and click on the update link. Depending on what region you're in though it may still take up to an hour before all update servers around the World get the new file.

Once updated the Adobe ace.dll file should no longer be detected.

Thank you and we apologize for the inconvenience

Ron

 

Thank you

Share this post


Link to post
Share on other sites

Try Restoring the ACE.dll

Exit (Quit) Malwarebytes

Open Acrobat

Reopen Malwarebytes

After I reopened Malwarebytes it no longer quarantined ACE.dll

 

Share this post


Link to post
Share on other sites

Awesome fast turn Malwarebytes, I've removed ACE.dll from exclusion list and all is very well. Thanks.

And thanks to last night's contributors, eliminating my panic with guidance to add ACE.dll to exclusion list. Cheers!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.