qustion about adobe flash player

[elbashabisso]

hello,

i useing Malwarebytes' Anti-Malware it's a good program

since 3 weeks ago i downloaded adobe flash player with opera browser

it was trojan downloader and i was think that opera is not saf

but the same thing happed by safari and then firefox

and i wan't to know if it be not safe.http://www.adobe.com/support/flashplayer/downloads.html

thanks i will wait your answer

[Firefox]

Yes that should be a safe site.... If you have a redirect infection it could explain why you are getting that trojan downloader....

Also you may try getting your flash player download from FileHippo

[mountaintree16]

Flash Player Direct Downloads from Adobe:

Internet Explorer

Other Browsers

Also, sounds like you're infected:

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless it's been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Also, when replying, please use the "ADD REPLY" button located at the bottom of the page, as this makes the forum easier to read.After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Thank you

[elbashabisso]

tanks Firefox & mountaintree16, but

the same problem with filehippo

you can know more with this gif,

i don't nkow the why but it's trojan downloader.

[exile360]

Interesting. How are you getting a detection from Malwarebytes without executing the file? The protection module does not work that way, and will not detect a file unless it has been executed. I also see that you show it present in your scan results. Since you can get MBAM to hit the file with a scan, please refer to this post: Read before reporting a false positive!

and post the info here: False Positives so one of our researchers can take a look at what's causing the detection.

Thanks

[elbashabisso]

thank you exile360 ;

i did what you asked to do from herebut tha same thing happened

i will close the program and download the flash player then i will sent it.

thanks again.

[exile360]

Does this still happen if you don't use a download manager? For example, does it still get detected if you just use Internet Explorer?

[elbashabisso]

after i close the mbam and downloaded the file i scaned it but did not show any error

then i tried again to downlod it but gave the same thing (trojan downloader)

[exile360]

I see, so it's happening only during the download, before the download completes? What other security software do you have installed on your PC (antivirus, firewall etc.)?

[elbashabisso]

Microsoft Security Essentials,onlin armor,ESET Smart Security and i like to tray alot of programs

the proplem was with opera i was think that browser not safe and i was use avira,Microsoft Security Essentials,mbam and onlin armor

then it happened with safari and at end with firfox

it's safe with ie because it is direct setub with out download.

[exile360]

If you use this link with Internet Explorer it is a download (that's the version that installs it for other browsers, the same one you downloaded with Opera and Safari). Please try that and let me know if you still get a detection.

[exile360]

Can you please post a developer's log in a new topic here so that we can take a look and find out what's being detected? Also, what download manager are you using?

[elbashabisso]

If you use this link with Internet Explorer it is a download (that's the version that installs it for other browsers, the same one you downloaded with Opera and Safari). Please try that and let me know if you still get a detection.

i'm useing Internet Download Manager it was from it

I tried downloaded by the browser and flash were downloaded

the error in the download manager it's not safe.

i downloaded it by internet explorer,firefox,opera & safari they all good

the problem that it was just with opera but after that be with safari then firfox

so i wasn't doubt in download manger it was good with others.

and sorry because the alerts do not reach me so late in a reply

thank you too much exile and i want to know what i must to do

[exile360]

OK, thanks . So to be clear, here's what we've figured out:

• This only happens when you download with Internet Download Manager
  
• Downloading with just your internet browser (any browser) results in no detection
  

Is the above correct? If so, then I suspect this is a false positive somehow triggered by Internet Download Manager. I tried Internet Download Manager and used it in Opera to download Flash player the same way you did but I was unable to get a detection from Malwarebytes' Anti-Malware. The download completed and I scanned the file and it showed up as clean. I then executed the file and it installed Flash Player and I got no detection from Malwarebytes.

I would like to replicate this on my own system, but unfortunately I was not able to. It looks like what it happening is that for some reason, Malwarebytes is detecting the file before the download is complete, meaning it isn't actually reading the full file, which could explain why it is being detected. Normally this cannot happen so I suspect it may be the result of the combination of software you're using.

I notice that you mention you have Microsoft Security Essentials installed as well as ESET Smart Security. Since ESET is an antivirus, you should remove Microsoft Security Essentials because running more than one antivirus can cause problems, and could be the reason this is happening. After you've uninstalled MSE, update Malwarebytes' Anti-Malware and try the download with your download manager again and let me know if you still get a detection or not.

Thanks

[elbashabisso]

i will try that you asked and i will be back.

thanks alot

[exile360]

You're welcome, I look forward to hearing back from you.

[elbashabisso]

hello dear exile,

i have know what's happened and where is the problem.

i have uninstalled all security programs then i have installed each one alone and i have tried to download flash player

after i have installed online armor the problem backed to me

the problem with online armor but i don't know what's the error

I will wait for your analysis of the problem.

Regards

[exile360]

Ah, I see, so it is Online Armor causing this. HIPS applications like that can sometimes cause issues, though they do offer powerful protection. Please see if the following helps:

• Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  
• Click on the Add button on the lower left
  
• In the small browse window that opens, navigate to C:\Program Files and click once on Online Armor and click OK Note: This may be Program Files (x86) if you are running a 64 bit version of Windows.
  
• Close Malwarebytes' Anti-Malware
  

[elbashabisso]

it does not work.

i don't know to solve the problem

that means that it should not be installed together or what?

antivirus + antimalware + firewall= Complete protection

i will wait for a solution god willing.

thanks too much.

[exile360]

It's likely that you'll need to contact Online Armor support and explain to them what is happening, hopefully they can help you to get it resolved. Their support forum can be found here.

In the meantime, you should also try adding these files to Online Armor's trusted/excluded applications list in C:\Program Files\Malwarebytes' Anti-Malware Note: This will be C:\Program Files (x86)\Malwarebytes' Anti-Malware on 64 bit Windows versions.:

• mbam.exe
  
• mbamgui.exe
  
• mbamservice.exe
  

You should also have it exclude/trust the following driver in C:\Windows\System32\drivers:

• mbam.sys
  

[elbashabisso]

It's likely that you'll need to contact Online Armor support and explain to them what is happening, hopefully they can help you to get it resolved. Their support forum can be found here.

i already asked the same question there

You should also have it exclude/trust the following driver in C:\Windows\System32\drivers:

• mbam.sys
  

i found it in C:\Windows\System32\drivers

and mbam is already in trusted programs.

[elbashabisso]

sorry dear exile i asked at support.emsisoft

i know that online armor one of their products. isn't it?

if it isn't i can ask at support.online-armor

[exile360]

The only thing left to do is see if there's any other files from Online Armor to be excluded from MBAM. I can find out if you do the following:

Create an Autoruns Log:

• Please download Sysinternals Autoruns from here and save it to your desktop.
  
  • Note: If using Windows Vista or Windows 7 then you also need to do the following:
    
    1. Right-click on Autoruns.exe and select Properties
       
    2. Click on the Compatibility tab
       
    3. Under Privilege Level check the box next to Run this program as an administrator
       
    4. Click on Apply then click OK
       

  [*]Double-click Autoruns.exe to run it.

  [*]Once it starts, please press the Esc key on your keyboard.

  [*]Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures so that it is now checked

  [*]Click on the Options button again and this time uncheck Hide Windows Entries

  [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

  [*]When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

  [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

  [*]Attach the Autoruns.zip folder you just created to your next reply

Thanks

[elbashabisso]

you are welcom but i who thank you

it's fresh windows in the past windows the same thing was happening and i was useing different programs

i love to try programs to know it's advantages and disadvantages and which is compatible or incompatible

i hope to know the cause of the problem

thanks too much

AutoRuns.rar

[exile360]

Please open Malwarebytes' Anti-Malware and click on the Ignore List tab and use the Add button to add the following files and folders to the list assuming they aren't excluded already:

• c:\windows\system32\drivers\eamon.sys
  
• c:\windows\system32\drivers\ehdrv.sys
  
• c:\windows\system32\drivers\epfwndis.sys
  
• c:\windows\system32\drivers\oadriver.sys
  
• c:\windows\system32\drivers\oahlp32.sys
  
• c:\windows\system32\drivers\oamon.sys
  
• c:\windows\system32\drivers\oanet.sys
  
• c:\program files\eset
  

Also make certain that you've also excluded ESET from Online Armor and that you've excluded Online Armor and Malwarebytes' Anti-Malware from ESET.