Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Flash Player 9b reported on system that has had all flash players...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 9.x

This thread has been marked as locked.
tsssystems Flash Player 9b reported on system that has had all flash players uninstalled
Member 19th Sep, 2011 06:14
Ranking: 0
Posts: 5
User Since: 17th Feb, 2010
System Score: N/A
Location: US
PSI 2.0 keeps reporting the "actual installation" as being in the usual location - ..\Macromed\Flash\Flash9b.ocx. Problem is that I used the Adobe Flash uninstaller to remove this and every other version from this Windows XP SP3 system. Searching for this file - or any other flash file - comes up with "nothing found". I've tried rebooting, defragging the drive, emptying the recycle bin, but none of that helps. This is the only "insecure program" on this PC, and it doesn't exist.

Tried the Adobe Flash Player Test Page at http://www.chemgapedia.de/vsengine/info/en/help/re... with IE 8 and the animation does NOT play and I get asked if I want to install Adobe Flash Player. Anyone have any ideas on what 's going on here?

---START---

Program Name:
Adobe Flash Player 9.x (ActiveX)

Security State:
End-of-Life

Download Link:
http://fpdownload.adobe.com/get/flashplayer/curren...

Instances Found:
C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, version: 9.0.28.0 (ActiveX)

Last System Scan (localtime):
17. Sep 2011, 16:37

Operating System:
Microsoft Windows XP Professional, Service Pack 3

---END---

TIA.

Anthony Wells RE: Flash Player 9b reported on system that has had all flash players uninstalled
Expert Contributor 20th Sep, 2011 21:04
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Have you actually looked in the Macromed folder that the PSI is reporting . You can either :

navigate to it using Explorer by following the pathway in the "detected instance" as posted by you (above) or:

click on the [+] sign to the left of the programme display on the PSI's Scan Results page and then select the yellowish "open folder" icon (the one without the red blob) to the left of/below the "detected instance" ; you should see the .ocx file blue highligted in Explorer .

Can you see/find the folder and the .ocx file ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
tsssystems RE: Flash Player 9b reported on system that has had all flash players uninstalled
Member 21st Sep, 2011 20:00
Score: 0
Posts: 5
User Since: 17th Feb 2010
System Score: N/A
Location: US
Thanks, but I'm familiar with PSI's interface and the Windows system32 files. What happened was very strange.

Of course, now you can't just "delete" the flash*.ocx files. The user - even the administrator account - doesn't have permission, not even in safe mode. So I used the Adobe Flash uninstaller, and after running it, found no flash*.ocx files in ..\system32\Macromed\Flash. However, when I re-scanned the program, PSI kept telling me nothing had changed. Searched the HDD and it wasn't anywhere else on the system either. Removed all registry references to it, defragged the drive, rebooted, and there it was again!

So I ran the Uninstaller once more, and watched it disappear from the directory, had PSI rescan the program and it still told me it was there in ..\system32\Macromed\Flash!

So I did a SYSTEM scan instead of a PROGRAM Re-Scan, and that finally cleared it.

At this point I wouldn't be totally surprised if it popped back up again, but I haven't rebooted the machine yet to find out,

I guess this is the true definition of a "zombie" file. :-)
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash Player 9b reported on system that has had all flash players uninstalled
Expert Contributor 21st Sep, 2011 22:00
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Glad to hear that you are au fait with the PSI and it's GUI .

Three points :-

1)As you have found out , the PSI frequently requires a FULL system scan to validate a change (with or without reboot) and that the individual programme (re)scan cannot be relied upon ; it may work immediately ,take hour(s) to respond or do nothing*** ; in some cases the PSI will update itself without any (re)scanning and will advise you with a tray icon pop_up message .

ALL M$ updates require a reboot and full system scan to validate - on occasion more than one .

NB:***this point/problem has been raised on many occasions and atm it is not resolved .

2)The PSI version2.0.x no longer checks the recycle bin/garbage .

3)A manual deletion of the .ocx is perfectly possible PROVIDED you STOP and completely EXIT all programmes that are using Flash ActiveX :eg: certain messenger programmes and the older 1.5.0.2 version of the PSI among others . In fact the same rules apply to running the Adobe Uninstaller software . The latest Flash installers will happily remove the older version but still need the .ocx to be unlocked :ie: not loaded by a(ny) programme .

The "zombie" file was introduced to take care of the panic that was being created with newer users of the PSI when old but largely inaccessible files were being displayed as "insecure" , your's was maybe the Ghost of Christmas Past still looking for it's prezzie :))

Take care

Anthony





--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
pratnala2010 RE: Flash Player 9b reported on system that has had all flash players uninstalled
Member 22nd Sep, 2011 18:53
Score: 1
Posts: 38
User Since: 13th Nov 2009
System Score: 89%
Location: IN
on 21st Sep, 2011 20:00, tsssystems wrote:
Thanks, but I'm familiar with PSI's interface and the Windows system32 files. What happened was very strange.

Of course, now you can't just "delete" the flash*.ocx files. The user - even the administrator account - doesn't have permission, not even in safe mode. So I used the Adobe Flash uninstaller, and after running it, found no flash*.ocx files in ..\system32\Macromed\Flash. However, when I re-scanned the program, PSI kept telling me nothing had changed. Searched the HDD and it wasn't anywhere else on the system either. Removed all registry references to it, defragged the drive, rebooted, and there it was again!

So I ran the Uninstaller once more, and watched it disappear from the directory, had PSI rescan the program and it still told me it was there in ..\system32\Macromed\Flash!

So I did a SYSTEM scan instead of a PROGRAM Re-Scan, and that finally cleared it.

At this point I wouldn't be totally surprised if it popped back up again, but I haven't rebooted the machine yet to find out,

I guess this is the true definition of a "zombie" file. :-)


You can delete the flash *.ocx files. I do it everytime when PSI detects it. Just stop the process sidebar.exe (if you have Vista or 7) and also end psi.exe. Then delete the outdated *.ocx files and only keep the latest one. Now restart your computer do a full scan in PSI. They won't show up.

--
PC -
Microsoft Windows 7 Home Basic Service Pack 1
Intel Core 2 Duo E4400 2.0 GHz
2GB RAM
Kaspersky Internet Security 2012
Secunia PSI 2.0.0.3003

Laptop -

Microsoft Windows 7 Home Basic Service Pack 1
Intel Pentium Dual Core T4400 2.2 GHz
3GB RAM
Kaspersky Internet Security 2012
Secunia PSI 2.0.0.3003
Was this reply relevant?
+0
-0
tsssystems RE: Flash Player 9b reported on system that has had all flash players uninstalled
Member 22nd Sep, 2011 20:28
Score: 0
Posts: 5
User Since: 17th Feb 2010
System Score: N/A
Location: US
BTW, This machine is running XP SP3, which I mentioned in my first posting. My experience with flash9b.ocx was that it was locked by Windows or another process or "user" that I don't have access to. It didn't show up as a running process, no browsers were open, yet it couldn't be deleted. Seems like explorer.exe had it locked, but I couldn't delete it in Safe Mode > Command Prompt only either. Couldn't even delete it using BartPE to boot with! So apparently another lower level process, or the system "user", was locking it. Perhaps the permissions were corrupted, although I gave myself full access to the file as administrator with no special permissions set.

I had this problem once a while ago and had to delete the file using a Linux LiveCD, but for whatever reason Knoppix wouldn't see my C: drive.

Now the story gets even stranger. When I checked Adobe's web site a few days ago, I came across a little blurb that said that one couldn't uninstall Flash Player just by deleting the files. It was referring to newer versions, because it said that was a change starting with some version (like 9). I don't have time to search for it again. But when I just went to the "Uninstall Flash Player | Windows" page (http://kb2.adobe.com/cps/141/tn_14157.html), the page tells me "You have version 10.1.53.67 installed". But there's NO Flash Player installed anywhere on my system! In fact, a site with a flash movie on the home page tells me to download the plugin.

In any case, now PSI tells me I have a 100% score and Flash is not listed in the PSI interface.
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash Player 9b reported on system that has had all flash players uninstalled
Expert Contributor 22nd Sep, 2011 23:48
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again ,

You are not the first person on this Forum to have the .ocx file locked with "apparently" no "detectable" programmes/processes using it .

On such occasions , then software such as "File Assasin" , "Move on Boot" or "Unlocker" have proven themselves to be effective in removing the recalcitrant file .

The change in Flash deletion rules suggested by Adobe was around the the end of the 9 range when uninstallers were added in to the 10 series installers and using "Add/Remove" was not effective/caused deletion problems . Manual deletion from within Macromed is not always easy for the less experienced , hence the provision of the Uninstaller by Adobe . The very latest uninstallers/installers are very efficient , just make sure that the .ocx is not in use as per the instructions on the website you have provided the linked to ; the box on the page is an "example" of what you will see as an installed version if you click on the pale blue link just above it called "About Adobe Flash Player" .

Version 10.1.53.64 in the example box is well out of date as the current version is 10.3.183.7 and that is about to update to an 11.x series .

If the PSI says that you do not have Flash installed and gives you 100% , I would take it's word for it .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer