navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Again, false positives?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Acrobat 9.x

This thread has been marked as locked.
rtrooney Again, false positives?
Member 13th Jun, 2009 01:29
Ranking: -1
Posts: 23
User Since: 13th Jun, 2008
System Score: N/A
Location: N/A
WinXP. Again, get a cat4 threat regarding Acrobat Reader 9.1.1. Solution is to install 9.1.2 update. Do, but continue to get threat warnings. Do an Add/Remove and delete the Adobe Reader entirely. Reinstall Adobe 9, and reinstall update 9.1.2. Threat warning still pops up. Deleating the "threat file" as described elswhere, adoberd32.exe, disables the program entirely, but it does remove the threat warning. Great, but now no Adobe. Foxit is a great alternative for reading PDF files offline, such as email attachments, but is not a satisfactory alternative for reading PDF files online at sites such as banks that offer viewing of monthly statements in PDF format.

I don't think that Secunia is sending False Positives, but getting Adobe properly patched is becoming a difficult process. And clicking the "Solution" button isn't solving the Adobe problem. I know I'm not the only one experiencing these difficulties.

Anthony Wells RE: Again, false positives?
Expert Contributor 13th Jun, 2009 20:30
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Jun, 2009 20:31
You could try my method from here.


http://secunia.com/community/forum/thread/show/205...

PS: I have AcroRD files , but I can't find any of your adobeRD files in my folders. Weird.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rtrooney RE: Again, false positives?
Member 13th Jun, 2009 21:07
Score: -1
Posts: 23
User Since: 13th Jun 2008
System Score: N/A
Location: N/A
My error. The deleted file was acrord32, not adoberd32.

The problem persists. And unfortunately Foxit is not the answer. While it seems to be an excellent PDF viewer, there are sites that simply will not allow me to a PDF page using anything other than Acrobat.

Are several solutions I hope I can get one of them to work because nothing I've done so far has been successful.
Was this reply relevant?
+0
-0
Anthony Wells RE: Again, false positives?
Expert Contributor 13th Jun, 2009 21:30
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Jun, 2009 21:31
The .exe file may not update & so you need an up to date .dll file or at least a file that corresponds to your exact time of update with , hopefully , the correct version number. Then all you have to do , is , you have to get Secunia to recognise it !!
I'm lucky , my method works for me.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rtrooney RE: Again, false positives?
Member 14th Jun, 2009 02:24
Score: -1
Posts: 23
User Since: 13th Jun 2008
System Score: N/A
Location: N/A
Am not exactly sure what you mean re: updating: what I think you are saying is delete any acrodr32.* file, and reinstall. Wouldn't control panel/add-remove, and delete the entire program, and start from scratch achieve the same objective?

Acrord32.exe currently sits in my recycle bin. I've Google searched for an updated version of that file, and came up empty.

While Secunia continues to tell me that acrord32.exe is a Cat4 threat, AVG tells me the file is clean. Confusing!

Anyway, I've got acrord32.exe sequestered in the Recycle Bin. On those two or three occasions per month that I need to view Acrobat Reader files I will restore it, and hope nothing happens before sending it back to RB.

Was this reply relevant?
+0
-0
Anthony Wells RE: Again, false positives?
Expert Contributor 14th Jun, 2009 09:39
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 14th Jun, 2009 23:38
Here comes what I know that applies to me :

PSI tells you if Adobe Reader is "patched" & "up to date" with regard to it's exposure concerning security threats. Avg doesn't.
Avg will tell you if it finds that Adobe Reader is "infected" with malware ; PSI will not.
Psi is checking for the file which tells it you have patched Adobe ; PSI does not always find it , so it seems.

Check this thread.

http://secunia.com/community/forum/thread/show/206...

A "clean" uninstall , with say Add/Remove , very often leaves old files behind , believe me , & if Secunia finds them it points to them as being " out of date" if it considers them a risk as it , presumably , sees them in isolation. This is a good thing if they do in fact pose a "security" threat/risk.

PSI and ADOBE tell me I have version 9.1.2.82 - fully patched. My RD32.exe is v9.1.0.163 & dates to 27/02/2009 whilst RD32.dll is v9.1.2.82 & dates to 21/05/2009.

I am definitely not a techie , as must be obvious , & am only relating my guesswork & my experience .

Going for brekkie.

PS: your .exe file is not the threat (bring it in from that cold bin) it's the Reader itself when you use you use it IF it isn't actually patched.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rtrooney RE: Again, false positives?
Member 14th Jun, 2009 23:50
Score: -1
Posts: 23
User Since: 13th Jun 2008
System Score: N/A
Location: N/A
My rd32.exe and .dll are 9.1.0.163 and 9.1.2.82 respectively.

As nothing seems to be working with regard to getting Secunia to "pass" the update, my only recourse seems to use Adobe as sparingly as possible, and hope that a Version 9.2 is around the corner.
Was this reply relevant?
+0
-0
rtrooney RE: Again, false positives?
Member 15th Jun, 2009 01:37
Score: -1
Posts: 23
User Since: 13th Jun 2008
System Score: N/A
Location: N/A
on 13th Jun, 2009 20:30, Anthony Wells wrote:
You could try my method from here.


http://secunia.com/community/forum/thread/show/205...

PS: I have AcroRD files , but I can't find any of your adobeRD files in my folders. Weird.


That's why one of the solutions failed. AVG firewall blocks the update link from within Acrobat:Help:Update. I trust AVG more than I trust Adobe.
Was this reply relevant?
+0
-0
Anthony Wells RE: Again, false positives?
Expert Contributor 15th Jun, 2009 12:00
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
I would not trust either 100% & that's why we're here at all ; but that is not the point of your problem. The Adobe/help/update "may" solve your problem , sooo ; you could :-
1)report a false positive to AVG & ask them to receck
2)check the blocked update file with "virus total" or "jotti" and see if anyone else agrees wth AVG ,or
3)live with the "problem" asis until Secunia & the Adobe guys change the system. Don't hold your breath.
Of course you could do a complete "clean" uninstall/reinstall of all Reader files.
Can't think of anyting else.
Take care.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
rtrooney RE: Again, false positives?
Member 16th Jun, 2009 00:57
Score: -1
Posts: 23
User Since: 13th Jun 2008
System Score: N/A
Location: N/A
Last edited on 16th Jun, 2009 00:59
When the update route failed, I did a clean install. (I wish Adobe had an uninstall utility for Reader like it does for Flash player.) Nothing seemed to work.

Then today, after doing nothing else to solve the problem, Secunia says Reader does not pose a threat. What happened in the last four days to cause this change of heart??? Beats me! But happy all is again right with the world.

BTW, I don't trust any company 100%, but AVG's trust factor is highter on my list than Adobe's.
Was this reply relevant?
+0
-0
Anthony Wells RE: Again, false positives?
Expert Contributor 17th Jun, 2009 22:28
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 17th Jun, 2009 22:29
Holding your breath must have worked better than the other fixes. Sometimes more than one rescan seems necessary.
Secunia have told us (on another thread) that they use the "Annots.api" file in the plug_in folder in the Reader folder to check the version number .
Take care.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+