Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Again, false positives?
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Adobe Systems |
And, this specific program: Adobe Acrobat 9.x |
| rtrooney | Again, false positives? |
|---|---|
 |
13th Jun, 2009 01:29 |
|
Ranking: -1 Posts: 23 User Since: 13th Jun, 2008 System Score: N/A Location: N/A |
WinXP. Again, get a cat4 threat regarding Acrobat Reader 9.1.1. Solution is to install 9.1.2 update. Do, but continue to get threat warnings. Do an Add/Remove and delete the Adobe Reader entirely. Reinstall Adobe 9, and reinstall update 9.1.2. Threat warning still pops up. Deleating the "threat file" as described elswhere, adoberd32.exe, disables the program entirely, but it does remove the threat warning. Great, but now no Adobe. Foxit is a great alternative for reading PDF files offline, such as email attachments, but is not a satisfactory alternative for reading PDF files online at sites such as banks that offer viewing of monthly statements in PDF format. I don't think that Secunia is sending False Positives, but getting Adobe properly patched is becoming a difficult process. And clicking the "Solution" button isn't solving the Adobe problem. I know I'm not the only one experiencing these difficulties. |
| Anthony Wells | RE: Again, false positives? | ||||||||
|
13th Jun, 2009 20:30 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 13th Jun, 2009 20:31 |
You could try my method from here. http://secunia.com/community/forum/thread/show/205... PS: I have AcroRD files , but I can't find any of your adobeRD files in my folders. Weird. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| rtrooney | RE: Again, false positives? | ||||||||
|
|
13th Jun, 2009 21:07 | ||||||||
| Score: -1 Posts: 23 User Since: 13th Jun 2008 System Score: N/A Location: N/A |
My error. The deleted file was acrord32, not adoberd32. The problem persists. And unfortunately Foxit is not the answer. While it seems to be an excellent PDF viewer, there are sites that simply will not allow me to a PDF page using anything other than Acrobat. Are several solutions I hope I can get one of them to work because nothing I've done so far has been successful. |
||||||||
|
|||||||||
| Anthony Wells | RE: Again, false positives? | ||||||||
|
|
13th Jun, 2009 21:30 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 13th Jun, 2009 21:31 |
The .exe file may not update & so you need an up to date .dll file or at least a file that corresponds to your exact time of update with , hopefully , the correct version number. Then all you have to do , is , you have to get Secunia to recognise it !! I'm lucky , my method works for me. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| rtrooney | RE: Again, false positives? | ||||||||
|
|
14th Jun, 2009 02:24 | ||||||||
| Score: -1 Posts: 23 User Since: 13th Jun 2008 System Score: N/A Location: N/A |
Am not exactly sure what you mean re: updating: what I think you are saying is delete any acrodr32.* file, and reinstall. Wouldn't control panel/add-remove, and delete the entire program, and start from scratch achieve the same objective? Acrord32.exe currently sits in my recycle bin. I've Google searched for an updated version of that file, and came up empty. While Secunia continues to tell me that acrord32.exe is a Cat4 threat, AVG tells me the file is clean. Confusing! Anyway, I've got acrord32.exe sequestered in the Recycle Bin. On those two or three occasions per month that I need to view Acrobat Reader files I will restore it, and hope nothing happens before sending it back to RB. |
||||||||
|
|||||||||
| Anthony Wells | RE: Again, false positives? | ||||||||
|
|
14th Jun, 2009 09:39 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 14th Jun, 2009 23:38 |
Here comes what I know that applies to me : PSI tells you if Adobe Reader is "patched" & "up to date" with regard to it's exposure concerning security threats. Avg doesn't. Avg will tell you if it finds that Adobe Reader is "infected" with malware ; PSI will not. Psi is checking for the file which tells it you have patched Adobe ; PSI does not always find it , so it seems. Check this thread. http://secunia.com/community/forum/thread/show/206... A "clean" uninstall , with say Add/Remove , very often leaves old files behind , believe me , & if Secunia finds them it points to them as being " out of date" if it considers them a risk as it , presumably , sees them in isolation. This is a good thing if they do in fact pose a "security" threat/risk. PSI and ADOBE tell me I have version 9.1.2.82 - fully patched. My RD32.exe is v9.1.0.163 & dates to 27/02/2009 whilst RD32.dll is v9.1.2.82 & dates to 21/05/2009. I am definitely not a techie , as must be obvious , & am only relating my guesswork & my experience . Going for brekkie. PS: your .exe file is not the threat (bring it in from that cold bin) it's the Reader itself when you use you use it IF it isn't actually patched. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| rtrooney | RE: Again, false positives? | ||||||||
|
|
14th Jun, 2009 23:50 | ||||||||
| Score: -1 Posts: 23 User Since: 13th Jun 2008 System Score: N/A Location: N/A |
My rd32.exe and .dll are 9.1.0.163 and 9.1.2.82 respectively. As nothing seems to be working with regard to getting Secunia to "pass" the update, my only recourse seems to use Adobe as sparingly as possible, and hope that a Version 9.2 is around the corner. |
||||||||
|
|||||||||
| rtrooney | RE: Again, false positives? | ||||||||
|
|
15th Jun, 2009 01:37 | ||||||||
| Score: -1 Posts: 23 User Since: 13th Jun 2008 System Score: N/A Location: N/A |
on 13th Jun, 2009 20:30, Anthony Wells wrote: You could try my method from here. http://secunia.com/community/forum/thread/show/205... PS: I have AcroRD files , but I can't find any of your adobeRD files in my folders. Weird. That's why one of the solutions failed. AVG firewall blocks the update link from within Acrobat:Help:Update. I trust AVG more than I trust Adobe. |
||||||||
|
|||||||||
| Anthony Wells | RE: Again, false positives? | ||||||||
|
|
15th Jun, 2009 12:00 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
I would not trust either 100% & that's why we're here at all ; but that is not the point of your problem. The Adobe/help/update "may" solve your problem , sooo ; you could :- 1)report a false positive to AVG & ask them to receck 2)check the blocked update file with "virus total" or "jotti" and see if anyone else agrees wth AVG ,or 3)live with the "problem" asis until Secunia & the Adobe guys change the system. Don't hold your breath. Of course you could do a complete "clean" uninstall/reinstall of all Reader files. Can't think of anyting else. Take care. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| rtrooney | RE: Again, false positives? | ||||||||
|
|
16th Jun, 2009 00:57 | ||||||||
| Score: -1 Posts: 23 User Since: 13th Jun 2008 System Score: N/A Location: N/A Last edited on 16th Jun, 2009 00:59 |
When the update route failed, I did a clean install. (I wish Adobe had an uninstall utility for Reader like it does for Flash player.) Nothing seemed to work. Then today, after doing nothing else to solve the problem, Secunia says Reader does not pose a threat. What happened in the last four days to cause this change of heart??? Beats me! But happy all is again right with the world. BTW, I don't trust any company 100%, but AVG's trust factor is highter on my list than Adobe's. |
||||||||
|
|||||||||
| Anthony Wells | RE: Again, false positives? | ||||||||
|
|
17th Jun, 2009 22:28 | ||||||||
| Score: 2329 Posts: 3,205 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 17th Jun, 2009 22:29 |
Holding your breath must have worked better than the other fixes. Sometimes more than one rescan seems necessary. Secunia have told us (on another thread) that they use the "Annots.api" file in the plug_in folder in the Reader folder to check the version number . Take care. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
