Insidious Adobe Update

[corkyg]

This all started when I went directly to Adobe's website to get an update. The ensuing action pages have several "Download" buttons, and they start overlapping. The most pervasive was Astromenda.

 

[code65536]

This all started when I went directly to Adobe's website to get an update. The ensuing action pages have several "Download" buttons, and they start overlapping. The most pervasive was Astromenda.

I see just a single download button. Plus an explicit checkbox for whether you want the download to also include some McAfee thing.

If you are seeing multiple buttons that "overlap", then it sounds like you have adware on your system that's hijacking your browser.

(Normally, I download from this page which provides full installers and not those small stub installers, and all of these are 100% clean, too.)

One other note, IE does not need the separate Adobe Flash to work with Flash content. I know, I have tested this on my Surface Pro 2 with Opera (latest Chromium one) and IE (Desktop and Modern) without the additional Adobe software installed.

In XP, Flash was included in Windows. It was decoupled in Vista and Windows 7. It was again included in Windows 8, updated exclusively by Windows Update. This was so that it could bypass Windows RT's you-can't-install-desktop-software restriction.

 

[bruceb]

I also do my Adobe updates manually and never had an issue. For Adobe Flash just use this link: http://www.adobe.com/products/flashplayer/distribution3.html ... and pick the one you need for your OS and Browser ... For Shockwave, go to this link to download the latest one:
http://get.adobe.com/shockwave/otherversions/

 

[HOSED]

Code 65536 seems to be spot on https://forums.adobe.com/thread/1548867?start=0&tstart=0 , CorkyG did you eventually get the current version of Adobe flash installed?

 

[xgsound]

Adobe flash bundles McAfee crap by default these days, if their plugin routes you to their download page. You have to explicitly opt-out.

Wish flash would die already!

I've noticed this lately along with checks for the ask toolbar when I reinstalled firefox for some family members convenience. For about 2 years now I've mostly used Chrome and removed flash and Java completely. I might go back to no Firefox or flash.

Jim

 

[code65536]

ask toolbar when I reinstalled firefox

Again, where are you people getting these things???

The official (as in, digitally signed by Mozilla) installer that you get from mozilla.com or firefox.com does not, has never, and will never include third-party crapware.

There are a lot of unauthorized installers out there, many injecting themselves into search results via Google ads. (Or delivering themselves via a hijacked browser, as is evidently the case with corkyg's Flash installer.)

 

[thedosbox]

For Shockwave, go to this link to download the latest one:
http://get.adobe.com/shockwave/otherversions/

It's been years since I had to install shockwave. Why do you still bother? I'm curious as to what needs it.

 

[VirtualLarry]

Adobe Flash does not do what you describe.

This.

PEBKAC error. Nothing to see here.

 

[VirtualLarry]

Again, where are you people getting these things???

The official (as in, digitally signed by Mozilla) installer that you get from mozilla.com or firefox.com does not, has never, and will never include third-party crapware.

There are a lot of unauthorized installers out there, many injecting themselves into search results via Google ads. (Or delivering themselves via a hijacked browser, as is evidently the case with corkyg's Flash installer.)

Seems like people just type in "Firefox" into their URL bar, and click the first thing that pops up...

People, first of all, don't use Google, use DuckDuckGo. Second, DuckDuckGo will show you "official site" when searching for utilities, to help you click on the right link. Third, get to know the official sites for programs.

www.mozilla.com
www.adobe.com
www.waterfoxproject.org
www.duckduckgo.com

Edit: And those going straight to the official sites, and getting multiple download buttons that overlap, or installers that bundle crapware, check your router's config and firmware, it may have been hacked. See this thread for more info:
http://forums.anandtech.com/showthread.php?t=2397481

 

[code65536]

People, first of all, don't use Google, use DuckDuckGo. Second, DuckDuckGo will show you "official site" when searching for utilities, to help you click on the right link. Third, get to know the official sites for programs.

Um, DuckDuckGo isn't all that innocent, either...

Search for "firefox" on DDG. The very first item--before any of the actual search results--is a "Sponsored Link" that says "Free Firefox® 32 Download". But instead of taking you to mozilla.com, that link takes you to Yahoo!, where, instead of getting a clean version of Firefox, you get one bundled with Yahoo!'s toolbar.

But I guess that's more benign than the first thing you see in a Google search result, which is a third-party sponsored link that installs an adware download manager. Even though a Yahoo! toolbar isn't as bad as that, DDG is nevertheless guilty, like Google, of profiting from this scummy misdirection of users.

 

[VirtualLarry]

Um, DuckDuckGo isn't all that innocent, either...
DDG is nevertheless guilty, like Google, of profiting from this scummy misdirection of users.

*shrug*. If search engines didn't have sponsored links, then we wouldn't have search engines.

And I don't see how that's a "misdirection".

Like I said, search for certain utilities, and DDG will have the "official site" noted as such.

 

[code65536]

*shrug*. If search engines didn't have sponsored links, then we wouldn't have search engines.

It's fine to show ads for florists if someone searches for flowers or ads for online stores when someone searches for a specific product. Because these ads help direct the user towards what they are looking for.

But when someone is not looking for something to buy but is instead looking for an official something--Like an official Firefox or Flash download, or the official IRS website--then it's pretty scummy to allow ads that basically direct users away from what they are looking for. If someone is searching for the IRS, they probably want official government pages and not sites that sound official but have tiny fine print at the bottom disclaiming any affiliation with or endorsement by the government. If someone is searching for Firefox, do you honestly think that they are looking for a third-party download that bundles who-knows-what instead of the real thing? These are sites that make money not by selling a legitimate product, but by essentially scamming the user, and, yes, we should call a spade a spade: it's misdirection, plain and simple.

Sure, I've grown accustomed to automatically ignoring search ads--they're basically spam. But a lot of people don't, as I've seen before with less tech savvy users who wonder why they got screwed (in one case, someone fell victim to a fake tech support scam because when they searched for HP's tech support, they ended up getting a scam site via an ad).

Remember how Google got nailed in a criminal case for ads for illegal online pharmacies? Their reps even actively worked to help the undercover FBI agent skirt around policies so that the ad can be placed. Stuff like the Firefox download that installs an adware download manager may not be technically illegal like the online pharmacy, but it's just as ethically bad.

 

[VirtualLarry]

it's just as ethically bad.

Which, again, is why DDG says "official site" with an icon next the the official site for something. You can lead a user to an official site, but you can't make them click...

 

[code65536]

Which, again, is why DDG says "official site" with an icon next the the official site for something. You can lead a user to an official site, but you can't make them click...

Who the heck cares about some "official site" indicator? That's almost as useful as a SSL security indicator. Which is to say, it's pretty damn useless for the average person. Anyone savvy enough to know what the SSL indicator means or to know to look for some official site indicator probably doesn't need those in the first place.

The first search result is almost always the official one because the search results themselves have pretty high integrity. Do a search for Flash on DDG. The first three search results all point to adobe.com. But what do you see in front of those search results on DDG? Hey look, it's a scummy site that delivers Flash with bundled adware! There's no prominent indication that the ad result is shady ("Adobe Flash Player Free" doesn't exactly scream "scam", now does it?). Yes, there's a little indicator there that says "Ad", but sometimes ads can actually be official (e.g., search for "Microsoft", and the ad that appears is for the local physical Microsoft Store in my town). And obviously, people do click on that ad for Flash because if it's not profitable for the scammer, why would they keep paying for it? Sure, you and I would never click on it. But you and I are not most people, now are we? I'm sure you've supported less savvy users like family members. Can you imagine them clicking on that link? I certainly can.

The more important point is this: if the search results for Flash already deliver people to the correct official site, then what's the point of an ad? The only legitimate site for Flash is at adobe.com, but why on earth would Adobe take out an ad for Flash when they are already the top search result? The people who take out ads for Flash are the people who otherwise would not appear anywhere near the top of the results and who are trying to siphon away some of the less savvy users. And the users who miss the little "Ad" indicator and miss the fine print on the scammer's site disclosing the adware almost certainly aren't looking for some official-site indicator.

Anyway, when it comes to this particular issue, DDG is no better than Google. Actually, Bing is better than both of them for these three test searches (flash, firefox, irs) as the ad results don't appear before / above the legitimate search results (though Bing does put ads first for other less prominent searches).

 

[oynaz]

This all started when I went directly to Adobe's website to get an update. The ensuing action pages have several "Download" buttons, and they start overlapping. The most pervasive was Astromenda.

You have a serious malware infestation.

 

[corkyg]

Agree! I totally removed all vestiges of malware. No Adobe products installed. Then went to the official Adobe site and downloaded Adobe Flash. Saved the file which was named "Adobe Flash IESetup.exe."

I then ran that file to install Flash. And, the same crapware tagged along. Three new icons graced my desktop - "But The Rope," "PC Backup," and "Driver Support." I thrn ran a complete Threat scan with MBAM Prem and there was again a profusion of Malware. (Thanks Adobe!)

So, I found WSE Astromenda, Driver Support, and the PC Backup proggies all installed in addition to Flash. Got them all uninstalled and all malware removed. No Adobe Flash, and no vestiges of malware.

BTW, the Adobe screenshots above are for Update of existing Flash. This problem comes from installing Flash from scratch.

All is cleaned up once again, but I will keep Flash off of my system.

 

[Fardringle]

When I go to http://get.adobe.com/flashplayer/download (the official download site) in any browser on Windows 7, and un-check the box for the currently offered add-on, the file name that Adobe offers to me is "install_flashplayer14x32ax_gtbd_chrd_dn_aaa_aih.exe", not "Adobe Flash IEsetup.exe." It really sounds like you are still getting a fake or compromised download.

 

[corkyg]

Yep! You are spot on. I was being "Googled." I found the exact same file as you state. I carelessly took the first site offered by Google, and it was from Update.Org." They are the culprits. Flash 14 is back, no further problems. As someone above stated, I was "scroogled," or better yet, "screwgled."

This was an educational discussion.

 

[bruceb]

Corky ... please bookmark the 2 links in my post #28 ... they are the links to the real installers at the Adobe site and they do not include anything other than Flash or Shockwave ... If you try to get them from the Adobe main page, you will be offered other crap as well, like McAfee .. these links are the best and you get the correct .exe or .msi files (I prefer the .exe myself and I never let Adobe update on it's own .. but it can tell me when it is out of date)

 

[corkyg]

Thanks, bruceb. Already did it. L Like I said, sometimes Google haste really does make for Google waste.

 

[HOSED]

for those of us that still want flash plugin for IE11, but do not want the regular reminders that updates are available, does the old trick still work to disable them?
1. open FlashPlayerCPLApp.cpl as administrator
2. advanced tab select never check for update ?
My active x version now is 14.0.0.176, IE11 Win 7 SP1

 

[corkyg]

That is the current version. Yes, the old trick still works, but is caveated "Not Recommended." Consider that if what you have works, why update it? The same process can also allow update.

 

[Chiefcrowe]

As far as I know, yes.

for those of us that still want flash plugin for IE11, but do not want the regular reminders that updates are available, does the old trick still work to disable them?
1. open FlashPlayerCPLApp.cpl as administrator
2. advanced tab select never check for update ?
My active x version now is 14.0.0.176, IE11 Win 7 SP1

 

[maxi007]

yeah if there is a option to install additional softwares, then uncheck it else scan pc after any installation.
also in utorrent there 3-4 more software coming in bundle with it these days
Really a panic moment