Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
bernardinobravo@gmail.com

Adobe Flash Player 11.5.502.16

Recommended Posts

Yesterday my Mac started to show a message each time a open a webpage with flash content.

 

The message said:

 

Adobe Flash Player 11.5.502.16

Ao clicar no botao Fazer download agora, voce afirma que leu e aceitou o Contrato de Licenciamento de Software da Adobe* e o Contrato de Licenca do McAfee Security Scan Plus.

 

I ran a full scan but the problem persist. Any idea of how to remove it?

 

Many thanks in advance.

BBMM

 

post-487619-1382043842_thumb.png

Share this post


Link to post
Did you contact to Adobe or Apple support? I don't think the issue is related to viruses or Kaspersky.

 

This has nothing to do with Adobe or Apple.

 

I'm having the same issue and so far I believe this is a virus. And I'm running Windows, not a Mac.

 

Here's how it happens:

 

Whenever I access almost all websites using Chrome (didn't tested on other browsers), a transparent DIV appears covering the whole screen. This DIV popup says that you need to update your Flash Player to see the site. Here's an screenshot:

flash_virus.png

 

When you take a closer look, you can see that the link redirects you to an IP that holds a zip file.

flash_virus_2.png

 

This is obviously a malware that is making a lot of people download and install a virus in their computers.

 

I ran Kaspersky full scan and it didn't catch anything.

 

The only way I was able to remove this malware popup was by cleaning ALL my navigation data in Chrome. That includes cookies, history, everything.

Can the Kaspersky team help us to identify and remove this malware?

 

Thank you.

post-494347-1386124976_thumb.png

post-494347-1386124992_thumb.png

Edited by Rodja

Share this post


Link to post

Rodja is right. It is an annoyance that only goes away by cleaning our nav data on Chrome. I did download the file though, and submitted it to an online file scan website. Of 42 engines, only Kaspersky detect it for what I believe it truly is: Trojan Downloader! (I used Metascan Online)

Share this post


Link to post
It's so easy.....just clean your "cache" ,and "web cache offline/user data"

 

 

Thank you!

I was losing my mind here. Cleaning my cache helped (it was happening in Firefox and Chrome, had to clean both).

 

But what concerns me more is HOW it got in my computer. I consider myself an advanced user, would never fall for this kind of trick (like downloading a fake Flash installer), so how the hell did it happen? Does anyone know how the PC gets infected by it?

Share this post


Link to post

I tried cleaning my cache and all my offline browsing data, and am still getting the overlay on Chrome..

 

I've found that the sites that are displaying it have the Flash overlay code lines injected by this script http://www.google-analytics.com/ga.js

They all contain <script type="text/javascript" async="" src="http://www.google-analytics.com/ga.js"></script> in the <head> ..

 

 

Now, I have no idea how the script is being injected into the pages .. Any insights as to how this may be happening would be golden.

Share this post


Link to post
I tried cleaning my cache and all my offline browsing data, and am still getting the overlay on Chrome..

 

I've found that the sites that are displaying it have the Flash overlay code lines injected by this script http://www.google-analytics.com/ga.js

They all contain <script type="text/javascript" async="" src="http://www.google-analytics.com/ga.js"></script> in the <head> ..

Now, I have no idea how the script is being injected into the pages .. Any insights as to how this may be happening would be golden.

 

Just opened my laptop at work, and cleared my cache and offline browsing data .. The http://www.google-analytics.com/ga.js script here looks non-malicious, and doesn't inject the overlay, as I saw it did back home. I'm guessing something replaced the ga.js from my local cache with the malicious one I saw earlier. Either that, or the google-analytics.com domain is somehow being redirected to the malicious ga.js host.

 

Again, any ideas as to how this may be happening would be great.

Edited by jpfaraco

Share this post


Link to post
Again, any ideas as to how this may be happening would be great.

 

Users over on Apple's forums are reporting the same issue, and it sounds like it may be an issue caused by DNS cache poisoning of the Brazilian ISP NET Virtua. Are you connecting to the internet through NET Virtua at home, but not at work?

Share this post


Link to post

It looks like some large sites are "immune" to this data injection. Such as Google, Evernote, Facebook, etc.

 

In the Mac forums there are users saying that their iPad is having the same issue. So it really makes sense that this issue is either a self-running cookie or some DNS cache.

I'm connecting through Virtua right now. And I'm using their DNS. Every since I cleared the cache of Chrome the issue did not happen again.

Share this post


Link to post
Users over on Apple's forums are reporting the same issue, and it sounds like it may be an issue caused by DNS cache poisoning of the Brazilian ISP NET Virtua. Are you connecting to the internet through NET Virtua at home, but not at work?

 

Exactly .. I'm on Virtua at home, but on GVT at work.

Share this post


Link to post
Exactly .. I'm on Virtua at home, but on GVT at work.

 

In that case, I would consider changing DNS settings, at least temporarily, until the problem is fixed. See:

 

http://www.thesafemac.com/eliminating-brow...rtisements/#dns

 

You may also want to flush your DNS cache, just to be sure the poisoned DNS records are not still cached in your computer. See:

 

http://support.apple.com/kb/ht5343

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×