bernardinobravo@gmail.com

Adobe Flash Player 11.5.502.16

15 posts in this topic

Yesterday my Mac started to show a message each time a open a webpage with flash content.

 

The message said:

 

Adobe Flash Player 11.5.502.16

Ao clicar no botao Fazer download agora, voce afirma que leu e aceitou o Contrato de Licenciamento de Software da Adobe* e o Contrato de Licenca do McAfee Security Scan Plus.

 

I ran a full scan but the problem persist. Any idea of how to remove it?

 

Many thanks in advance.

BBMM

 

post-487619-1382043842_thumb.png

Share this post


Link to post
Share on other sites

I think you just should install/re-install your Flash player.

Share this post


Link to post
Share on other sites

Hi, I did what you suggested.

First uninstall the flash player but the problem persist and then reinstall it again..but nothing happened the browser still showing up the annoying message.

 

 

Share this post


Link to post
Share on other sites

Did you contact to Adobe or Apple support? I don't think the issue is related to viruses or Kaspersky.

Share this post


Link to post
Share on other sites
Did you contact to Adobe or Apple support? I don't think the issue is related to viruses or Kaspersky.

 

This has nothing to do with Adobe or Apple.

 

I'm having the same issue and so far I believe this is a virus. And I'm running Windows, not a Mac.

 

Here's how it happens:

 

Whenever I access almost all websites using Chrome (didn't tested on other browsers), a transparent DIV appears covering the whole screen. This DIV popup says that you need to update your Flash Player to see the site. Here's an screenshot:

flash_virus.png

 

When you take a closer look, you can see that the link redirects you to an IP that holds a zip file.

flash_virus_2.png

 

This is obviously a malware that is making a lot of people download and install a virus in their computers.

 

I ran Kaspersky full scan and it didn't catch anything.

 

The only way I was able to remove this malware popup was by cleaning ALL my navigation data in Chrome. That includes cookies, history, everything.

Can the Kaspersky team help us to identify and remove this malware?

 

Thank you.

post-494347-1386124976_thumb.png

post-494347-1386124992_thumb.png

Edited by Rodja

Share this post


Link to post
Share on other sites

Rodja is right. It is an annoyance that only goes away by cleaning our nav data on Chrome. I did download the file though, and submitted it to an online file scan website. Of 42 engines, only Kaspersky detect it for what I believe it truly is: Trojan Downloader! (I used Metascan Online)

Share this post


Link to post
Share on other sites
It's so easy.....just clean your "cache" ,and "web cache offline/user data"

 

 

Thank you!

I was losing my mind here. Cleaning my cache helped (it was happening in Firefox and Chrome, had to clean both).

 

But what concerns me more is HOW it got in my computer. I consider myself an advanced user, would never fall for this kind of trick (like downloading a fake Flash installer), so how the hell did it happen? Does anyone know how the PC gets infected by it?

Share this post


Link to post
Share on other sites

I tried cleaning my cache and all my offline browsing data, and am still getting the overlay on Chrome..

 

I've found that the sites that are displaying it have the Flash overlay code lines injected by this script http://www.google-analytics.com/ga.js

They all contain <script type="text/javascript" async="" src="http://www.google-analytics.com/ga.js"></script> in the <head> ..

 

 

Now, I have no idea how the script is being injected into the pages .. Any insights as to how this may be happening would be golden.

Share this post


Link to post
Share on other sites
I tried cleaning my cache and all my offline browsing data, and am still getting the overlay on Chrome..

 

I've found that the sites that are displaying it have the Flash overlay code lines injected by this script http://www.google-analytics.com/ga.js

They all contain <script type="text/javascript" async="" src="http://www.google-analytics.com/ga.js"></script> in the <head> ..

Now, I have no idea how the script is being injected into the pages .. Any insights as to how this may be happening would be golden.

 

Just opened my laptop at work, and cleared my cache and offline browsing data .. The http://www.google-analytics.com/ga.js script here looks non-malicious, and doesn't inject the overlay, as I saw it did back home. I'm guessing something replaced the ga.js from my local cache with the malicious one I saw earlier. Either that, or the google-analytics.com domain is somehow being redirected to the malicious ga.js host.

 

Again, any ideas as to how this may be happening would be great.

Edited by jpfaraco

Share this post


Link to post
Share on other sites
Again, any ideas as to how this may be happening would be great.

 

Users over on Apple's forums are reporting the same issue, and it sounds like it may be an issue caused by DNS cache poisoning of the Brazilian ISP NET Virtua. Are you connecting to the internet through NET Virtua at home, but not at work?

Share this post


Link to post
Share on other sites

It looks like some large sites are "immune" to this data injection. Such as Google, Evernote, Facebook, etc.

 

In the Mac forums there are users saying that their iPad is having the same issue. So it really makes sense that this issue is either a self-running cookie or some DNS cache.

I'm connecting through Virtua right now. And I'm using their DNS. Every since I cleared the cache of Chrome the issue did not happen again.

Share this post


Link to post
Share on other sites
Users over on Apple's forums are reporting the same issue, and it sounds like it may be an issue caused by DNS cache poisoning of the Brazilian ISP NET Virtua. Are you connecting to the internet through NET Virtua at home, but not at work?

 

Exactly .. I'm on Virtua at home, but on GVT at work.

Share this post


Link to post
Share on other sites
Exactly .. I'm on Virtua at home, but on GVT at work.

 

In that case, I would consider changing DNS settings, at least temporarily, until the problem is fixed. See:

 

http://www.thesafemac.com/eliminating-brow...rtisements/#dns

 

You may also want to flush your DNS cache, just to be sure the poisoned DNS records are not still cached in your computer. See:

 

http://support.apple.com/kb/ht5343

Share this post


Link to post
Share on other sites

Guys,

 

Just to register, it was a DNS poisoning attack against Net Virtua customers in Brazil.

Unfortunately this kind of attack is common in the country:

https://www.securelist.com/en/blog/20819321...tacks_in_Brazil

 

The problem is solved if you choose a different DNS server such as Google or OpenDNS.

 

Kaspersky products detect the files distributed in this attack since December 4,

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now