• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
4

Adobe Reader DC download says it is infected with a Trojan

Community Beginner ,
Mar 20, 2023 Mar 20, 2023

Copy link to clipboard

Copied

Hello,

 

We are March 20, 2023, around 4:00 PM ETC

So I downloaded and tried to install Adobe Reader. I made sure it was from the official website, as I already have a story with a third-party one. So it was no doubt from get.adobe.com. Halfway through installation, Windows Defender blocked it because it found the Wacatac B, a serious threat, attached to the .exe file. The affected file was rooted in: C:/PRogramData/Adobe/Temp/7682/installer.bin. It was deleted at that moment. 

 

Just in case, I went back and double-checked my browsing history. And again, that was get.adobe.com.

 

Did that happen to anyone, how could this be?

 

I think the threat was blocked, but I'm running a full scan through my laptop at the moment, with Windows Defender again, and with Malware Bytes later. I will edit if further detail is found.

TOPICS
Download and install , Windows

Views

10.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 21, 2023 Mar 21, 2023

Copy link to clipboard

Copied

Did you update the antivirus definitions before retrying? False positives are often fixed quickly. Or you may need to report it - no good reporting it to Adobe, it's your antivirus makers who have to fix it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 21, 2023 Mar 21, 2023

Copy link to clipboard

Copied

Thanks for your answer. Yes, I had everything up to date and double-checked afterward. I don't feel confident downloading this file again and retrying, though, until I understand what happened.

And yes, I read about false positives.

 

I'm including the pictures that I took at the moment. Sometimes I wonder if my cursor drifted to a third-party website unknowingly. Have no idea what a blob is.

20230320_200749.jpg20230320_173524.jpg

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Mar 21, 2023 Mar 21, 2023

Copy link to clipboard

Copied

A "blob" is basically a file. This is fine, since you're downloading from the adobe.com domain.

It's most likely a false positive by Windows Defender.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 23, 2023 Mar 23, 2023

Copy link to clipboard

Copied

TodayAnotación 2023-03-23 102623.pngAnotación 2023-03-23 102704.png

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 24, 2023 Mar 24, 2023

Copy link to clipboard

Copied

Clearly there is a problem.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 23, 2023 Mar 23, 2023

Copy link to clipboard

Copied

Bye Acrobat Reader . Open Source alternatives .

https://www.sumatrapdfreader.org/free-pdf-reader

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 23, 2023 Mar 23, 2023

Copy link to clipboard

Copied

Same detection on my computer.

 

Miguel29033044y8k3_0-1679588289190.png

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 24, 2023 Mar 24, 2023

Copy link to clipboard

Copied

That virus is serious. The good news is I haven't noticed any breach to my accounts so far, it has been 3 days. So Windows Defender did prevent the worst.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 26, 2023 Mar 26, 2023

Copy link to clipboard

Copied

Exact same problem here.

Not installing Acrobat Reader until this issue will be explained by Adobe.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 26, 2023 Mar 26, 2023

Copy link to clipboard

Copied

Carlo290789449nky_0-1679848126449.png

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 26, 2023 Mar 26, 2023

Copy link to clipboard

Copied

same situation, 27/03/2023, 2 AM.

I can survive without the reader from adobe. Some risks are not worth taking.

 

I dont really care if its a false positive or not. Both big companies, sort it out between yourselves. Until that, lost clients.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 28, 2023 Mar 28, 2023

Copy link to clipboard

Copied

Hi @maryamira @Fernando29084139zh8h @Carlo290789449nky @Miguel29033044y8k3 @Sergio29030100bdrq 

 

Hope you are doing well, and thanks for reporting this issue. I will get it checked internally with our team.

 

Please remove the application using the Acrobat cleaner tool https://www.adobe.com/devnet-docs/acrobatetk/tools/Labs/cleaner.html , reboot the computer once, and reinstall the application using the direct link https://get.adobe.com/reader/enterprise/ and see if that helps.

 

Let us know if you experience any trouble and need more help.

 

Regards

Amal

Regards
Amal

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 04, 2023 May 04, 2023

Copy link to clipboard

Copied

We had the same issue. Adobe does not seem to think the problem is on their end, despite several isolated cases with the same problem. I am also using Defender for Endpoint and it was also labeled as 'Wacatac.'

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
May 29, 2023 May 29, 2023

Copy link to clipboard

Copied

Hi there

 

This issue is known to our engineering team and is being worked upon.

 

We will share more details as soon as we get any updates.

 

Regards

Amal

Regards
Amal

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 11, 2024 May 11, 2024

Copy link to clipboard

Copied

I've downloaded Acrobat and then later adobe premiere pro and both times malware followed. The worst was when I got premier pro and got a Trojan malware 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 02, 2024 Nov 02, 2024

Copy link to clipboard

Copied

It is November 2, 2024, and my antivirus is sending the next messages:

diego_lzn_0-1730599490558.png

diego_lzn_1-1730599527448.png

I tried to contact an online agent, but despite Adobe offers 24/7 support, no one was available to assist.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 03, 2024 Nov 03, 2024

Copy link to clipboard

Copied

The name Acrobat_Set-Up.exe already is suspicious. Where are you  downloading from. Looks not official to me.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 03, 2024 Nov 03, 2024

Copy link to clipboard

Copied

1) I wento to the official website of Adobe Acrobat in Spanish

diego_lzn_0-1730655594007.png

2) Then I clicked on the button "Get the Apps" to download Adobe Acrobat Pro

diego_lzn_1-1730665588334.png

 

And I get the message from my antivirus I previously mentioned.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 08, 2024 Nov 08, 2024

Copy link to clipboard

Copied

Ahh, ok. You're not really downloading Acrobat but a helper app that will download and install Acrobat. This app is just about 3 MB in size and does want to download more things form the internet, since normal installation package for Acrobat is about 1 GB. So it's propably a false positive from your Antivirus. 

 

You can download it directly here: https://helpx.adobe.com/es/acrobat/kb/acrobat-dc-downloads.html

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 08, 2024 Nov 08, 2024

Copy link to clipboard

Copied

Thank you, but due to the shady situation, I cancelled my subscription permanently.

You can call it false positive, but for me it simply is terrible service.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 06, 2024 Nov 06, 2024

Copy link to clipboard

Copied

I also had the same thing happen to me not too long ago. It was downloaded directly from the Adobe webpage. I took a look at Bitdefender, and this is the message that shows in my notification. 

Suspicious activity blocked
19 minutes ago
Feature:  Antivirus


C:\Users\MYPCNAME\Downloads\Acrobat_Set-Up.exe tried to load a malicious resource detected as Gen: Trojan.Heur.TP.kp2@byxzjxai and was blocked. Your device is safe.

I don't feel comfortable downloading the app anymore because Adobe sees that it is necessary to attach other unwanted features and apps, such as McAfee and their Creative Pro App, to the download without being able to refuse. I will be canceling my subscription. 
We should be able to download the stand-alone Adobe Reader app AND receive ALL the necessary updates, INCLUDING security updates, without also having to download an app that is not needed. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 06, 2024 Nov 06, 2024

Copy link to clipboard

Copied

I decided to cancel my susbscription too.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 11, 2024 Nov 11, 2024

Copy link to clipboard

Copied

Same for me (Gen:Trojan.Heur.TP.kp2@b8na4Udi). Why does Adobe do not care?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 13, 2024 Nov 13, 2024

Copy link to clipboard

Copied

Same issue here, BitDefender blocks it with the message below. Adobe, any ideas when this will be resolved as I am going to have to buy an alternative if not  resolved very soon. \Downloads\Acrobat_Set-Up.exe tried to load a malicious resource detected as Gen:Trojan.Heur.TP.kp2@bGbaVthi and was blocked. Your device is safe.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines