cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
0
Upvote

McAfee report Trojan C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\BIT691A.tmp. Is the BIT691A.tmp file a legitimate adobe file?

individualistic_Coral0D4C
New Here ,
Feb 26, 2018 Feb 26, 2018

We have been getting McAfee deletion notification for BIT691A.tmp from the Adobe ARM folder.  The computers that got this trojan notification have adobe reader installed. Can anyone tell me if this is a legitimate file? I've spoken to a few Adobe representatives and I am not getting any definite answers. They all tell me to post on this forum for my answer. 

Thanks in advance for any advice on this matter.

Rattanak

7.4K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 8 Replies 8
latest latest Jump to latest reply
LeoUpdaterX
Advocate ,
Feb 26, 2018 Feb 26, 2018

This file looks like unfinished BITS download (About BITS (Windows) )

While download is in progress, BITS creates a file with temporary name.

BITS is used by Adobe Updater.

Most likely the file is valid.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
individualistic_Coral0D4C
New Here ,
Feb 26, 2018 Feb 26, 2018
In Response To LeoUpdaterX

Thank you for the reply LeoAdobX.

Do you know or have heard of why McAfee is flagging the BIT temp file as a trojan?

Thanks,

Rattanak

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
erics36326711
New Here ,
Feb 26, 2018 Feb 26, 2018
In Response To individualistic_Coral0D4C

Did you ever get any further information on this?  We're receiving the same results from Symantec Endpoint Protection flagging these files in the same directory and just started today.  We submitted the file to Symantec to determine if it is a false positive but haven't heard anything back yet.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
individualistic_Coral0D4C
New Here ,
Feb 26, 2018 Feb 26, 2018
In Response To erics36326711

I did the same thing with McAfee. I sent them the information to their virus research team but have not heard back from them. I was hoping to get some solid answers from Adobe support but each call redirected me to this forum.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
erics36326711
New Here ,
Feb 27, 2018 Feb 27, 2018
In Response To individualistic_Coral0D4C

Just to follow up, Symantec did get back to me and confirmed it was a false positive and are updating their signatures.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
individualistic_Coral0D4C
New Here ,
Feb 27, 2018 Feb 27, 2018
In Response To erics36326711

Thanks for the update Eric.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
individualistic_Coral0D4C
New Here ,
Feb 27, 2018 Feb 27, 2018
In Response To individualistic_Coral0D4C

Do you have UAC enabled on this OS?
Also, please check that all 3 files in the folder below have valid Adobe digital signature-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0
Can you please provide File version for AdobeARM.exe file from this folder?
What is your installed Reader version?
Can you export Registry key below and send me reg file?
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Adobe ARM\Products\{291AA914-A987-4CE9-BD63-AC0A92D435E5}

Hello LeoAdobeX,

-- The UAC is enabled on the OS.

-- The three files in the C:\Program Files (x86)\Common Files\Adobe\ARM\1.0 are digitally signed by Adobe Systems, Incorporated.

-- The reader version that was affected was Adobe Acrobat Reader DC version 18.011.20038.

-- I tried to send you the registry key that was requested but got a bounce back from the email address. Do you have the adobe security email address that I can send the registry key to?

Thanks,

Rattanak

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
SORDHD337
New Here ,
Feb 28, 2019 Feb 28, 2019
LATEST
In Response To individualistic_Coral0D4C

Hi Nic Nak,

Did you receive a response from McAfee?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Acrobat Reader
About Acrobat Reader
Open in a new window
Reader Help
Acrobat Reader Help
Open in a new window
FAQs
Download Offline installer
Open in a new window
Extract .msi installer
Open in a new window
About Reader Customization
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices