Locked

Adobe Flash player keeps asking to install whenever I try to open dmg files, Mac OS

New Here ,
Nov 27, 2019 Nov 27, 2019

Copy link to clipboard

Copied

Hi, I've tried to download several dmg files, because I wanted to install some programs, but everytime I try to open or install the dmg file, Adobe flash player pops up asking for installation, so I did. I've tried to install\open the dmg file again, but Flash player keeps asking for installation over and over, even If I already did that. This happens for almost every dmg file I've downloaded, what can I do to simply install dmg files without Flash player keeping to ask for an installation? I also tried to uninstall it and install it again many times, I rebooted my pc several times, I've tried to delete every flash player file, nothing seems to work. Schermata 2019-11-27 alle 13.50.00.png

TOPICS
Bug, Community Information

Views

4.7K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 2 Correct Answers

Most Valuable Participant , Nov 27, 2019 Nov 27, 2019
Ah found it! Yes, the news is bad. This is malware. Discussion here: https://www.pcrisk.com/removal-guides/16127-tarmac-trojan-mac I assume you have full backups of your system? If so, restore to the backups from before this problem started, completely wiping all chances since then. No backups? Be very worried. The best bet may be to THROW AWAY EVERYTHING ON YOUR MAC and go back to factory settings. Or seek expert help. PS The page I posted advises you to use something called "Combo Cleaner". ...

Likes

Translate

Translate
Adobe Employee , Feb 17, 2021 Feb 17, 2021
Yeah, that's definitely not legitimate. The authoritative way to figure out if the thing you downloaded is legitimate and/or has been modfiied is to check the digital signature.  Is it valid?  Was the certificate signed by the developer/company you expect (e.g. Adobe), or by some random entity that you've never heard of? https://osxdaily.com/2016/03/14/verify-code-sign-apps-mac-os-x/ That said, here's my "oops, you installed malware" macro for general advice.  If you've encountered a sit...

Likes

Translate

Translate
Adobe Community Professional ,
Nov 27, 2019 Nov 27, 2019

Copy link to clipboard

Copied

Let me move this to the Flash Player forum for you, where you are more likely to receive an answer to your question.

Note that the Community Help forum is for help in how to use the Adobe Communities. Product questions should be posted in the associated product community.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Most Valuable Participant ,
Nov 27, 2019 Nov 27, 2019

Copy link to clipboard

Copied

This looks like a malware attack, not the real Flash Player. Please right click on the install icon and choose Get Info. Open More Info and post a screen shot. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Most Valuable Participant ,
Nov 27, 2019 Nov 27, 2019

Copy link to clipboard

Copied

PS I have just downloaded the official Flash Player installer and it looks nothing like your screen shot. It does not even have the same "f" logo. Please post the info I requested, you may have a very serious problem. Do not use a credit card or post any personal info or type any password on this Mac !!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Most Valuable Participant ,
Nov 27, 2019 Nov 27, 2019

Copy link to clipboard

Copied

Ah found it! Yes, the news is bad. This is malware. Discussion here: https://www.pcrisk.com/removal-guides/16127-tarmac-trojan-mac I assume you have full backups of your system? If so, restore to the backups from before this problem started, completely wiping all chances since then. No backups? Be very worried. The best bet may be to THROW AWAY EVERYTHING ON YOUR MAC and go back to factory settings. Or seek expert help.

 

PS The page I posted advises you to use something called "Combo Cleaner". I advise you NOT TO DO THIS as often "cleaner" apps make things worse, and sometimes leave you even more infected.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 16, 2021 Feb 16, 2021

Copy link to clipboard

Copied

Hi there everyone, I know this post os from a little while ago but I have been having the same problem. However the solution given below dosnt seem applicable to my situation and I am not sure if that was the correct solution for the OP? I have recently tried to install various .dmg's from what I belive to be trusted sites. One or two opened fine but the majority take me to a flash player installer page. There seems to be nothing other than the flash player installer even though the downloaede .dmg fine name is that of the software I was looking to install. I have looked at the solution given by 'TestScreenName' and gone through it step by step but I didnt find any malicous or unusual files on my computer. Nor do I get any flashplayer pop ups, or redirecting of browsers or anything else unusual. So I dont feel like my system is infected in anyway. I just can't open the majority of .dmg's as all they tuen into when I click on them is a flash player installer?

I have scoured the internet and cannot find and other article or post re;ating to this besides the question posted above by the OP? If anyone has any suggestions that would be appreciated.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 16, 2021 Feb 16, 2021

Copy link to clipboard

Copied

Just to give a bit more info attached is the image of the Acrobat Reader Installer that I get. It always looks the same regardless of where I downloaded the .DMG from. 

Screen Shot 2021-02-16 at 11.06.13.png

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Feb 17, 2021 Feb 17, 2021

Copy link to clipboard

Copied

LATEST

Yeah, that's definitely not legitimate.

 

The authoritative way to figure out if the thing you downloaded is legitimate and/or has been modfiied is to check the digital signature.  Is it valid?  Was the certificate signed by the developer/company you expect (e.g. Adobe), or by some random entity that you've never heard of?

 

https://osxdaily.com/2016/03/14/verify-code-sign-apps-mac-os-x/

 

That said, here's my "oops, you installed malware" macro for general advice. 

 

If you've encountered a site offering fake Flash Player downloads, please send a screenshot and a fully copy of the URL(s) involved to phishing@adobe.com.

 

Our phishing team will follow up with appropriate actions on the website side of things.  In general, it's better to avoid posting malicious links to the forums.  We don't want anyone accidentally clicking them, and the more sophisticated delivery mechanisms engineer the URLs for one-time use (it's hard to serve a takedown notice if you can't show someone that the URL is delivering malware).

 

The US Federal Trade Commission has some good advice on avoiding malware in general:
https://www.consumer.ftc.gov/articles/0011-malware
https://support.microsoft.com/en-us/kb/129972

 

Here's the advice that I typically share to people that were either tricked into installing malware, or are seeing fake update notifications, but haven't been lured into actually running those installers:

 

Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.

 

As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization.  In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).

 

The result is that human factors are now the path of least resistance.  It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.

 

In general, you're better off setting everything to update automatically.  You can then go through life assuming that any update notifications you get are bogus.  This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.).  The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.

 

Here are a few guidelines that will minimize your risk of getting tricked into installing malware:

Wherever possible, use your operating system's App Store for downloading and updating software
When software you want (like Flash Player) isn't available from the App Store for your operating system, always navigate directly to the vendor's website.  If you need to search for the download, that's cool -- but avoid "download" sites, and find the vendor's actual download link
Never download stuff from a link in an email or update dialog.  Type it in.  It's easy to disguise fake URLs in links using internationalized characters and things (e is not the same as è, but it might be really easy to miss if you're not looking closely).  If it's a link from a URL shortener service like tinyurl.com/abcde or bit.ly/abcde, you don't know what the end result is going to be, and you're probably wise to just head to Google to find what you need instead.
When the software offers automatic updates, just turn them on and stop worrying about maintaining all the moving parts running on your computer.  The threat landscape is so much different than it was 10-15 years ago.  Enable updates so that you're getting critical patches as soon as they become available.  Be confident that any subsequent update notifications are probably fake, and act accordingly (either ignore them, or consult the vendor for guidance before doing anything).

For Flash Player specifically:

Always download Flash Player from here: 
https://get.adobe.com/flashplayer/
When you install, choose the default option of "Allow Adobe to Install Updates (recommended)", and we'll keep it updated for you.
Google Chrome ships Flash Player as a built-in component, and keeps it updated automatically.  There's nothing separate to download, install or configure.

Microsoft Edge and Internet Explorer on Windows 8 and higher also include Flash Player as a built-in component of their browser, and updates are handled automatically through Windows Update.  Again, as long as Windows Update is enabled, there's nothing to download or configure.


If you've actually installed malware on your machine (which in this instance, it sounds like you have):  

There is a large universe of unknown unknowns, but the important thing to know is that malware authors at this point are professionals.  They test against popular antivirus and cleanup tools.  Good malware is going to first establish a foothold, but the second order of business would be to ensure resilience. 

If you've run cleanup tools and have removed the obvious visible signs of the malware infection, that may be adequate, but you're putting a lot of faith into the efficacy of those tools.  In most situations, it's difficult to determine whether or not you've eradicated everything that was installed, and you should weigh those risks carefully.  Without significants expertise, and/or an exhaustive and expensive forensic analysis, there are no guarantees.


If it were me, I'd probably back up all of the critical data on the machine and then burn the whole thing down and start from scratch (i.e. format the hard disk, reinstall the operating system and applications from pristine sources, install a reputable antivirus utility, scan my backups and then restore them. 

I'd then go buy a password manager like LastPass/OnePass/KeyPass/etc. and set about ensuring that I have unique, strong passwords for each of the important online services that I use (including any email services that could be used to reset those passwords), and set up two-factor authentication wherever it's offered.

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines