Adobe Flash Player Update

Report · Sep 01, 2016

I repeatedly get a web page popping up in IE that says "Adobe Flash Player - Your Flash Player may be out of date" which triggers an IE pop up asking what I want to do with FlashPlayer.hta.

The website is ohcoyinfotraxsys.org

Is this really from Adobe and legitimate?

Report · Sep 01, 2016

No, That is not legitimate. FlahsPlayer.hta is not a valid Flash Player installer file name.

Can you please confirm the website, and provide the entire website URL (e.g. http://...)? I tried going to the website you posted and got an error that the page cannot be displayed.

Can you please post a screenshot of the pop-up, and the website?

I recommend updating your virus/malware/adware/etc software and running a complete scan on your system.

Report · Sep 01, 2016

I restricted the site in IE. This is the address that shows up in the Restricted Sites list:

https//*.ohcoyinfotraxsys.org

I can un-restrict the sight and see if the page pops up again, then send a screen shot if that will help you.

Report · Sep 01, 2016

unfortunately, I can't find information on that domain and when I try to navigate to it I get a server not found error.

It'd be great if you could provide a screenshot that I can forward to our fraud department for follow-up.

Report · Sep 01, 2016

OK. I'll un-restrict the site and capture a screen shot the next time it appears.

Report · Sep 12, 2016

Just got this again. It is not truly a "pop-up". It literally replaces the web page I'm on. Seems to occur when I'm on Yahoo.

Hope this helps.

Bob

https://foopointeresante.org/9301111029799/a1e0275a028584d02574c25304ff46a5.html

https://foopointere9799/a1e0275a028584d02574c25304ff46a5.html

Report · Sep 12, 2016

Thank you for reporting. I have forwarded your post to the fraud department for follow-up. This isn't Adobe doing this. Adobe is in no way involved. If you haven't done so completely scan your system for viruses/malware/adware/etc.

How do you access the internet? Do you use a router? If so, which one (make/model)?

Report · Sep 12, 2016

I access the Internet via cable modem using Time Warner Cable.

I do use a wireless router. It is a Linksys WRT 1900 ACS utilizing WPA2 encryption.

I also run Norton Internet Security and their Deep Scan did not reveal any issues, nor did Malware Bytes.

Report · Sep 12, 2016

Linksys routers had an issue some time back where they were getting infected with a worm, but a Google search didn't return your particular model as being injected. This was a long-shot, since it was some time ago.

Essentially, the browser is being hijacked to a malicious site. This is something on your system, not Adobe related. The page lists the file name as FlashPlayer.hta. Searching for this returns an issue with pop-ups from a few years ago. It's possible it's related and the method since you indicate yours isn't a pop-up, but a browser redirect (hijack). Unfortunately, troubleshooting these sorts of issues on your computer is beyond the scope of these forums. It's also been my personal experience that some anti-virus/malware/etc programs find things while others don't. Malware Bytes is a solid program and usually catching many things. You may want to try something else like AdWCleaner, HitManPro, and/or any myriad of other programs available.

Report · Sep 13, 2016

Thank you for your insights and advice.

If I turn up anything else on this, I'll post it.

Report · Nov 26, 2016

I got the same thing today when I tried to open at article on att.net while using Microsoft Edge. Instead of the article, the page told me I had to update Adobe Flash. I downloaded it, but did not install it. I then ran Norton antivirus and Ccleaner, but it was not flagged as a virus or malware. I don't recall the site now, but the file is FlashPlayer.hta

Report · Nov 26, 2016

I decided to go to the Adobe site to make sure I have the most current version. It wants to know if I have foxfire or Opera / Chromium. I have Microsoft Edge open, so which do I pick? When I tried it on my Google browser, I got a message that I already have the most current. Thank you.

Report · Nov 28, 2016

Hi,

To see which version you have, go to Flash Player Help and click the 'check now' button. The widget will auto-detect the OS, browser, and Flash Player version installed (if any). If you use multiple browsers you'll want to repeat as different browsers use different plugin types (e.g. IE/Edge use Flash Player ActiveX Control, Firefox uses NPAPI plugin, Chrome/Opera and Chromium-based browsers use PPAPI plugin).

--

Maria

Report · May 05, 2017

today I got the fake Adobe update, I immediately took a printscreen then used task manager to end the internet which closed the fake site and update popup. Heres the snapshot.

After opening a new tab for a site from a bing search I was redirected from that site to the one shown(agaiktexalyser.org), as you can see the left arrow is highlighted blue. Yesterday I also had a redirect so ran Malwarebytes, adwcleaner, avast browser cleanup, Hitman, tdskiller, rkill, and Zemana Antimalware. Nothing was found on any of these programs. If I have something its hiding real good.

Report · May 07, 2017

Hi,

Thanks for reporting the issue. I will forward the url to the phishing team.

Thanks!

Report · Sep 07, 2016

I have received the same message from this address: https://quibutonyluvgeraldine.org/1733338642150/f83e6d5a9f6905f9112ef7914491b91d.html

Screen shot...note the Adobe icons.

Report · Sep 08, 2016

Thank you. I have forwarded your post to our fraud department for follow-up.

Report · Sep 20, 2016

I also get this, the site is https://voohohelloweba.org/5441673362743/9ab4ce05fb1d12224e51c6043a6ca498.html

Report · Sep 20, 2016

Thank you. I have forwarded the URL to the fraud department.

Report · Nov 03, 2016

I got the same deal when I was reading this article: Apple is facing several big iPhone 7 problems | ZDNet

I clicked on this link in the article, and that's when I got the phony Flash Player offer: Rare reports of poor image quality on iPhone 7 Plus circulate, no root cause known

Here's the screenshot:

Report · Apr 10, 2017

I get:

What do you want to do with Flashplayer.hta?

from: iuyeeonline-red.com

Open or Save.

I tried to add a screen shot but your system would not allow that kind of image.

I think this is fraud.

Lori

Report · Apr 10, 2017

Hi lorio81025281

Yes, this is a malicious Flash Player installer. If you have the entire URL to the page that has this installer, please private message it to me and I'll forward it to our fraud department. To send a private message, click on my user name link and the on the 'Message' button link.

--

Maria

Report · Apr 10, 2017

I have attached a screen shot but I do not have the entire URL at the top

of this image.

When it pops up again I will get it.

Lori

Report · Apr 10, 2017

How do I get rid of it?

I have ran CCleaner and Malwarebytes.

Lori

Report · Apr 10, 2017

Hi,

There is no screenshot attached. If you're replying via email, the forums software blocks all email attachments. Please try to get the entire URL. From previous experience, the fraud team really does need this to follow-up properly and issue a cease and desist to take down the malicious installer.

Unfortunately, I can't provide information on how to stop this from happening as it could be any number of things, ranging from a malicious ad on a page to something more nefarious. If you perform an internet search for FlashPlayer.hta it'll return many search results, so it's really hard to give you a proper solution.

--

Maria