Flash Player Installer appeared on my desktop without warning. Legit or virus?

New Here ,
Jan 16, 2017

Copy link to clipboard

Copied

I've had this happen once before. Last time I just deleted it but I'm afraid it's malware. I can't find the source dmg that's creating this. It looks legit but is there any reason Adobe updates should show up spontaneously on the desktop like this?

Screen Shot 2017-01-17 at 1.39.25 PM.png

Views

1.6K

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Jan 17, 2017

Copy link to clipboard

Copied

Hi,

You can verify if it's a legitimate file or not by doing the following:

  • Launch Terminal app (/Applications/Utilities/Teminal.app
  • At the prompt type: codesign -vvd <Path to Install Adobe Flash Player.app>
    • Easiest way to do this is to drag the APP installer onto the Utilities app after typing codesign -vvd
  • Click Enter
  • Legitimate installers should display the following:

          Identifier=com.adobe.flashplayer.installmanager

          Format=app bundle with Mach-O thin (i386)

          Authority=Developer ID Application: Adobe Systems, Inc.

          Authority=Developer ID Certification Authority

          Authority=Apple Root CA

You can also use Disk Utility to see if there is a DMG mounted.  If so, you can nmount the DMG using Disk Utility.

--

Maria

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
dantaylr AUTHOR
New Here ,
Jan 17, 2017

Copy link to clipboard

Copied

The installer checks out in Terminal for everything you mentioned. Can't find a DMG source from disk utility. Is there a reason Adobe would be spontaneously mounting disk images to my desktop?

Screen Shot 2017-01-18 at 1.03.49 AM.png

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Jan 17, 2017

Copy link to clipboard

Copied

I'm not sure what causes the DMG to all of a sudden display on the desktop. This has been reported once or twice in the past, but no definitive cause has been identified.

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Jan 18, 2017

Copy link to clipboard

Copied

It happens to me sometimes too. I’ve always assumed that it’s a combination of auto-update being enabled and being logged into the machine with a standard user profile (and therefore the installation can’t take place without user interaction). Does the user profile on your system have admin rights?

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
dantaylr AUTHOR
New Here ,
Jan 18, 2017

Copy link to clipboard

Copied

Yes it does.

That's relieving as I was worried there was some clever malware process in the background causing this.

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Jan 18, 2017

Copy link to clipboard

Copied

The Background Update is completely silent, in the background, no user intervention or files display on the desktop.  For the Notification auto-update workflow, nothing is downloaded unless the user opts to download the update when notified an update is available.  Neither of these workflows would be the cause of the mounted disk image displaying on the desktop.

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Adobe Employee ,
Jan 18, 2017

Copy link to clipboard

Copied

Yeah, that's super odd.  I was wondering if maybe you're a member of an enterprise organization that might be pushing this out via script, but that it didn't quite clean up after itself.

Likes

Translate

Translate

Report

Report
Reply
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more