Flash Player Installer appeared on my desktop with... - Adobe Support Community

Report · Jan 16, 2017

I've had this happen once before. Last time I just deleted it but I'm afraid it's malware. I can't find the source dmg that's creating this. It looks legit but is there any reason Adobe updates should show up spontaneously on the desktop like this?

Report · Jan 17, 2017

Hi,

You can verify if it's a legitimate file or not by doing the following:

Launch Terminal app (/Applications/Utilities/Teminal.app
At the prompt type: codesign -vvd <Path to Install Adobe Flash Player.app>
- Easiest way to do this is to drag the APP installer onto the Utilities app after typing codesign -vvd
Click Enter
Legitimate installers should display the following:

Identifier=com.adobe.flashplayer.installmanager

Format=app bundle with Mach-O thin (i386)

Authority=Developer ID Application: Adobe Systems, Inc.

Authority=Developer ID Certification Authority

Authority=Apple Root CA

You can also use Disk Utility to see if there is a DMG mounted. If so, you can nmount the DMG using Disk Utility.

--

Maria

Report · Jan 17, 2017

The installer checks out in Terminal for everything you mentioned. Can't find a DMG source from disk utility. Is there a reason Adobe would be spontaneously mounting disk images to my desktop?

Report · Jan 17, 2017

I'm not sure what causes the DMG to all of a sudden display on the desktop. This has been reported once or twice in the past, but no definitive cause has been identified.

Report · Jan 18, 2017

It happens to me sometimes too. I’ve always assumed that it’s a combination of auto-update being enabled and being logged into the machine with a standard user profile (and therefore the installation can’t take place without user interaction). Does the user profile on your system have admin rights?

Report · Jan 18, 2017

Yes it does.

That's relieving as I was worried there was some clever malware process in the background causing this.

Report · Jan 18, 2017

The Background Update is completely silent, in the background, no user intervention or files display on the desktop. For the Notification auto-update workflow, nothing is downloaded unless the user opts to download the update when notified an update is available. Neither of these workflows would be the cause of the mounted disk image displaying on the desktop.

Report · Jan 18, 2017

Yeah, that's super odd. I was wondering if maybe you're a member of an enterprise organization that might be pushing this out via script, but that it didn't quite clean up after itself.

Flash Player Installer appeared on my desktop without warning. Legit or virus?