Copy link to clipboard
Copied
I wanted to report a problem with the latest Adobe Flash update.
I received notice Wednesday, 2/21/18, that Flash had an update. So I did it. But unfortunately, did not see/notice that that particular update came bundled with elements that compromised my search engine, installed Adware software I did not want, and essentially created bad processes internet processes.
It took me almost 3 hours to disable, remove, and frankly destroy all the elements mentioned above, as well as it costing me a program to allow me to uninstall, delete, and remove said elements.
I was furious!
Copy link to clipboard
Copied
Flash Player installer, downloaded from adobe.com does not modify the search engine, nor install adware. Unfortunately, it sounds like you were tricked into installing a malicious Flash Player installer that included this other malicious apps.
Copy link to clipboard
Copied
Sorry this happened to you. I'm going to leave some advice here for other folks that may run across this.
Unfortunately, because Flash Player is installed on billions of computers, it's a common target for impersonation for people distributing malware.
As an industry, we've done a pretty good job of defending against technical attacks that allow bad guys to install software without your authorization. In 2018, it's really difficult to do (assuming you're running a modern operating system and not something from 2005, in which case, you should get on that).
The result is that human factors are now the path of least resistance. It's easier to trick you into installing something on behalf of the attacker, vs. figuring out how to defeat all of the security stuff required to do it without your express permission.
In general, you're better off setting everything to update automatically. You can then go through life assuming that any update notifications you get are bogus. This is actually what we strongly recommend, and it generally applies to anything tasked with handing untrusted communication (the operating system, your web browser, flash player, etc.). The inconvenience of something functional breaking because of an update pales in comparison to the pain of recovering from identity theft.
Here are a few guidelines that will minimize your risk of getting tricked into installing malware:
For Flash Player specifically:
Also, while you've manually cleaned up the stuff that you can see, you installed malware on your machine. There's a large universe of unknown unknowns, but the malware guys at this point are generally professionals. They test against the popular antivirus and cleanup tools. While you've removed the obvious visible signs of the malware infection, you're putting a lot of faith into the tools that you used. This sort of requires a gut-check on your part about what your risk tolerance and confidence level is. It also depends on what you do with the computer (health care, banking, etc.). Good malware is going to first establish a foothold, but the second order of business would be to ensure resilience. Without an exhaustive (and expensive) forensic analysis, there are no guarantees that you've eradicated everything that was installed.
If it were me, I'd probably back up all of the critical data on the machine and then burn the whole thing down and start from scratch (e.g. format the hard disk, reinstall the operating system and applications from pristine sources, install a reputable antivirus utility, scan my backups and then restore them. I'd then go buy a password manager like LastPass/OnePass/KeyPass/etc. and set about ensuring that I have unique, strong passwords for each of the important online services that I use (including any email services that could be used to reset those passwords), and set up two-factor authentication wherever it's offered.