cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Adobe Cryto Mining Operations

richardk71696431
New Here ,
Feb 19, 2018 Feb 19, 2018

Hey -

I just updated my Creative Cloud apps, and found that my AV blocked Adobe from running an app called "CoinMiner."

I think this means either Adobe is doing this intentionally (bad) or someone hacked your update files and Adobe is doing this unintentionally (very bad).

I have blocked this application, so feel free to take whatever action you think is appropriate.

Richard

5.7K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

throwway1111111
New Here , Feb 19, 2018 Feb 19, 2018

Hi Richard,

I've seen the same issue, specifically the RedDecoder DLL files (both X86 and x64) presumably from Adobe Premier are being flagged as coin miners by Microsoft AV and deleted. Unfortunately we haven't been able to get a sample and submit it to Microsoft as a false positive as every time the update server re-downloads and attempts to distribute the files, they get deleted. This has only begun within the last few days.

If anyone out there has these DLL files and can submit to MS to re-ch

...
Translate
replies 30 Replies 30
latest latest Jump to latest reply
es1010
New Here ,
Feb 22, 2018 Feb 22, 2018
In Response To Reggie_Edit

I can't submit them - the files are too large.  --Eileen

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Reggie_Edit
Community Beginner ,
Feb 22, 2018 Feb 22, 2018
In Response To es1010

What files were you trying to submit and where Eileen?

There are 2 files detected by our M$ AV:

REDDecoder-x86.dll

REDDecoder-x64.dll

Microsoft premier support allows 1gb uploads. I can't imagine these two files are larger than than that!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
es1010
New Here ,
Feb 21, 2018 Feb 21, 2018

We have several reports of the software being tagged PUA:Win32/CoinMiner.  We are packaging the software for the device license.  CoinMiner is being found in different software packages - packaged by different techs.  It is being found in different builds too.  I have one from 2016 and 2017 that it is getting tagged with the CoinMiner virus. 

PUA:Win32/CoinMiner 2/20/2018

containerfile:_C:\Users\username\Desktop\ADVCCJan2018.zip;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AEFT15.0.1/AdobeAfterEffects15AllTrial.zip->1/universal/Professional/Support Files/REDDecoder-x64.dll;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AEFT15.0.1/AdobeAfterEffects15AllTrial.zip->1/universal/Professional/Support Files/REDDecoder-x86.dll;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AME12.0.1/AdobeMediaEncoder12AllTrial.zip->1/universal/App/REDDecoder-x64.dll;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AME12.0.1/AdobeMediaEncoder12AllTrial.zip->1/universal/App/REDDecoder-x86.dll;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AUDT11.0.1/AdobeAudition11All.zip->1/universal/App/REDDecoder-x64.dll;file:_C:\Users\username\Desktop\ADVCCJan2018.zip->ADVCCJan2018/Build/HD/AUDT11.0.1/AdobeAudition11All.zip->1/universal/App/REDDecoder-x86.dll;file:_C:\Users\username\De NT AUTHORITY\NETWORK SERVICE

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Feb 23, 2018 Feb 23, 2018

Please check the digital signature on the specific file that is giving the report. What signer? What date? Does it show as valid when you click Details?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
sparshagrwal
New Here ,
Feb 25, 2018 Feb 25, 2018

Hi,

First update your Anti Virus and then try to re-install your latest product. I have tried with latest Windows defender (ver. 1.261.1547.0) and it installed without any issue.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
rossb17369478
New Here ,
Feb 26, 2018 Feb 26, 2018
LATEST
In Response To sparshagrwal

I'm sorted now after a magical reboot it no longer detects as a virus

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Troubleshooting Software & Hardware
Troubleshooting PC hardware
Troubleshooting Mac Hardware
Troubleshooting Premiere Pro Software
Premiere Pro Troubleshooting Documents
Video Hardware Forum
Frequently Asked Questions
Premiere Pro Guided Workflow: Start Here
How to reset preferences in Premiere Pro?
Open in a new window
How to clean media cache in Premiere Pro?
Open in a new window
How to fix workspace related issues?
Open in a new window
Everything you need to know about GPU in Premiere Pro
Open in a new window
How to find the exact version of Premiere Pro?
Premiere Pro New Features
Welcome to Adobe Premiere Pro 24.6!
Welcome to Adobe Premiere Pro 25.0!
Welcome to Adobe Premiere Pro 25.1!
Welcome to Adobe Premiere Pro 25.2!
Welcome to Adobe Premiere Pro 25.3!
Welcome to Adobe Premiere Pro 25.4!
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices