WIN 10 Problem – adobe_flash_player.exe
August 7th, 2021
So i brought up Task manager and found the only way to remove that box was to close down adobe_flash_player.exe
On reboot – it came back so i downloaded Uninstall flash player from Adobe and unistalled it
Reboot
adobe_flash_player.exe Reapeared in the task manager
Right clicking on it and asking to show location – shows nothing except a folder
I unhide all files and still its not there
What is this – and does anyone else have this problem.
Yesterday i installed Adobe Photoshop / After effects and lightroom so im assuming it was part of this
Am i worrying about nothing.
Looks like a virus
Scan with malwarebytes
Ok, you need to use Process explorer here :
https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
It will tell you where the binary file is really is and associated processes, you can then kill that process. Then upload that binary to virustotal to analyze to determine if it is malware.
scanned with malwarebytes and nothing found
It only comes up on boot up and i just kill the process.
its the 3rd pic – that is flash
EDIT
using process explorer i managed to erase the reg key that was starting it up on startup
Rebooted and it does not show back up
I did search for the files – but all i found was a text file – with the name flash.player.exe so i deleted them files
Not sure what the hell it is or if its still there but time will tell.
Also i submitted the file to virustotal and it came back clean. thats the process that was running that i submitted.
EDIT AGAIN
after few reboots its back again
Try to find the starting folder of the process.
It seems to be a virus at this point…
Try ADW cleaner
http://www.bleepingcomputer.com/forums/t/530047/please-help-attacked-by-adobeflashplayerexevirus/
tried that cleaner – found nothing
im not certain if this is a legit app and somehow its got messed up on install on win 10 as nothing is finding it as suspect.
2 things i know its there
it boots on bootup every time and i start windows and using msconfig doesnt show it so i cant turn it off
Pressing task manager shows me the corrupted pic as u see above.
check the last pic when i get info on the app running Im certain abode is not adobe
here is the program wanting internet access
after a reboot its now changed from running as an app to running as a background process now.
Ive blocked internet access to it – but still unsure what it is.
Using ip in pic above it takes me to a site but not much is there
Try uninstalling adobe flash player (and reinstalling) then
The IP address listed in the ESET SS photo goes to a domain operated under GoDaddy I don’t think adobe needs to use GoDaddy’s servers to operate So, of course, block ALL the outbound traffic
You could also try another AV, like Avira or kaspersky
ive uninstalled adobe flash player – infact i had to get the uninstaller of the net to do it as its not on my comp very weird this – i may just format the whole computer – as this is doing my head in
also flash player is not on my computer (ive done numerous searches for it – nothing comes up
So something is running something and when it does its giving it that name
but how do i find out what is creating that process ????
Update found something not sure what but i found something
# AdwCleaner v5.005 – Logfile created 01/09/2015 at 19:09:04
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : firstpirate – DESKTOP-7372RA5
# Running from : E:\- Downloading -\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF – C:\AdwCleaner\AdwCleaner[C1].txt – [1318 bytes] ##########
Im also beginning to think that Malwarebytes and other programs are not working correctly in win 10.I may be wrong but if so then how did this get though esp as i have ESET installed – Malwarebytes and Advanced System care 8
gettign weirder this i have rebooted a few times and now the win screen has changed itself
compare it to my first pic which is top of post.
finally process Explorer
doesnt seem linked to anything else
Can you upload those flash exes somewhere?
wish i could but if i right click and tell it to take me to the location where the file is – its simply not there.
the ones u see above in the pic which are text files flash exes i have deleted.
Also if u check this section it seems someone else has the exact same problem as me now.
Im not going to waste more time on this – time for format me thinks.
But it still makes me wonder – how ESET / Malwarebytes and IO Systemcare didnt block it or even pick it up
Are these programs working in win 10 – maybe that may the problem.