EScript.api in Adobe Reader folder detected as threat - False positive?

I just got this when I tried to open a safe pdf file. When I uninstalled Adobe Reader, I got a couple msconfig problems. How do I find out if this is a false positive?

I submitted a false positive report, but it is in my chest

It is labeled Win32:Malware-gen

Additionally I did a boot scan like 24 hours ago, but nothing was found then.

How do I find out if this is a false positive?
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners when you have the result, copy the link and post it here for us to see

https://www.virustotal.com/file/cd1dc02fab5116e5f6fb5a945c8666f666e9b94754db02918d7698af78d243d5/analysis/

Looks like Avast just is detecting it. Anyways, I am just deleting it, since I uninstalled Adobe Reader. I’ll reinstall it later.

seems like a FP yes…

I submitted a false positive report, but it is in my chest
does that mean you uploaded the file to avast lab? you can do so from chest by right click the file

I have had this same issue with Adobe Reader X today. Avast removes or moves to chest some components and brokes Adobe Reader. It looks like this problem is only with Reader X. Reader XI works fine.

I cannot load these files for confirmation, but removing X and installing XI has helped with this one.

Yes, avast just declared war on Adobe Reader X 10.1.5 on all our machines. DigSig.api, Checkers.api and Escript.api in the plug_ins directory are all getting moved to chest on all our workstations. ACK!

Unfortunately we can’t go to XI becuase it is SLOW on our machines, and is causing other issues.

http://forums.adobe.com/message/4999905#4999905

Updated program and definitions, just to be sure… Still getting the Malware Gen blocked message…

https://www.virustotal.com/file/252dd96d535670c1f5e23641cf25641036a8825f8bb8d3d6cd378eedfafeadcb/analysis/1358523307/
https://www.virustotal.com/file/cd1dc02fab5116e5f6fb5a945c8666f666e9b94754db02918d7698af78d243d5/analysis/1358523381/
https://www.virustotal.com/file/1922597ab7c8a0a37e7a108e5901cccbfa4f56d5276dc6edd080a07614514061/analysis/1358523465/

I still haven’t reinstalled yet, has the war been ended?

We are still seeing issues. Waiting for someone authoritative to declare that they have fixed it.

still waiting…

I actually added an exception for EScript.api just to get our systems working, has anyone heard anything new on this? It just hit us today on 2 systems. Only difference between these systems and the working ones is that they are running Google Sync for Outlook. All systems have the same version of Adobe Pro (9.5.4) and current Avast program (8.0.1483) and virus definitions (130314-1) from today. All systems running Windows 7 professional with a mix of 32bit and 64bit. One of the troubled machines is running 32 bit and the other 64 so that shouldn’t be an issue.

Thanks,
Spline

Started a new thread - but my company just got nailed by this issue this morning - Acrobat 9 Standard and Pro users are getting their EScript.api files nailed. Acrobat becomes useless after that.

Send it to avast as a FP. The avast team is aware of the issue as far as I’m aware…
Detection probably because Escript.api has become exploitable…
The software is one of those third party applications that has/had ceaseless security problems.
Better advised to install Foxit reader for a far better and more secure user experience…
But when there is not an alternative given report it to avast!,

polonus

I’m not worried about the reader (Reader XI seems unaffected, as do alternative readers) - this is killing our ability to edit PDFs (the primary reason we use Acrobat Professional).

Polonus,

Sorry I forgot to mention that I did report this as a false positive.

Thanks,
Spline

Hi all,

New to the forum. Had the same problem today with Adobe Acrobat Pro 9.5.4 sending the escript.api file to the virus chest and rendering Acrobat useless. Wouldn’t open or anything. So I went to the virus chest and right clicked the escript file and clicked Restore. Acrobat is working fine now. Don’t know if this will help anyone but thought I would share as it seems to have resolved my Acrobat malfunction issue without having to re-install the program.

The trouble starts when you have to go do that on 80 machines. :frowning: