WerFault.exe run on Adobe Illustrator instalation

Hello all,

Today i have downloaded a “Adobe Illustrator CS5” but i try to run installer with using my computer guard (I love Avast), and i saw that there is something which i don’t understand.

That is normal to run C:\Windows\SysWOW64\WerFault.exe while installing any application?

http://i.imgur.com/EPKR5MW.png?1

Please guys help me before i run into administrator mode.

Thank you!
Martin

If it is normal or not depends on how the application (in this case Adobe Illustrator) is programmed.
Ask Adobe if it is normal.

My problem is in that, this application is not downloaded from Adobe official website (they have only “Adobe Illustrator CC” now).
I have downloaded it from http://www.muhammadniaz.net/.

I am sure Adobe will not help me, because it is not downloaded from Adobe web site.

Adobe does have it on their website.
You can download a free trial or buy it.

The version on the site you mention is larger than the official version.
A very strong indication that it is bundled with malware or at least PUP’s.

A very strong indication that it is bundled with malware or at least PUP's.
To find out > www.virustotal.com / www.metadefender.com

They were limited to 140MB, my file is 194MB :frowning:

Do the smart thing and get it from Adobe.

ZIP it and compress it (When you do so, make a password, and include that password in the email!), then email it to contact@virustotal.com. Ask for a specific scan of the file in question and mention this thread in the email.

Make sure you attach it in such a way they will be able to download it (So don’t attach it to a Gmail/Hotmail etc) as I don’t think they’d support a file that large.

I would suggest putting it up on a site like Dropbox, Mediafire or an equivalent one that will support it.

And Yes, follow Eddy’s advice. Get it from Adobe. The last case I saw from cracked software resulted in a formatted computer of one of my mates.

Edit: Include the link as well. I will see if Polonus will do his magical work on the link and find out it’s history. Also, please break the link (hxxp://_____(dot)com)

A good reason to stay away from that site :
http://app.webinspector.com/public/reports/53675075

Hi Michael (alan 1998)

What about this site on GoDaddy via nginx-CloudFlare: htxp://www.muhammadniaz.net?

The site has WordPress beginners’ configuration insecurity, so it is probably an amateur site.
The more reason to be extra cautious.

Do not know whether this plug-in is not left by the developer: (WordPress plug-in NULLED)
The following plugins were detected by reading the HTML source of the WordPress sites front page: arqam

Warning User Enumeration is possible :o
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None
2 Muhammad Niaz mrmuhammadniaz
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

This external link comes blocked by script blockers for me: hxtps://d31qbv1cthcecs.cloudfront.net/atrk.js

I would shun this Californian website for the reasons given above, same goes for the content.

polonus (volunteer website security analyst and website error-hunter)

Uh oh

Thank you for you contact from Virustotal.

They send me report…

https://www.virustotal.com/en/file/26141604d9551b669013d51d8db5c1b89cbc5dbc2a2d451c9fa9c7de06f4d124/analysis/1463653103/

Kind regards,
Martin

Odd, can you throw it up on Google Drive (Or an equivalent site) and PM the link to me? They scanned the ZIP file, with a password on it, which is a no no. Memory serves me right, AV’s won’t scan inside that ZIP folder.