Fake Flash Player Install - How To Remove?

Type: Trojan

Be aware of Trojan.Ransomware which trickily pretends to be an installer for Adobe Flash Player software, but in reality it’s just a tool to perform an SMS fraud!

When executed, Trojan.Ransomware will make a copy of itself in %ALLUSERSPROFILE% and then will start displaying notifications in Russian. Usually, Trojan.Ransomware performs fake Adobe Flash Player installation that requires sending an SMS message to receive a certain activation code and to complete installation process.

However, this process is not real, so you should remove Trojan.Ransomware after noticing messages looking such as the picture given below. When deleting, try serial codes 35676549 and 28527548 and also run Spyware Doctor anti-spyware.

Automatic Fake Flash Player install removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure 

Fake Flash Player install screenshots


About the author

 - Passionate web researcher

I have been working with 2-viruses.com project for a while now and I would like to think that our research team has managed to raise awareness about cyber security. I study the newest infections, help out with manual instructions and answer questions that our users might have.

June 19, 2010 10:03, June 19, 2010 10:19

4 thoughts on “Fake Flash Player install

  1. I experienced two instances of this problem in as many days over the past week. One on my own computer and one on a customer`s computer. In each case it stopped WinXP SP3 from being able to run or run properly. I don’t know how long “Quick Flash Player” has been on each system. For some time my own system would occasionally crash while idling overnight. When this type of thing happens the cause could be failing RAM or bad sectors developing on the HD. It’s a pain to have to stop and check things out and I tend not to do it until things get bad enough. Now it was bad enough and I ran the basic checks and found nothing on my own and one or two bad sectors on my customers which did not seem to matter (not one in the middle of a crucial system file).
    So it had to be software. Chkdsk was run – something I always do because a slightly corrupt filesystem can produce crazy problems. To cut a long story short I found the problem by temporarily removing the HDs and lashing it to my laptop via a USB/SATA adapter. I then ran Trendmicro IS Pro on the disks and it found the infection in each case. They were located in C:\Program Files\Quick Flash Player. After removing these and reconnecting the HDs WinXP came up again without further trouble.
    In my own case I could bring the computer up in Safe mode. In my customer`s it could not and crashed when the gagp30kx.sys driver tried to load. Each time it crashed here the filesystem was severely mucked up but chkdsk was able to straighten it out though.
    In my own case System Mechanic Pro IS did not detect it; nor did Spybot Search & Destroy; nor Stopzilla ver 5. I’m rather paranoid and have all these programs to try to keep trouble at bay.
    In my customer’s case his Trendmicro IS Pro failed to stop the malware from getting as well. That the Trendmicro on my laptop found the bad program may have meant they updated their signature file *after* the infection came onto the scene.

  2. @Victor Bien
    I failed to add that a scan using AVG’s recently released Rescue CD scanner plus downloaded updates failed to detect this infection.

  3. I to had this. I have Panda Internet Security 2008 and When I went to click the .exe it stop it’s process and told me it was mal-wear. I’m still in the process of scanning the hard drive and will update soon. I know Pandaa is more Expensive then SpyDoctor but it also can be gotten for 3 or more computers and is more than just a Virus scan program. It’s a total Firewall/Virus Scan/MalWare program.

Leave a Reply

Your email address will not be published. Required fields are marked *