Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1.701.3.3014 7.75%
1.7.4.0 32.86%
1.7.2.0 33.74%
1.7.0.0 6.61%
1.6.5.0 14.19%
1.5.7.0 3.70%
1.4.7.0 0.09%
1.4.5.0 0.26%
1.1.5.0 0.79%

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegSetValueExW, RegOpenKeyExW, RegQueryValueW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyW, CryptReleaseContext, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptAcquireContextW, QueryServiceStatusEx, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegDeleteValueW, RegCreateKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegCreateKeyExW, OpenThreadToken, DuplicateToken, CheckTokenMembership, IsValidSid, GetLengthSid, ConvertSidToStringSidW, LookupAccountNameW, CopySid, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, GetUserNameW, RegCloseKey, RegQueryValueExW, ControlService, CreateWellKnownSid, GetTokenInformation, RegFlushKey, RegEnumValueW, RegQueryInfoKeyW
comctl32.dll
InitCommonControlsEx, _TrackMouseEvent
comdlg32.dll
GetFileTitleW
crypt32.dll
CryptDecodeObject, CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CryptProtectData, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject, CryptUnprotectData, CertGetNameStringW
gdi32.dll
ScaleWindowExtEx, GetBkColor, GetTextColor, GetRgnBox, GetMapMode, GetStockObject, GetViewportExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, PtVisible, ExtTextOutW, TextOutW, SetBkMode, RestoreDC, SaveDC, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetDeviceCaps, GetTextExtentPoint32W, DeleteDC, ExtSelectClipRgn, GetWindowExtEx, CreateFontIndirectW, CreateRectRgnIndirect, GetObjectW, DeleteObject, SetMapMode, RectVisible
kernel32.dll
DllMain
ole32.dll
CoCreateInstance, CoInitializeEx, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, CoRegisterMessageFilter, OleFlushClipboard, OleIsCurrentClipboard, CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, CoInitializeSecurity, OleUninitialize
oledlg.dll
OleUIBusyW
psapi.dll
EnumProcesses, GetModuleBaseNameW, GetModuleFileNameExW, EnumProcessModules
sensapi.dll
IsNetworkAlive
shell32.dll
ShellExecuteW, SHGetFolderPathW, SHCreateDirectoryExW, SHFileOperationW, SHAppBarMessage, Shell_NotifyIconW
shlwapi.dll
PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW, SHDeleteKeyW
urlmon.dll
URLDownloadToFileW
user32.dll
CharNextW, ReleaseCapture, SetCapture, GetSysColorBrush, DestroyMenu, GetDesktopWindow, CreateDialogIndirectParamW, GetNextDlgTabItem, EndDialog, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, RegisterWindowMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, MapWindowPoints, TrackPopupMenu, SetMenu, ShowScrollBar, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, AdjustWindowRectEx, ScreenToClient, EqualRect, DefWindowProcW, CallWindowProcW, CopyRect, PtInRect, GetMenu, PostThreadMessageW, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetLastActivePopup, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, EnableMenuItem, InvalidateRgn, GetWindowTextLengthW, SetFocus, IsWindowEnabled, MoveWindow, SetWindowLongW, GetDlgCtrlID, SetWindowTextW, GetWindowLongW, IsDialogMessageW, SetDlgItemTextW, SendDlgItemMessageW, GetDlgItem, CharUpperW, UnhookWindowsHookEx, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetKeyState, ValidateRect, GetWindow, SetWindowContextHelpId, MapDialogRect, SetWindowPos, PostQuitMessage, GetMenuState, GetMenuStringW, ExitWindowsEx, EnumWindows, GetWindowTextW, IsWindowVisible, GetWindowThreadProcessId, FindWindowExW, SystemParametersInfoW, SetActiveWindow, DrawAnimatedRects, SetMenuDefaultItem, ModifyMenuW, GetMenuItemID, GetMenuItemCount, GetSubMenu, ClientToScreen, GetCursorPos, LoadMenuW, GetActiveWindow, DrawIcon, GetClientRect, RegisterClipboardFormatW, GetSystemMetrics, IsIconic, PeekMessageW, UnregisterClassW, MessageBeep, OffsetRect, GetNextDlgGroupItem, KillTimer, GetFocus, UpdateWindow, IsWindow, SetTimer, SetCursor, DrawFocusRect, InflateRect, SetRectEmpty, SendMessageW, GetWindowRect, GetParent, LoadCursorW, EnableWindow, GetForegroundWindow, PostMessageW, LoadIconW, SetForegroundWindow, MessageBoxW, InvalidateRect, SetRect, IsRectEmpty, CheckMenuItem, CopyAcceleratorTableW, ShowWindow
userenv.dll
UnloadUserProfile
version.dll
VerQueryValueW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeW, GetFileVersionInfoSizeA, GetFileVersionInfoW
wininet.dll
DeleteUrlCacheEntryW
winspool.drv
DocumentPropertiesW, OpenPrinterW, ClosePrinter
wintrust.dll
WinVerifyTrust

AdobeARM.exe

Adobe Reader and Acrobat Manager by Adobe Systems (Signed)

Remove AdobeARM.exe
Version:   1.4.7.0
MD5:   6a8b5c84f2e4935df5afca6800a0fae1
SHA1:   2d8291816b03dec97eeb18214463ccc5c0ab19e3
SHA256:   9a6902cfa8e0895ce7db8d3e1b09df5c342950c0e7c4df65c18cc59470c6f599
Warning 29 antivirus scanners has detected malware.

What is AdobeARM.exe?

AdobeARM.exe is a part of new Adobe Acrobat\Reader updater. The Updater is responsible for checking for, downloading, and launching the update installer for Reader or Acrobat. The Updater primarily keeps itself up to date and downloads and extracts needed files. It does not actually install anything, as that job is handled by a separate installer. Update preferences controlled at the registry level. Log settings controlled at the registry level; log name and location is different. Checks for upd

About AdobeARM.exe (from Adobe Systems)

Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Adobe Reader to view, search, digita

DetailsDetails

File name:AdobeARM.exe
Publisher:Adobe Systems Incorporated
Product name:Adobe Reader and Acrobat Manager
Typical file path:C:\Program Files\common files\adobe\arm\1.0\adobearm.exe
File version:1.4.7.0
Size:167.5 KB (171,521 bytes)
Build date:2/23/2013 3:36 PM
Certificate
Issued to:Adobe Systems
Authority (CA):VeriSign
Expiration date:Friday, September 20, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Adobe ARM' → "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Scheduled tasks
  • The task 'Programma di aggiornamento online di Adobe' runs weekly in the path '\Programma di aggiornamento online di Adobe'
  • The task 'Program aktualizacji online firmy Adobe.' runs weekly in the path '\Program aktualizacji online firmy Adobe.'
  • The job 'Adobe 联机更新程序' runs weekly in the path '\Adobe 联机更新程序'
  • The task 'Adobe online aktualizační program' runs weekly in the path '\Adobe online aktualizační program'
  • The task 'Программа онлайн-обновления Adobe.' runs in the path '\Программа онлайн-обновления Adobe.'
  • The task 'Adobe 联机更新程序' runs weekly in the path '\Adobe 联机更新程序'
  • The job 'Programa de atualização online Adobe' runs weekly in the path '\Programa de atualização online Adobe'
  • The job 'Программа онлайн-обновления Adobe.' runs weekly in the path '\Программа онлайн-обновления Adobe.'
  • The task 'Adobe-Online-Aktualisierungsprogramm' runs weekly in the path '\Adobe-Online-Aktualisierungsprogramm'
  • The task 'Programme de mise à jour en ligne de Adobe' runs weekly in the path '\Programme de mise à jour en ligne de Adobe'
  • The task 'Adobe Reader and Acrobat Manager' runs weekly in the path '\Adobe Reader and Acrobat Manager'
  • The job 'Adobe ARM' runs on logon in the path '\Adobe ARM'
  • The job 'Programa de actualización online de Adobe' runs weekly in the path '\Programa de actualización online de Adobe'
  • The task 'Adobe online update program' runs weekly in the path '\Adobe online update program'
  • Entry path '\Программа онлайн-обновления Adobe.'
  • Entry path '\Programa de atualização online Adobe'
  • Entry path '\Adobe Reader and Acrobat Manager'
  • Entry path '\Programa de actualización online de Adobe'
  • Entry path '\Programma di aggiornamento online di Adobe'
  • Entry path '\Adobe-Online-Aktualisierungsprogramm'
  • Entry path '\Programme de mise à jour en ligne de Adobe'
  • Entry path '\Adobe オンライン更新プログラム'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\Adobe ARM'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 29 of them detected the following malware.
Antivirus engineEngine versionDetection
Agnitum 5.5.1.3 Trojan.DR.Agent!+rHkLDaGflI
AhnLab V3 Internet Security 2013.04.09 Malware/Win32.Generic
Avira AntiVir 7.11.71.62 TR/Dropper.Gen
avast! 6.0.1289.0 Win32:Malware-gen
AVG 2014.0.3629 Dropper.Generic7.BUKT
BitDefender 7.2 Gen:Variant.Barys.2605
CAT Quick Heal 10.13.12.00 Trojan.Injector
Commtouch 5.4.1.7 W32/Trojan.BWMD-0026
Comodo Internet Security 15862 UnclassifiedMalware
Dr.Web 8.13.10.1 Trojan.AVKill.28851
Emsisoft Anti-Malware 3.0.0.575 Trojan.MSIL.Injector (A)
ESET NOD32 7.8206 a variant of MSIL/Injector.AFM
Fortinet 5.0.43.0 MSIL/Kryptik.GVV!tr
F-Secure 11.0.19020.35 Gen:Variant.Barys.2605
G Data 13.10.22 Gen:Variant.Barys.2605
Ikarus T3.1.4.0.0 Trojan-PWS.MSIL
K7 AntiVirus 9.164.8482 Riskware
Kaspersky 9.0.0.837 HEUR:Trojan.Win32.Generic
Kingsoft 2013.1.8.219 Win32.Troj.Undef.(kcloud)
McAfee 5.400.1158 Suspicious Resource!msil
McAfee Gateway Anti-Malware v2012.1-dat RDN/Generic Dropper!ez
Microsoft Security Essentials 1.9302.0 VirTool:MSIL/Injector.CT
Norman 7.00.22 Suspicious_Gen4.CMSLF
Panda Antivirus 10.0.3.5 Trj/OCJ.D
Sophos 4.87.0 Mal/Generic-S
Symantec 20121.3.0.76 WS.Reputation.1
Trend Micro 9.740.0.1012 TROJ_GEN.RCBCFC6
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.R47CPCI
VIPRE Antivirus 16678 Trojan.Win32.Generic!BT

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 39.00%
Windows 7 Ultimate 14.00%
Windows 8.1 11.00%
Windows 7 Professional 8.00%
Microsoft Windows XP 5.50%
Windows 8 4.00%
Windows 8.1 Single Language 2.50%
Windows 8 Pro 2.50%
Windows Vista Home Premium 2.00%
Windows 8.1 Pro 1.50%
Windows 8.1 N 1.50%
Windows 8 Single Language 1.50%
Windows 7 Home Basic 1.00%
Windows 8.1 Pro with Media Center 1.00%
Windows 8.1 Pro Preview 1.00%
Windows Vista Home Basic 1.00%
Windows 7 Starter 1.00%
Windows 8.1 Enterprise 1.00%
Windows 8 Enterprise N 0.50%
Windows 8 Enterprise 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Adobe Reader and Acrobat Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 19.42%
Hewlett-Packard 15.11%
ASUS 15.11%
Toshiba 12.95%
Acer 9.71%
Lenovo 7.91%
Sony 5.04%
Intel 3.60%
Samsung 3.24%
Compaq 2.88%
GIGABYTE 0.72%
Medion 0.72%
Gateway 0.72%
MSI 0.72%
American Megatrends 0.72%
NEC 0.72%
Alienware 0.36%
Sahara 0.36%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE