Oct 21, 2019 Remove Advanced Mac Cleaner rogue optimization tool from Mac OS X to stop its frustrating alerts and undo the concomitant bad effects it calls forth. Update: October 2019. Advanced Mac Cleaner usually appears on Mac boxes out of the blue and floods the victim’s experience with annoying warning messages. The Adobe Creative Cloud Cleaner Tool for Mac allows you to more precisely remove installation records for Creative Cloud or Creative Suite applications that may have become corrupted or may be causing problems with a new installation. It can be particularly helpful if you have installed prerelease software on your system, and now want to remove it.
A decade-old Windows malware trojan wormed its way into the macOS ecosystem, complete with a signed (likely stolen) Apple developer certificate. The exploit appears as an Adobe Flash Player installer. Once permission is granted, it hides itself deep inside macOS folders. Its certificate has already been revoked by Apple, but it's good to be aware of your enemies.
According to Fox-IT, Snake, a malware framework that has been infecting Windows software since 2008, and more recently Linux, is now targeting Mac.
- The Adobe CS5 Cleaner Tool helps to resolve installation problems for Adobe Creative Suite 5, Adobe Creative Suite 4, and Adobe Creative Suite 3 software. The tool can clean up install records for any pre-release (beta) installations of Creative Suite 5 products. The Adobe CS5 Cleaner Tool is.
- Uninstall Adobe Reader on Mac OS Adobe Acrobat Reader is a free software tool to view, print, and comment on PDF files. Despite its usefulness, you may need to uninstall Adobe Reader for some reason.
Now, Fox-IT has identified a version of Snake targeting Mac OS X.As this version contains debug functionalities and was signed on February 21st, 2017 it is likely that the OS X version of Snake is not yet operational.Fox-IT expects that the attackers using Snake will soon use the Mac OS X variant on targets.
Snakes are dangerous and here's why
Similar to the Dok trojan that we heard about earlier this week, Snake popped up with an authenticated developer certificate, which means the Mac's built-in security system, Gatekeeper, would consider it legit and allow the installation process to complete.
It's important to note that Apple has already revoked this fake or stolen developer certificate, so Gatekeeper will block it. However, there is still a slight chance of someone downloading Snake by accident if they've found it through dubious channels. Malwarebytes explains:
Fortunately, Apple revoked the certificate very quickly, so this particular installer is no further danger unless the user is tricked into downloading it via a method that doesn't mark it with a quarantine flag (such as via most torrent apps).
How Snake slithers into your Mac
Just like most malware attacks, Snake doesn't just magically appear on your Mac one day. There isn't someone shooting corrupted files through your ethernet cable directly into your software. Snake has to be welcomed into your operating system by you.
Think of it is a vampire. If you don't invite it into your home, it can't attack you.
The file, named Install Adobe Flash Player.app.zip, will appear to be an Adobe Flash installer (Say what you will about Flash, but there are still a lot of people that have to use it for school or work). From Malwarebytes:
If the app is opened, it will immediately ask for an admin user password, which is typical behavior for a real Flash installer. If such a password is provided, the behavior continues to be consistent with the real thing.
Interestingly, once the installation is complete, Flash is actually installed on the Mac, making it even more difficult to tell that it's a trojan.
How you can protect yourself against Snake
As noted above, the fake/stolen developer certificate that allowed Snake to get a pass from Gatekeeper has already been revoked, so it's likely that, even if you download the zip file and try to open the app, your built-in security program will say, 'Nope Dope!'
But to refresh best practices, if you receive an email with an attachment at all, do some due diligence to make sure it's from a legitimate source. Check the sender address to make sure it is from an address you recognize. Click on the sender's name to view the email address it was sent from to make sure it's not a spoofed email. If you're still unsure, confirm with the sender by texting, calling or sending a separate email asking if the attachment is legit.
Specific to the Snake trojan, avoid downloading any zip files with the name Install Adobe Flash Player.app.zip.
What to do if Snake already bit you
Do you like my snake puns?
If you think you might have managed to accidentally install the Snake trojan onto your Mac, you can find and delete the following files:
- /Library/LaunchDaemons/com.adobe.update.plist
- /Library/Scripts/installd.sh
- /Library/Scripts/queue
- /var/tmp/.ur-*
- /tmp/.gdm-socket
- /tmp/.gdm-selinux
Next, delete the stolen/fake signed Apple Developer certificate.
- Launch Finder.
- Select Applications.
- Open your Utilities folder.
- Double-click on Keychain Access.
- Select the certificate named Adobe Flash Player installer with the signed certificate issued to Addy Symonds.
- Right or Control + click on the Certificate.
- Select Delete Certificate from the drop down options.
- Select Delete to confirm that you want to delete the certificate.
Lastly, change your administrator password to ensure that you're backdoor is rekeyed so the hackers can't get back in.
Remember best practices for staying safe
It is unlikely, at this point, that Snake will slither through your Mac's backdoor. For one, Apple has revoked the certificate, which makes it nearly impossible to make it through the installation process without you knowing about it.
To reiterate, don't open attachments from unknown sources. Double check the sender email address to make sure it is not spoofed. Don't open suspicious-looking files or give administrator permission to unknown programs. You can protect yourself from attacks if you stay safe.
If you do end up with malware on your Mac, take a moment to relax and know that everything will be O.K. You can remove malware on your own, but if it seems too difficult for you to tackle, you can talk to Apple support. Someone will be able to help you.
MacBook Pro
Main
Apple ArcadeSTELA for Apple Arcade is a shallow, sadistic, totally fun game
Can you outrun killer dark shadows? Take leaps of faith into the unknown? Traverse a world where nothing is what it seems? STELA will test your mettle.
Adobe Reader and Acrobat Cleaner Tool
The Adobe Reader and Acrobat Cleaner Tool removes a standalone installation of Reader or Acrobat, including any preferences and settings that may be preserved during a standard program uninstall.
While most installs, uninstalls, and updates operations happen without incident, there are cases where a user may not be able to complete such tasks due to some registry or file conflict on the machine. This is particularly problematic when permissions set on plist entries or files prevent the successful installation of new installs and/or updates. The Adobe Reader and Acrobat Cleaner Tool is designed to fix such issues by cleaning up corrupted installations, including removing or fixing corrupted files, removing or changing permissions registry entries, etc. The tool provides options for removing problematic Acrobat items only while leaving Reader untouched and vice versa.
Note: JavaScript is disabled in your browser. To access the Adobe Reader and Acrobat Cleaner Tool, please enable JavaScript and reload the page.
Adobe Reader DC and Acrobat DC Cleaner Tool
AcroCleaner for DC and later
Adobe Advanced Mac Cleaner
This download provides the Adobe Reader and Acrobat Cleaner Tool for Windows and Mac.
IMPORTANT:
1. THIS TOOL IS NOT FOR USE WITH ANY CREATIVE SUITE PRODUCTS INCLUDING SUITES THAT CONTAIN ACROBAT. IT CAN ONLY BE USED WITH STANDALONE VERSIONS OF ACROBAT AND ADOBE READER.
2.The Windows version of the tool only supports cleanup of DC products (both Continuous and Classic tracks). If you want to remove any older versions of Acrobat and Reader products then please refer to “AcroCleaner for 10.x and later”.
3. In some scenarios Cleaner tool for Windows might affect some preferences common between Acrobat and Reader. Hence it is advised that if both Acrobat and Reader products are installed on machine then the installed product be repaired after running the cleaner Tool.
Version | 4 |
---|---|
Date | June 10, 2015 |
Use the AcroCleaner Version 4 for DC and later on Windows to cleanup failed or partial uninstalls of DC products.
English
- Download Adobe Reader DC and Acrobat DC Cleaner Tool for Windows version 4.0 (ZIP, 468 KB)
Version | 1 |
---|---|
Date | Dec 13, 2017 |
Use the AcroCleaner Version 1 for 11.x, DC and later on Mac to cleanup failed or partial uninstalls of of 11.x and DC products.
English
- Download Adobe Reader DC and Acrobat DC Cleaner Tool for Mac version 1.0 (DMG, 416 KB)
Adobe Reader and Acrobat Cleaner Tool
AcroCleaner for 10.x and later
This download provides the Adobe Reader and Acrobat Cleaner Tool for Windows.
IMPORTANT:
THIS TOOL IS NOT FOR USE WITH ANY CREATIVE SUITE PRODUCTS INCLUDING SUITES THAT CONTAIN ACROBAT. IT CAN ONLY BE USED WITH STANDALONE VERSIONS OF ACROBAT AND ADOBE READER.
Version | Preview 2 |
---|---|
Date | June 17, 2013 |
Use the AcroCleaner Version 2 for 10.x and later to cleanup failed or partial uninstalls of 10.x and 11.x products.
English
- Download Adobe Reader and Acrobat Cleaner Tool for Windows version 2 (ZIP, 651 KB)
AcroCleaner for 9.x
Version | Preview 1 |
---|---|
Date | June 17, 2013 |
Use the AcroCleaner for 9.x to cleanup failed or partial uninstalls of 9.x products.
English- Download Adobe Reader and Acrobat Cleaner Tool for Windows version 1 (ZIP, 614 KB)
User Instructions
Follow either the User Interface Workflow or the Command Line Usage instructions below to use the Adobe Reader and Acrobat Cleaner Tool. Once you are done, please send us your comments and let us know about your experience.
User Interface Workflow
- Do not proceed if you installed Acrobat or Reader as part of Creative Suite. This tool can only be used with standalone versions of Acrobat and Reader.
- Double click the AdbeArCleaner.exe file.
- Verify you want to continue, and choose Next.
- Accept the EULA and choose Next.
- Choose the standalone product to clean and choose Next.
- If the product to be cleaned is installed on the machine, tool directly proceeds to cleanup.
- If the product is not found, then Acrobat/Reader is cleaned from default installation location at ProgramFilesFolderAdobeAcrobat *.* folder. The user is also given an option to select and add any other additional installation.
- If more than one product is detected, choose which product to remove and whether or not to remove any files that may be shared between Adobe Reader and Acrobat.
- Choose Clean Now. Cleanup begins.
- When finished, restart the machine.
Command Line Usage
- Do not proceed if you installed Acrobat or Reader as part of Creative Suite. This tool can only be used with standalone versions of Acrobat and Reader.
- Open a command prompt.
- Run tool with the desired command line parameters as follows:
ProductId Identifies the product:
0 = Acrobat (Default)
1 = ReaderInstallPath Specifies the product installation path. Default = the product’s default location; e.g. C:Program Files (x86)AdobeReader 10.0. You must use this parameter when using ScanForOthers = 0. CleanLevel Specifies the level of cleanup; i.e. shared components should be cleaned or not:
0 (Default) = clean only components for the selected product.
1 = clean components for the selected product as well as shared components.ScanForOthers Specifies whether to search for and delete only the installation directory identified by InstallPath or all directories on the machine:
0 = Search for and delete only directories found on the path specified by the InstallPath parameter.
1 (Default) = Search for and delete installation directories system wide. This search includes non-default paths as well as default paths such as C:Program FilesAdobeAcrobat 10.0./? Invokes the tool’s Help; for example: AdbeArCleaner.exe /?
User Interface Workflow
- Double click to mount the AdobeAcroCleanerTool.dmg
- Double click the file: AcroCleanerTool.app
- Verify you want to continue, and choose Next.
- Accept the EULA and choose Next.
- Choose the product to remove and click Next.
- Applications found installed are listed separately for both Acrobat and Reader. By default, all the listed applications will be selected for clean-up. Following buttons below the lists can be used to customize the list.
Remove button: Select the application you don’t want to uninstall and click ‘Remove’ button below that particular list.
Refresh button: You can repopulate the full list again using ‘Refresh’ button below that particular list. - Click on Clean button to remove the listed applications
- Press OK to confirm.
- Provide admin password in the admin prompt dialog.
- Cleanup processing begins.
- Press OK once finished dialog is shown.
- Press Quit button to quit the CleanerTool app or ViewLog button to view the logs.
Frequently Asked Questions
- Windows 7: C:Users[USERNAME]AppDataLocalTempRaftLogsAdbeArCleaner.log
- Windows XP: C:Documents and Settings[USERNAME]Local SettingsTempRaftLogsAdbeArCleaner.log
- Mac: ~/Library/Logs/Adobe/AcroCleanerTool.log
Mac: The tool can be used from OS X 10.9 and onward.
Known Issues
Adobe Mac Cleaner
- If you have both Acrobat and Reader installed, removing the product that is the default PDF viewer can result in the other product failing to become the new default PDF viewer. When this problem occurs, run Repair on the remaining product and reboot the machine to make the remaining product the default PDF handler.
- For Acrobat Pro Extended 9.x, the tool leaves the Acrobat entry in Add Remove Programs. To manually remove this entry, run an uninstallation from the ARP entry or manually remove the following registry entries:
- Windows 32 Bit OS: HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall<Product-Code>
- Windows 64 Bit OS: HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall<Product-Code>
- The product code is language specific. For example, for EFG it would be {AC76BA86-1033-F400-7761-000000000004}
- The Cleaner Tool removes the Reader 9.x or Acrobat 9.x installation even if the user chooses Cancel at the Files in Use dialog during uninstallation. The File in Use dialog appears when you try to uninstall a product that is already running.
Adobe Flash Mac Cleaner
Adobe Reader and Acrobat Cleaner Tool
Adobe Cs4 Cleaner Mac
You must check the box above to indicate your agreement to the agreements listed above to activate the download link.