I've been playing with some URL's from malware domain list (firefox
2.0.0.20) and I've noticed that some of them will spawn my acrobat
reader even though I have Firefox set to always ask me what to do with
pdf files (and normally it does ask).

In these situations, Acrobat (version 6.0.2) always throws up some error
- like "the operation is not allowed" before it exists - sometimes
taking firefox with it.

I suspect that java code is responsible for this - so I'm wondering if,
or where, I can find any java settings where it will launch the acrobat
reader.

On Wed, 17 Mar 2010 01:16:11 -0400, Virus Guy <Virus@Guy.com> wrote,
quoted or indirectly quoted someone who said :

>I suspect that java code is responsible for this - so I'm wondering if,
>or where, I can find any java settings where it will launch the acrobat
>reader.

Instead of using associations, you can launch the acrobat reader
directly with the file as a parameter.

See http://mindprod.com/jgloss/exec.html

Whenever you want automatic associations, you must launch a command
processor, not the raw file.

-- 
Roedy Green Canadian Mind Products
http://mindprod.com

Responsible Development is the style of development I aspire to now. It can be summarized by answering the question, �How would I develop if it were my money?� I�m amazed how many theoretical arguments evaporate when faced with this question. 
~ Kent Beck (born: 1961 age: 49) , evangelist for extreme programming.

"Virus Guy" <Virus@Guy.com> wrote in message 
news:4BA0659B.A924CAAF@Guy.com...
> I've been playing with some URL's from malware domain list (firefox
> 2.0.0.20) and I've noticed that some of them will spawn my acrobat
> reader even though I have Firefox set to always ask me what to do with
> pdf files (and normally it does ask).
>
> In these situations, Acrobat (version 6.0.2) always throws up some 
> error
> - like "the operation is not allowed" before it exists - sometimes
> taking firefox with it.
>
> I suspect that java code is responsible for this - so I'm wondering 
> if,
> or where, I can find any java settings where it will launch the 
> acrobat
> reader.

Do you have the browser feature disabled in acroread's preferences?

I'm not saying that this is your answer, but you might want to check it 
out. 

From: "Virus Guy" <Virus@Guy.com>

| I've been playing with some URL's from malware domain list (firefox
| 2.0.0.20) and I've noticed that some of them will spawn my acrobat
| reader even though I have Firefox set to always ask me what to do with
| pdf files (and normally it does ask).

| In these situations, Acrobat (version 6.0.2) always throws up some error
| - like "the operation is not allowed" before it exists - sometimes
| taking firefox with it.

| I suspect that java code is responsible for this - so I'm wondering if,
| or where, I can find any java settings where it will launch the acrobat
| reader.

They aren't always launched via PDF file association.

Often that may determine if Acrobat or Reader is installed, and what version via the COM 
class object such as the CLSID
{AC76BA86-1033-F400-7760-000000000004}

Ant may have a better answer.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 

Roedy Green wrote:
 
> Instead of using associations, you can launch the acrobat reader
> directly with the file as a parameter.
> 
> See http://mindprod.com/jgloss/exec.html

So if I want to maintain pdf shell file-associations but at the same
time prevent direct malicious launching of acrobat, then would renaming
the acrobat reader executable do the job?

So if I rename acrord32.exe to acrobat32.exe, then any attempt to launch
"acrord32.exe" from java would fail?

(would also mean renaming the file in the registry too)

"David H. Lipman" wrote:
 
> They aren't always launched via PDF file association.
> 
> Often that may determine if Acrobat or Reader is installed, and
> what version via the COM class object such as the CLSID
>
> {AC76BA86-1033-F400-7760-000000000004}

I don't have that clsid in my registry.  Instead I have this:

{AC76BA86-7AD7-1033-7646-A00000000001}

Or maybe this?

{B801CA65-A1FC-11D0-85AD-444553540000}

From: "Virus Guy" <Virus@Guy.com>

| Roedy Green wrote:

>> Instead of using associations, you can launch the acrobat reader
>> directly with the file as a parameter.

>> See http://mindprod.com/jgloss/exec.html

| So if I want to maintain pdf shell file-associations but at the same
| time prevent direct malicious launching of acrobat, then would renaming
| the acrobat reader executable do the job?

| So if I rename acrord32.exe to acrobat32.exe, then any attempt to launch
| "acrord32.exe" from java would fail?

| (would also mean renaming the file in the registry too)

| "David H. Lipman" wrote:

>> They aren't always launched via PDF file association.

>> Often that may determine if Acrobat or Reader is installed, and
>> what version via the COM class object such as the CLSID

>> {AC76BA86-1033-F400-7760-000000000004}

| I don't have that clsid in my registry.  Instead I have this:

| {AC76BA86-7AD7-1033-7646-A00000000001}

| Or maybe this?

| {B801CA65-A1FC-11D0-85AD-444553540000}

{AC76BA86-7AD7-1033-7646-A00000000001}
Do you have Adobe Reader v6.01 ?

{B801CA65-A1FC-11D0-85AD-444553540000}
Adobe Reader 4.0 ?


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 

"David H. Lipman" wrote:

> >> {AC76BA86-1033-F400-7760-000000000004}
> 
> | I don't have that clsid in my registry.  Instead I have this:
> 
> | {AC76BA86-7AD7-1033-7646-A00000000001}
> 
> | Or maybe this?
> 
> | {B801CA65-A1FC-11D0-85AD-444553540000}
> 
> {AC76BA86-7AD7-1033-7646-A00000000001}
> Do you have Adobe Reader v6.01 ?

In the About window it says 6.0.2.
 
> {B801CA65-A1FC-11D0-85AD-444553540000}
> Adobe Reader 4.0 ?

This computer has Acrobat distiller installed on it, and I think it's
version 4.  This allow "print to pdf" so that print-outs can be e-mailed
when necessary.