How to turn off acrobat association in Java?
in [Viruses]
|
From: Virus Guy on 17 Mar 2010 01:16 I've been playing with some URL's from malware domain list (firefox 2.0.0.20) and I've noticed that some of them will spawn my acrobat reader even though I have Firefox set to always ask me what to do with pdf files (and normally it does ask). In these situations, Acrobat (version 6.0.2) always throws up some error - like "the operation is not allowed" before it exists - sometimes taking firefox with it. I suspect that java code is responsible for this - so I'm wondering if, or where, I can find any java settings where it will launch the acrobat reader.
From: Roedy Green on 17 Mar 2010 01:56 On Wed, 17 Mar 2010 01:16:11 -0400, Virus Guy <Virus(a)Guy.com> wrote, quoted or indirectly quoted someone who said : >I suspect that java code is responsible for this - so I'm wondering if, >or where, I can find any java settings where it will launch the acrobat >reader. Instead of using associations, you can launch the acrobat reader directly with the file as a parameter. See http://mindprod.com/jgloss/exec.html Whenever you want automatic associations, you must launch a command processor, not the raw file. -- Roedy Green Canadian Mind Products http://mindprod.com Responsible Development is the style of development I aspire to now. It can be summarized by answering the question, �How would I develop if it were my money?� I�m amazed how many theoretical arguments evaporate when faced with this question. ~ Kent Beck (born: 1961 age: 49) , evangelist for extreme programming.
From: FromTheRafters on 17 Mar 2010 06:22 "Virus Guy" <Virus(a)Guy.com> wrote in message news:4BA0659B.A924CAAF(a)Guy.com... > I've been playing with some URL's from malware domain list (firefox > 2.0.0.20) and I've noticed that some of them will spawn my acrobat > reader even though I have Firefox set to always ask me what to do with > pdf files (and normally it does ask). > > In these situations, Acrobat (version 6.0.2) always throws up some > error > - like "the operation is not allowed" before it exists - sometimes > taking firefox with it. > > I suspect that java code is responsible for this - so I'm wondering > if, > or where, I can find any java settings where it will launch the > acrobat > reader. Do you have the browser feature disabled in acroread's preferences? I'm not saying that this is your answer, but you might want to check it out.
From: David H. Lipman on 17 Mar 2010 06:40 From: "Virus Guy" <Virus(a)Guy.com> | I've been playing with some URL's from malware domain list (firefox | 2.0.0.20) and I've noticed that some of them will spawn my acrobat | reader even though I have Firefox set to always ask me what to do with | pdf files (and normally it does ask). | In these situations, Acrobat (version 6.0.2) always throws up some error | - like "the operation is not allowed" before it exists - sometimes | taking firefox with it. | I suspect that java code is responsible for this - so I'm wondering if, | or where, I can find any java settings where it will launch the acrobat | reader. They aren't always launched via PDF file association. Often that may determine if Acrobat or Reader is installed, and what version via the COM class object such as the CLSID {AC76BA86-1033-F400-7760-000000000004} Ant may have a better answer. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Virus Guy on 17 Mar 2010 09:17
Roedy Green wrote: > Instead of using associations, you can launch the acrobat reader > directly with the file as a parameter. > > See http://mindprod.com/jgloss/exec.html So if I want to maintain pdf shell file-associations but at the same time prevent direct malicious launching of acrobat, then would renaming the acrobat reader executable do the job? So if I rename acrord32.exe to acrobat32.exe, then any attempt to launch "acrord32.exe" from java would fail? (would also mean renaming the file in the registry too) "David H. Lipman" wrote: > They aren't always launched via PDF file association. > > Often that may determine if Acrobat or Reader is installed, and > what version via the COM class object such as the CLSID > > {AC76BA86-1033-F400-7760-000000000004} I don't have that clsid in my registry. Instead I have this: {AC76BA86-7AD7-1033-7646-A00000000001} Or maybe this? {B801CA65-A1FC-11D0-85AD-444553540000} |