Heur.AdvML.C detected: Flash.Patcher.exe removed by Norton

[bobberlin]

Wanted to install your 1.7 flash patcher but Norton removed it due to risk: Heur.AdvML.C.
Has a virus got into your exe, or is there another explanation ?
thanks, bob

[iocmet]

This patches system files to make flash works like viruses does it to inject payloas so antiviruses gives false positive detects

[LiEnby]

This patches system files to make flash works like viruses does it to inject payloas so antiviruses gives false positive detects

yes, for some reason, flash installs itself to system32 folder, and using highest possible windows permission "TrustedInstaller" ..
so this program has got code to change the permissions of the flash player to "administrators" so that it can be edit.

this application also makes use of the scheduled tasks API to disable that 'please uninstall flash' nag message ..
which is also something often abused by viruses (i.e to make themselves run as startup, or to elevate privileges)

if you look at that detection, you'll see its got Heur, which is for "heuristics" which is basically a fancy thing to rather than detect already known virus, it try to look at what the code of a program see what it is is doing and determine purely from that if it is malicious or not; so, it makes sense if its seeing those things