Adobe Acrobat Detected a Screen Reader?

LBanks on 25/05/2025 - 19:32

Has anyone had this issue before?

https://www.reddit.com/r/techsupport/comments/1ehe2yz/adobe_…

I don't have a picture because I panic rebooted the computer a few times but it mentions something about assistive technology and asks are you using a screen reader which is odd.

I have restarted my computer a few times and it disappeared, but I am in the process of doing a clean install.

I did notice that there was a DataExchangeHost.exe file that was in the process explorer but apparently some people say it's safe, but I used procexp and couldn't find anything except it was calling an -Embedding command.

I was using Enhancer for Youtube addon, but if I remove that addon then the DataExchangeHost.exe file does not appear immediately upon first view of Youtube. However, if I left it going then it going then the process spawns eventually over an hour.

I'm not sure if the two are related, but I do find the behaviour a bit odd considering I do not have a virtualbox or vmware installed on this machine.

Can someone give me some peace of mind before I start changing all my passwords…

I didn't install anything malicious and the only thing that could have hit me was a dodgy pdf. I'm not sure if it's just a bug or if I really did get hit.

Computing Adobe Software

Comments

  • Protractor on 25/05/2025 - 19:46
    +7

    IMHO Adobe itself is malicious dominating bloatware.

  • MS Paint on 25/05/2025 - 19:50

    Sounds like a conflict not a virus*

    *I could be wrong

  • Downvoter on 25/05/2025 - 20:42
    +4

    They have the internet on computers now?

  • Subere on 25/05/2025 - 22:17

    Do you have a win11 copilot PC? Maybe it's Recall.

    Imagine if Recall clashes with Acrobat 😂

  • fertilise on 25/05/2025 - 22:58

    is this not just the acrobat inbuilt assistive technology telling you its able to read it

  • markathome on 26/05/2025 - 03:45

    Given all the results for the pop-up's wording:

    https://www.google.com/search?q=Reading+Untagged+Document+wi…

    Including the first being this one. It sounds like just Acrobat being Acrobat rather than anything sinister.

    Screen readers are important legitimate pieces of software that help the visually impaired navigate computers. There is a default one, Narrator, with Windows 10 and 11 that you might be able to activate using Windows Key + Ctrl + Enter or Windows Key + Ctrl + N.

    There is also one for Apple Macs, VoiceOver, and a bunch of third party ones because the Microsoft/Apple ones suck.

    • Maneki Angel Fund on 05/06/2025 - 12:35

      The problem is by going to that second link, you are turning off the symptom; but you do not fix the underlying issue that is Adobe is detecting some type of assistive technology which is not definitely not installed deliberately by the end-user.

      I came across that same site, a few days ago whilst exploring this same issue. I definitely would not recommend to just do that, especially if the OP really suspects they have some type of malware.

      The problem is no one really has explained the issue in any good detail. I have at least tried to explain below why I do not believe the current status quo of information on the web is correct. It depends on the person's threat model, but I would recommend rolling back to some backup and to backup regularly, especially considering so many people are holding crypto these days.

      You can never be too cautious.

  • Duckie2hh on 26/05/2025 - 09:59
    -1

    I don't have a picture because I panic rebooted the computer

    So you were cheating , got caught and panicked?

  • Maneki Angel Fund on 05/06/2025 - 12:30

    A few days ago, I observed an unusual behavior similar to that described above but regarding Adobe stating it detected an accessibility tool being used, albeit it did not mention a screenreader.

    I keep my browsing segregated and I am able to restore fresh Windows 11 copies on the fly, so this was not very painful for me. I could not identify where it came from except that it came back after browsing the web randomly, and was possibly being re-served by some ad provider as sometimes when I went back to browse the same sites by retracing my steps, it did not get infected again.

    I noticed the symptoms/malware does not survive rebooting if you are logged into a user account. I could not identify what happens if you are logged into an administrator account because I never do that when browsing the web, and I was unable to grab a sample as it is a bit finnicky for me to find out exactly which site or advertisement I browsed to that caused it to trigger. I will continue to do testing and see if this is the same exploit as that has been patched in Chrome (CVE-2025-5419) just a few days ago, or if I run into it in the wild again.

    DataExchangeHost is a different beast. I do not know how to explain it except like this. Your attribution to the fact that you do not normally see it is important. This philosophy should be applied to any type of program that runs on your PC. Get familiar to what is running in your task manager.

    For most people they are unlikely to be dragging more than three icons across the screen from one window to another, or they are unlikely to be dragging one icon into another window that does not support the drag and drop operations. Do not ask me why it is three files that is required to trigger DataExchangeHost to spawn when moving from one folder to another folder across windows!

    I can also tell you just dragging in a txt file from the desktop whilst having Task Manager open will cause DataExchangeHost to spawn.

    Ask me why this happens on Windows 11 and why it does not do a garbage collection to close off the executable is something I cannot explain. I do not know why that happens, but I kind of like it this way because it shows to me odd behavior within the OS if some malware is doing some drag and drop operations! My understanding is that the average user probably is just using the menus to copy and paste stuff around. I know personally that I do not drag and drop anything because when I do onto the Desktop it moves all my icons around or bumps them into weird places. Over time I have learned not to do that because of the negative feedback loop of having to reorganize everything on the desktop. So that is how I first noticed such odd behavior.

    Furthermore, not all drag and drop operations trigger DataExchangeHost, notably moving single files into WinRAR does not trigger it.

    I would need to look further into the documentation about DataExchangeHost, but there is a possibility it can be used to exchange data with something malicious, which is why some people have often suggested it is a symptom of a RAT, but unless you know what you did to cause that RAT to appear then asking a random person on the internet is not going to help because the external helper is not going to understand everything that happened in the chain of events. Put it simply, malware can utilize the same functions as legitimate windows operations. Asking someone if DataExchangeHost is malware is just asking for a regurgitated response, "no, it's safe". lol. The reality is that it is more complicated than that. Searching on Google about whether svchost.exe is safe, is going to produce the same response by people that just do not understand the underlying workings of the OS with 99% of the responses now a days being that it is safe which was different from the past where if you did that same search it would be come up as 99% unsafe. A bit of history here, but if you did these searches say in 2008 during the GFC, people were "oh svchost.exe, at 100%, that is just malware"; and believe it or not, my opinion is that it probably was symptomatic of such malware because to say it is safe, is ignoring the underlying software that could hook into and cause the svchost at 100% issue.

    I especially emphasize if you are not doing any drag and drop operations, there is a higher probability that it was something malicious. The odd thing is that whatever was running as the accessibility tool, screenreader, malware did not show up in the Task manager, procexp, and so on; and it was definitely running somehow but was able to avoid being detected within the OS… I really scratched my head for a while, but I have not yet been able to find out what exactly it was that caused the problem.

    Other possibilities someone mentioned above could be some random rollout of some recall function on some Windows PCs, but I cannot say for sure it is that!

    The other mini rant I have about Windows is that it is most definitely written by some AI because of all the oddities, random bugs that appear over time, which are especially noticeable if you are a power user.

    If you can, go use Linux instead as in my opinion it is more difficult for malware to hide in that OS given how tools like top work, but if you need Adobe, that is going to be a problem.

Login or Join to leave a comment
Login Join