Trojan found in Adobe software?

Jan 27, 2009

I looked at my scan results for last night and see the same thing. It was not there the night before, and I didn’t download anything from Adobe yesterday. Hopefully it is just a false positive.
—
Charlie…
http://www.chocphoto.com

aeolian_mode

Jan 27, 2009

That’s exactly waht happened to me. The files have been on my computer for months and just last night it said it was a trojan. Most likely, a false positive, but we can never be too careful.

It seems the problem is being reported on other sites and happens to be today as well. Apparently it is with universal Adobe products, mine is CS4 Extended.

< http://answers.yahoo.com/question/index?qid=20090126232534AA ufmYU>

Bart_Cross

Jan 27, 2009

I use MicroTrend and it did not find anything.

OldBob

Jan 27, 2009

Ditto here for Trend Micro, also Spybot search & Destroy.

I find it pertinent that all the reports, so far as I’ve seen, are from AVG. My guess would be that AVG updated itself last night and is now registering a false positive on Adobe.

Jim_Jordan

Jan 27, 2009

There’s a trojan circulating with pirated versions of Mac Photoshop CS4. This was just reported this week. Perhaps the Windows virus definitions were also updated to be a bit more suspicious of anything associated with Photoshop.

<http://www.adobeforums.com/webx/.59b7b29c>

David_E_Crawford

Jan 27, 2009

I just ran spybot 1.6.2.46 with the lateset updates and I did not get any hits with PS CS4 extended both on and off.

ElliR

Jan 27, 2009

Interesting thread. Reading it prompted me to run a full scan of the computer which returned trojans (?) in Bridge(CS3) plugins module as well as Flash 9. I am using Kaspersky Internet Security Suite 2009 and following links provided to security updates followed by a re-scan now shows my puter clean.

Frank Arthur

Jan 27, 2009

wrote in message

I’m pretty sure this is a false positive, and sorry for posting about it here, I don’t know where else do go. The setup of the support forums is confusing me.

Anyway, AVG Free detected a "Trojan horse Crypt.CFR" in Common Files/Adobe/Installer/and a bunch of numbers and letters/Setup.exe . From what I’ve read, there is no such thing as a "Trojan horse Crypt.CFR" and that this is probaby a false positive, but just to be on the safe side, I wonder if anyone else has experienced this and knows what to do.

New Mac Trojan Spread By Pirated Adobe Software

By Stefanie Hoffman, ChannelWeb
2:51 PM EST Mon. Jan. 26, 2009
Apple (NSDQ:AAPL) is once again the target of a Mac-only Trojan variant launched on the Mac OS X via pirated versions of Adobe (NSDQ:ADBE) Photoshop CS4.
Mac security company Intego issued a security advisory Monday, warning Mac users of the Trojan variant, which is estimated to have infected at least 5,000 Macs as of Jan. 25.

The Trojan is a variation of the iServices Trojan malware, discovered last week, which stormed across users’ Macs via pirated versions of Apple’s productivity suite iWorks ’09. As of Jan. 22, at least 20,000 users were believed infected by the malware, known as
OSX.Trojan.iServices.A, according to the security advisory.

Similar to the previous version of the malware, the new Mac Trojan variant is spread through file-sharing sites such as BitTorrent trackers and other sites that contain links to pirated software.

aeolian_mode

Jan 27, 2009

My Photoshop definitely is not pirated.

So does everyone agree that this was a false positive?

Bart_Cross

Jan 27, 2009

Well I agree

OldBob

Jan 27, 2009

So does everyone agree that this was a false positive?

Id give that a 95%+ probability

Jim_Jordan

Jan 27, 2009

aeolian, I’m not suggesting that you have a pirated version. I was just pointing out the coincidence that a trojan was reported on Mac this week. Good AV vendors keep an eye on all platforms and may tweak the virus definitions in response to what happens elsewhere. Perhaps this was not the most effective tweak for your AV provider.

To set your mind at ease, check the AV vendor <http://freeforum.avg.com/read.php?4,167314,backpage=1,sv=>. This will apparently be corrected soon.

OldBob

Jan 27, 2009

Okay, make that 99%+ probability.

Thank you, Mister Jordan.

Steve Sprengel

Jan 28, 2009

AVG alerted on setup.exe this morning, and after updating both the AVG program and AVG signatures, this evening, the file passed ok, so it was a false positive that has been corrected.

1943

Jan 28, 2009

I am getting the same message. The Setup.exe file is located in my windows Vista folder C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f4289c3ad31b8. From the location and date last accessed, these would seem to be be temporary files used during installation.

The question I have is, are these files required? I don’t want to delete the files if they are needed, but the folder above uses 49+ m-bytes. The installers folder uses 95 m-bytes. This isn’t all that much in the great scheme of things, but a hundred meg here and a hundred meg there starts to add up…

dave_milbut

Jan 28, 2009

avg has been flaky this past week. been asking to restart the system to apply an update for the last 2 or 3 days.

Lawrence_Hudetz

Jan 28, 2009

No problems here with AVG on two machines.

dave_milbut

Jan 29, 2009

rebooted again today and avg has stopped asking for an update and restart. my guess is they put out an update, realized something was flaky and re-released.

did you get "avg needs to restart" msgs to apply updates larry?

Steve Sprengel

Jan 29, 2009

AVG may ask for a reboot if it updates its own programs.

It does not ask for a reboot if it only updates the virus signatures.

The day that it detected the false-positive in the Adobe setup.exe it later updated both the signature and its own programs, so needed to reboot.

dave_milbut

Jan 29, 2009

AVG may ask for a reboot if it updates its own programs.

I understand. i’m saying it updated the app itself and rebooted at least 2 days in a row, maybe 3… the need to release an app update so close to the last one indicates there may have been major programming issues going on relating to the update.

i’d say false alarm on the trojan.

harold_berm

Jan 29, 2009

Restored the installer file, got the latest update – ran a scan and the issue has been resolved.

dave_milbut

Jan 29, 2009

I like a thread all wrapped up in a nice little package at the end. 🙂

john_bunyan

Jan 30, 2009

My problem is that AVG8 put the "false positive" folder mentioned above into the virus vault, together with this feature from a back up. I deleted them before finding out they were false. Now, although CS4 and Bridge work, they do not appear as programmes in (XP) Control Panel/ Add/Remove programmes, although the folder appears still to be in Programme Files/ Common Files /Adobe/ Installers. Short of a re-install, is there a way to correct this? Also I cannot follow Adobe’s instructions on uninstall if they do not show in the Add/Remove Programmes. I could use the Windows Install Utility I suppose. Is there a simple answer?(Restore point up would not work for the reason above – maybe a registry issue?)

Steve Sprengel

Jan 30, 2009

The file that was detected and you deleted is setup.exe.

Go to your original install media or download-extract location and just copy that setup.exe into the

C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\setup .exe

that you deleted.

On my system, I am running the trial while waiting for the box to come, so that setup.exe is in:

C:\Users\Steve\Downloads\Adobe CS4\Photoshop\Adobe CS4

because I downloaded the .7z file containing the trial into my Downloads folder and ran its corresponding EXE from there.

These two setup.exe files are identical, at least in the trial version.

john_bunyan

Jan 30, 2009

Spoke to Adobe Tech support. In the end downloaded their special CS4 Uninstal programme, used that with Windows Install Clean Up, then re – installed. Took ages, and I am annoyed with myself and AVG!!

dave_milbut

Jan 31, 2009

another AVG program update tonight. ai!!!

Bill_Lamp

Feb 2, 2009

I’m glad I use BitDefender.

dave_milbut

Feb 3, 2009

and another today! i think it’s their plugin though. that scans websites that come up in google…

Charlie_Choc

Feb 3, 2009

I’ve only had one AVG program update since the false positive. I get daily definitions updates, though.
—
Charlie…
http://www.chocphoto.com

dave_milbut

Feb 3, 2009

very weird. i’m using xp pro sp3 on one machine and xp home sp2 on another. wonder if the os and patch level matter…

Charlie_Choc

Feb 3, 2009

One of the AVG 8 machines is vista SP2 beta and the other is win7. I have an XP machine somewhere, but it is on AVG 7.5.
—
Charlie…
http://www.chocphoto.com

dave_milbut

Feb 3, 2009

apparently there IS a trojan in a pirate version of photoshopr that’s floating around!

David E Crawford, "new member – old user ? about CS3" #43, 2 Feb 2009 7:46 pm </webx?14/42>

Jim_Jordan

Feb 3, 2009

Dave, is there?!! 🙂

dave_milbut

Feb 3, 2009

um, is there what?

Jim_Jordan

Feb 3, 2009

Dave, scroll up to post #5.

[just poking fun at the news you announced in post #31]

dave_milbut

Feb 3, 2009

oh. well. … 😐

um, nobody reads post #5, do they? 🙂

Trojan found in Adobe software?

Master Retouching Hair

Must-have mockup pack for every graphic designer 🔥🔥🔥

Related Discussion Topics

CS2 tutorial software for beginners?

NIk software

CS 4 with Nik Software Plugins

Suggest nice Photo Editing Software…..? Plz

Looking for Simple Photo Album Software

HELP! Need software for Delux Photoshop 2.0 Windows

1$ software site, only this week.

Article on Sharpening Software solutions:

onOne Software

Image comparison software?

Software recommendation for making banners

New Gug 3d software

want photo age alteration software

way OT, PhotoMosaic software

Need Photoshop Software