False positive - Adobe Reader soap.api

Avast identifies the soap.api file from Adobe Reader 7.0.5 as containing Win32:Malware-Gen
I believe this to be a false positive.

Avast 6.05.1125 running on Windows XP SP3 fully patched, Avast definitions 110602-0

Identified file is
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\soap.api 645kB 23/9/05 21:57

I have reinstalled Adobe Reader from the original 2005 installation package and it still comes up as a positive.

I’ll update Adobe Reader to a later version and see if that is a workaround. If this is indeed a false positive, is there anyone I should tell other than posting here?

Chris

Update - installed Adobe Reader X which doesn’t have this issue - but would still appreciate any advice on reporting the FP to Avast

Hello,
it will be fixed in few minutes.

Milos

I have exactly the same problem. Each time i try to open adobe acrobat avast professional sees the plug in soap.api as win32:Malware-gen. I then post this as trusted, re-install or repair acrobat and it still removes the file and acrobat fails to load. How do we cure this???

First ensure that you have the latest virus definitions, currently 110602-1.

Since i updated later this morning with 110602-1 i was then able to repair acrobat and now the soap.api file remains and no longer is there a malware alarm. Now acrobat opens without any problem.
I was wondering if the update with avast this morning to 10602-0 casued the problem and the latest version had a fix. Is this correct?
If this happens again do we inform Avast and then they apply a fix??
Thanks for the help and guidance.

Hard to say which VPS, as it rather depends on if this was an on-access detection (file system shield) or an on-demand scan and how frequently you run an on-demand scan.

If on-access detection then most likely the last VPS update.

I have had the same problem.

I am using Avast 6.0.1125 on a Compaq HP PC running Win XP-Pro-SP3 as the O/S, all my programmes are kept up to date with upgrades.

My repair, worked for me:

Using Windows “Search”, look into your hard drive, “C:”, or whatever drive letter designation, and find the Acrobat files, “Soap.api”, and “Updater.api”.

Determine the exact complete files paths, such as:

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Soap.api

C:\Acrobat pro7.0.8 Setup\program files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Soap.api

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Updater.api

C:\Acrobat pro7.0.8 Setup\program files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Updater.api

Copy and paste the above full-path designations to notepad.

Then…

  1. Open Avast

  2. Click “REAL-TIME SHIELDS” on left

  3. Click “Expert Settings” on right

  4. Click “Exclusions”

  5. Click “Add”

  6. Click “Browse” and navigate to the folder containing the soap.api file, which is the “false positive”, or simply copy and paste each of the above complete file paths into a new exclusion-entry line, and make sure that all three tick boxes, “X”, “R”, and “W” are checked

  7. Click “OK”

8.)Re-enable all Avast shields, if you had them disabled, (which you probably did, in order to repair Acrobat.)

9.)Open Adobe Acrobat… it should be OK now.

=====

Thanks for the info on how to add exclusions. I will do this if it happens again but how do we know if it should be trusted or not!!! I woulkd assume the internet would help with this?!
Thanks again,
Alan