win32:malware-gen file upon Photoshop cs2 startup

Viruses and worms
1

Hi there,

I’m fighting with a strange nastie for several hours after I fired up my Photoshop to do some work and Avast (latest version and updated virus libraries) announced a ~df394b.tmp in folder c:\DOCUME~1\Ra\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000
Avast tucks it into the chest and at a new PS start up attempt, the same happens.

I ran Hijackthis and this here is the log: http://pastebin.com/48XtdGjL

I hope someone could help me with this… :frowning: Thanks!!

2

follow the guide here and attach the logs

http://forum.avast.com/index.php?topic=53253.0

Essexboy will then help you…

3

I have the same problem today upon Photoshop cs2 and Illustrator cs2 startup. I hope that it is problem in Avast virus databases and we shall wait next updates >:(

4

Hello,
thank you for notice, false positive will be fixed in next VPS update.

Milos

5

one more on CS2 :frowning: same message

6

one more with AUTOCAD 2008 autodesk sofware since today VPS update
~df394b.tmp in folder Temp\AdskCleanup.0001.dir.0000

7

same issue here and now I can’t do my job which requires photoshop :frowning:

when will this update be issued so I (and the others) can work?

this is photoshop cs2 fyi

i like avast a lot but please make it work!

8

Hello,
false positive on .tmp files for Adobe Photoshop and AutoCAD should be fixed in VPS 111105-0, which was just released.

Milos

9

thank you for fast correction

10

Oh goodness… So, I wasted all those hours doing tests for nothing… Aaah at least it’s clear what it is.

11

problem still seems to be happening with 111115-0. in fact it seems to have started with it, at the exact release time/date this afternoon.

AutoCad Land Desktop 2009.

Cannot open any copies of the product. But other AutoCAD (3d), ETC,. WORK FINE.

still need help on this one.

12

Yup. I updated everything again and the problem is still there. Photoshop CS2 gives an error at start up and closes.

13

Hello,
is there some alert window? Screenshot will be helpful.

Milos

14

Hello,
post the screenshot of the error window, please.

Milos

15

After starting the machine this morning and yet again having the Avast updates and all, PS gave no error so it might have been resolved. I’ll see how this goes. Interestingly yesterday, when I exported the tmp file from the chest and sent to virustotal.com for a check, two other apart from Avast recognised it as malware. Is this normal?

16

Hello,
virustotal sends undetected samples to AV companies which doesn’t detect some file while others yes. So if they decided to add it to detection it may cause same false positive :-(.

Milos

17

Oh, I see. Thanks for the fast feedback and help!

18

You’re welcome.

Milos

19

Hi

Im new to the forum but have read this thread with interest. Had the issue yesterday with CS2 and Bridge, if I opened Adobe Bridge I got a message about licensing restriction meaning that I needed another Adobe programme running to run Bridge. So I opened CS2 but that reported a library issue. At the same time Avast popped up with the malware gen message and had moved 3 or 4 adobecleanup files to the chest. tonight I still can’t open bridge on its own as I still get the licensing message (no Avast warning though) but I can open CS2 and access bridge from there with no problem (so far). This is fine I can work that way but would be interested to hear if anyone had a solution?