Win32:Malware-gen in 2 files

Viruses and worms
1

Ran my weekly Avast full system scan.

Found Win32:Malware-gen in C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\locales\en_us\ADB2.EXE|>[UPX]

so I moved it to Chest, and Avast then told me to run a boot-time scan. So I did, and it found:
File C:\System Volume Information_restore{3BEEC17C-D923-47C4-8980-270374C47ECD}\RP906\A0337894.EXE|>[UPX] is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Downloaded Installations{8379D168-79F6-4394-81A2-BB1944E8F892}\Adobe Photoshop Album 3 SE.msi|>Data1.cab|>ADB2.EXE|>[UPX] is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}

So, as this shows, the _restore file was Moved to chest (couldn’t repair), but can’t seem to do the same for the Adobe file (and can’t seem to repair or delete it via Avast).

I’m running Windows XP. Avast 6.0.1203 with Virus Definitions 111014-1. No idea how malware would have gotten on my computer. And I never (ever) use the Adobe Photoshop Album Starter.

My research on this so far has determined that this is (1) a false positive, (2) an incredibly dangerous Trojan that will lead to my computer being hijacked and my financial information stolen, or (3) something else.

Can someone please help me determine if this is actually a problem and, if so, what to do about it?

2

welcome to the forum. i suggest you do a scan with malwarebytes antimalware for a second option

http://filehippo.com/download_malwarebytes_anti_malware/

download install update, and do a scan don’t forget to remove what it finds. a system reboot might be needed.

if the files are in the chest then there no danger for you. sense the chest is a protected area where malware can’t do any harm on your computer.

the first file that’s lokated in adobe photoshop album 3 sounds like a false threat to me please upload it to virustotal.com and post the result here.

http://www.virustotal.com/

you could also do that with the second files as well but I think the second should be a real threat, but just in case.

good luck and let us know on the progress, or if you need more support from us.

3

Also see topic, http://forum.avast.com/index.php?topic=86649.0.

4

Here’s what virustotal had to say about the Adobe file:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Adobe Photoshop Album 3 SE.msi
Submission date:
2011-10-15 12:27:00 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.10.13.00 2011.10.13 -
AntiVir 7.11.15.252 2011.10.13 -
Antiy-AVL 2.0.3.7 2011.10.13 -
Avast 6.0.1289.0 2011.10.13 -
AVG 10.0.0.1190 2011.10.13 -
BitDefender 7.2 2011.10.13 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.13 -
ClamAV 0.97.0.0 2011.10.13 PUA.Packed.PECompact-1
Commtouch 5.3.2.6 2011.10.13 -
Comodo 10440 2011.10.13 -
DrWeb 5.0.2.03300 2011.10.12 -
Emsisoft 5.1.0.11 2011.10.13 -
eSafe 7.0.17.0 2011.10.11 -
eTrust-Vet 36.1.8617 2011.10.13 -
F-Prot 4.6.5.141 2011.10.13 -
F-Secure 9.0.16440.0 2011.10.13 -
Fortinet 4.3.370.0 2011.10.13 -
GData 22 2011.10.13 -
Ikarus T3.1.1.107.0 2011.10.13 -
Jiangmin 13.0.900 2011.10.12 -
K7AntiVirus 9.115.5278 2011.10.13 -
Kaspersky 9.0.0.837 2011.10.13 -
McAfee 5.400.0.1158 2011.10.13 -
McAfee-GW-Edition 2010.1D 2011.10.13 -
Microsoft 1.7702 2011.10.13 -
NOD32 6541 2011.10.13 -
Norman 6.07.11 2011.10.13 -
nProtect 2011-10-13.01 2011.10.13 -
Panda 10.0.3.5 2011.10.13 -
PCTools 8.0.0.5 2011.10.13 -
Prevx 3.0 2011.10.15 -
Rising 23.79.03.02 2011.10.13 -
Sophos 4.70.0 2011.10.13 -
SUPERAntiSpyware 4.40.0.1006 2011.10.13 -
Symantec 20111.2.0.82 2011.10.13 -
TheHacker 6.7.0.1.322 2011.10.13 -
TrendMicro 9.500.0.1008 2011.10.13 -
TrendMicro-HouseCall 9.500.0.1008 2011.10.13 -
VBA32 3.12.16.4 2011.10.13 -
VIPRE 10749 2011.10.13 -
ViRobot 2011.10.13.4717 2011.10.13 -
VirusBuster 14.1.11.0 2011.10.13 -
Additional information
MD5 : c45fa92c51090bb8d57d27aa0197d6fb
SHA1 : 19b1e260829dc54d0598f0d2e3838884627e3078
SHA256: 7c33a3d43478ef3369e1fe53c473386c31b0ceec0f9065650095300455136644

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

I can’t even find the path for the _restore file in order to upload it to virustotal…

Will do the malwarebytes thing shortly.

Thanks!

5

Can I just delete/Uninstall Adobe Photoshop Album Starter? Will that take care of this problem (assuming it is a problem)? I never use it, so no loss to me to delete it.

And how do I find the affected restore point? I can’t find any folder called system volume information. Happy to just delete that too, but can’t even find it…

6
Can I just delete/Uninstall Adobe Photoshop Album Starter? Will that take care of this problem (assuming it is a problem)? I never use it, so no loss to me to delete it.
possible....an if you dont use it it is no loss
And how do I find the affected restore point? I can't find any folder called system volume information. Happy to just delete that too, but can't even find it...
you can delet all restore points....see how to here

How can virus be eliminated from the System Protection (Windows 7/Windows Vista) or System Restore folder (Windows XP)?
http://www.pandasecurity.com/homeusers/support/card?id=18&IdIdioma=2&ref=WpaVirEnciclopedia

7

Well that isn’t the Adobe Photoshop Album starter, but the installation file. If you have Adobe Photoshop Album 3 installed that file is effectively redundant. So there should be no need to uninstall adobe photoshop.

You won’t find the affected restore point, you already moved it to the chest ?

That is the whole point of system restore, if you move or delete certain files in certain locations, it makes a backup copy (a restore point), should you have made an error and needed to restore it.

8

I deleted the Adobe installation file.

Downloaded Malwarebytes and ran a full scan. No malicious items were detected.

9

hey. ok malwarebytes dident find anything that’s good news, avast seems to have done it’s job.

what about the second file could you post a virustotal result on that one two so we could check it. for its that one i think was a real threat.

thanks

10

No, I can’t. For one thing, I can’t even find the path that gets me to that file. But also, I think because it is now in the Chest, I also can’t.

But more than happy to upload it to virustotal if someone can tell me how.