Win32:Malware-gen in Adobe Photoshop 7, false positive?

When I did a full scan on my pc today with virus definition 100601-1, Avast detected some Adobe Photoshop 7.0 application files as Win32:Malware-gen. I suspected that it was a false positive because these files have been on my pc ever since I installed Photoshop and Avast never detected them as threats until now. I immediately updated my virus definition to 100602-0 and ran another full scan. This time, no threats were detected.

Can anyone confirm the virus definition 100601-1 caused a false positive in Photoshop 7? The reason I’m asking this is because a few months back, I was trying out Avira and it too flagged the same Photoshop files as threats, but it seems that it too was a case of false positive since subsequent scans eventually turned up nothing.

Thanks.

It seems avast is reading data in yr Photoshop 7 that approximates some signature that may relate to suspect malware.
guesstimates on what info you provided points to a false positive.

but Im not sure as to virus definition 100601-1.
maybe there are others that have noticed something.

rabies, yes I got C:\Program Files\Adobe\Photoshop 7.0 ME\Samples\Droplets\Photoshop Droplets\Drop Shadow Frame.exe flagged with virus definition 100601-1. Sent it for analysis, virus definition 100602-0 doesn’t flag it. I submitted it to VirusTotal and it was flagged a couple of times. The date stamp of the file on my system is 14 August 2002 so I assume an F/P.

If 100602-0 doesn’t flag it the signature has been corrected after analysis and included in the next available virus definitions update.

Restore it from the chest (assuming you sent it there) to its original location, confirm that it is now in the original location and delete the copy that remains in the chest.

Thanks for the info, kidd. In my case all 9 .exe files in the Photoshop Droplets folder on my pc were flagged as Win32:Malware-gen. I remembered that back in February, Avira 9 also initially flagged these files as trojans (TR/Dldr.Agent.darp, I think), but after updating their virus definition, the files were no longer flagged. I’m just a bit concerned that 2 excellent AV products would have the same false positives months apart.

FYI, this is happening again, sort of?, with Photoshop Droplets files from Adobe Photoshop 6.0 and Avast! definitions current as of yesterday evening (and the past few days). The detection has happened some time after midnight and before 1am for the past several nights.

Here is one of the files:

http://Noel.ProDigitalSoftware.com/temp/Aged%20Photo.zip

Interestingly, scanning the files manually today results in no threat detection. Maybe the errant definition has already been fixed.

Note the attached screen grab of the File System Shield Scan Log.

-Noel