Win32:Malware-gen in 2 files

[Silver Springer]

Ran my weekly Avast full system scan. 

Found Win32:Malware-gen in C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\locales\en_us\ADB2.EXE|>[UPX]

so I moved it to Chest, and Avast then told me to run a boot-time scan.  So I did, and it found:
File C:\System Volume Information\_restore{3BEEC17C-D923-47C4-8980-270374C47ECD}\RP906\A0337894.EXE|>[UPX] is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\Downloaded Installations\{8379D168-79F6-4394-81A2-BB1944E8F892}\Adobe Photoshop Album 3 SE.msi|>Data1.cab|>ADB2.EXE|>[UPX] is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}

So, as this shows, the _restore file was Moved to chest (couldn't repair), but can't seem to do the same for the Adobe file (and can't seem to repair or delete it via Avast).

I'm running Windows XP.  Avast 6.0.1203 with Virus Definitions 111014-1.  No idea how malware would have gotten on my computer.  And I never (ever) use the Adobe Photoshop Album Starter.

My research on this so far has determined that this is (1) a false positive, (2) an incredibly dangerous Trojan that will lead to my computer being hijacked and my financial information stolen, or (3) something else.

Can someone please help me determine if this is actually a problem and, if so, what to do about it?

[mikaelrask]

welcome to the forum. i suggest you do a scan with malwarebytes antimalware for a second option

http://filehippo.com/download_malwarebytes_anti_malware/

download install update, and do a scan don't forget to remove what it finds. a system reboot might be needed.

if the files are in the chest then there no danger for you. sense the chest is a protected area where malware can't do any harm on your computer.

the first file that's lokated in adobe photoshop album 3 sounds like a false threat to me please upload it to virustotal.com and post the result here.

http://www.virustotal.com/

you could also do that with the second files as well but I think the second should be a real threat, but just in case.

good luck and let us know on the progress, or if you need more support from us.

[DavidR]

Also see topic, http://forum.avast.com/index.php?topic=86649.0.

[Silver Springer]

Here's what virustotal had to say about the Adobe file:


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Adobe Photoshop Album 3 SE.msi
Submission date:
2011-10-15 12:27:00 (UTC)
Current status:
finished
Result:
1/ 43 (2.3%)
   
VT Community

not reviewed
 Safety score: -
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3   2011.10.13.00   2011.10.13   -
AntiVir   7.11.15.252   2011.10.13   -
Antiy-AVL   2.0.3.7   2011.10.13   -
Avast   6.0.1289.0   2011.10.13   -
AVG   10.0.0.1190   2011.10.13   -
BitDefender   7.2   2011.10.13   -
ByteHero   1.0.0.1   2011.09.23   -
CAT-QuickHeal   11.00   2011.10.13   -
ClamAV   0.97.0.0   2011.10.13   PUA.Packed.PECompact-1
Commtouch   5.3.2.6   2011.10.13   -
Comodo   10440   2011.10.13   -
DrWeb   5.0.2.03300   2011.10.12   -
Emsisoft   5.1.0.11   2011.10.13   -
eSafe   7.0.17.0   2011.10.11   -
eTrust-Vet   36.1.8617   2011.10.13   -
F-Prot   4.6.5.141   2011.10.13   -
F-Secure   9.0.16440.0   2011.10.13   -
Fortinet   4.3.370.0   2011.10.13   -
GData   22   2011.10.13   -
Ikarus   T3.1.1.107.0   2011.10.13   -
Jiangmin   13.0.900   2011.10.12   -
K7AntiVirus   9.115.5278   2011.10.13   -
Kaspersky   9.0.0.837   2011.10.13   -
McAfee   5.400.0.1158   2011.10.13   -
McAfee-GW-Edition   2010.1D   2011.10.13   -
Microsoft   1.7702   2011.10.13   -
NOD32   6541   2011.10.13   -
Norman   6.07.11   2011.10.13   -
nProtect   2011-10-13.01   2011.10.13   -
Panda   10.0.3.5   2011.10.13   -
PCTools   8.0.0.5   2011.10.13   -
Prevx   3.0   2011.10.15   -
Rising   23.79.03.02   2011.10.13   -
Sophos   4.70.0   2011.10.13   -
SUPERAntiSpyware   4.40.0.1006   2011.10.13   -
Symantec   20111.2.0.82   2011.10.13   -
TheHacker   6.7.0.1.322   2011.10.13   -
TrendMicro   9.500.0.1008   2011.10.13   -
TrendMicro-HouseCall   9.500.0.1008   2011.10.13   -
VBA32   3.12.16.4   2011.10.13   -
VIPRE   10749   2011.10.13   -
ViRobot   2011.10.13.4717   2011.10.13   -
VirusBuster   14.1.11.0   2011.10.13   -
Additional information
MD5   : c45fa92c51090bb8d57d27aa0197d6fb
SHA1  : 19b1e260829dc54d0598f0d2e3838884627e3078
SHA256: 7c33a3d43478ef3369e1fe53c473386c31b0ceec0f9065650095300455136644

VT Community

    This file has never been reviewed by any VT Community member. Be the first one to comment on it!



I can't even find the path for the _restore file in order to upload it to virustotal...

Will do the malwarebytes thing shortly.

Thanks!

[Silver Springer]

Can I just delete/Uninstall Adobe Photoshop Album Starter?  Will that take care of this problem (assuming it is a problem)?  I never use it, so no loss to me to delete it.

And how do I find the affected restore point?  I can't find any folder called system volume information.  Happy to just delete that too, but can't even find it...

[Pondus]

Can I just delete/Uninstall Adobe Photoshop Album Starter?  Will that take care of this problem (assuming it is a problem)?  I never use it, so no loss to me to delete it.

possible....an if you dont use it it is no loss

And how do I find the affected restore point?  I can't find any folder called system volume information.  Happy to just delete that too, but can't even find it...

you can delet all restore points....see how to here

How can virus be eliminated from the System Protection (Windows 7/Windows Vista) or System Restore folder (Windows XP)?
http://www.pandasecurity.com/homeusers/support/card?id=18&IdIdioma=2&ref=WpaVirEnciclopedia

[DavidR]

Can I just delete/Uninstall Adobe Photoshop Album Starter?  Will that take care of this problem (assuming it is a problem)?  I never use it, so no loss to me to delete it.

And how do I find the affected restore point?  I can't find any folder called system volume information.  Happy to just delete that too, but can't even find it...

Well that isn't the Adobe Photoshop Album starter, but the installation file. If you have Adobe Photoshop Album 3 installed that file is effectively redundant. So there should be no need to uninstall adobe photoshop.

You won't find the affected restore point, you already moved it to the chest ?

That is the whole point of system restore, if you move or delete certain files in certain locations, it makes a backup copy (a restore point), should you have made an error and needed to restore it.

[Silver Springer]

I deleted the Adobe installation file.

Downloaded Malwarebytes and ran a full scan.  No malicious items were detected.

[mikaelrask]

hey. ok malwarebytes dident find anything that's good news, avast seems to have done it's job.

what about the second file could you post a virustotal result on that one two so we could check it. for its that one i think was a real threat.

thanks

[Silver Springer]

No, I can't.  For one thing, I can't even find the path that gets me to that file.  But also, I think because it is now in the Chest, I also can't.

But more than happy to upload it to virustotal if someone can tell me how.