Anyway, AVG Free detected a "Trojan horse Crypt.CFR" in Common Files/Adobe/Installer/and a bunch of numbers and letters/Setup.exe . From what I've read, there is no such thing as a "Trojan horse Crypt.CFR" and that this is probaby a false positive, but just to be on the safe side, I wonder if anyone else has experienced this and knows what to do.
It seems the problem is being reported on other sites and happens to be today as well. Apparently it is with universal Adobe products, mine is CS4 Extended.
<http://answers.yahoo.com/question/index?qid=20090126232534AAufmYU>
I find it pertinent that all the reports, so far as I've seen, are from AVG. My guess would be that AVG updated itself last night and is now registering a false positive on Adobe.
New Mac Trojan Spread By Pirated Adobe Software
By Stefanie Hoffman, ChannelWeb
2:51 PM EST Mon. Jan. 26, 2009
Apple (NSDQ:AAPL) is once again the target of a Mac-only Trojan
variant launched on the Mac OS X via pirated versions of Adobe
(NSDQ:ADBE) Photoshop CS4.
Mac security company Intego issued a security advisory Monday, warning
Mac users of the Trojan variant, which is estimated to have infected
at least 5,000 Macs as of Jan. 25.
The Trojan is a variation of the iServices Trojan malware, discovered
last week, which stormed across users' Macs via pirated versions of
Apple's productivity suite iWorks '09. As of Jan. 22, at least 20,000
users were believed infected by the malware, known as
OSX.Trojan.iServices.A, according to the security advisory.
Similar to the previous version of the malware, the new Mac Trojan
variant is spread through file-sharing sites such as BitTorrent
trackers and other sites that contain links to pirated software.
So does everyone agree that this was a false positive?
So does everyone agree that this was a false positive?
Id give that a 95%+ probability
To set your mind at ease, check the AV vendor <http://freeforum.avg.com/read.php?4,167314,backpage=1,sv=>. This will apparently be corrected soon.
Thank you, Mister Jordan.
The question I have is, are these files required? I don't want to delete the files if they are needed, but the folder above uses 49+ m-bytes. The installers folder uses 95 m-bytes. This isn't all that much in the great scheme of things, but a hundred meg here and a hundred meg there starts to add up...
did you get "avg needs to restart" msgs to apply updates larry?
It does not ask for a reboot if it only updates the virus signatures.
The day that it detected the false-positive in the Adobe setup.exe it later updated both the signature and its own programs, so needed to reboot.
AVG may ask for a reboot if it updates its own programs.
I understand. i'm saying it updated the app itself and rebooted at least 2 days in a row, maybe 3... the need to release an app update so close to the last one indicates there may have been major programming issues going on relating to the update.
i'd say false alarm on the trojan.
Go to your original install media or download-extract location and just copy that setup.exe into the
C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\setup.exe
that you deleted.
On my system, I am running the trial while waiting for the box to come, so that setup.exe is in:
C:\Users\Steve\Downloads\Adobe CS4\Photoshop\Adobe CS4
because I downloaded the .7z file containing the trial into my Downloads folder and ran its corresponding EXE from there.
These two setup.exe files are identical, at least in the trial version.
David E Crawford, "new member - old user ? about CS3" #43, 2 Feb 2009 7:46 pm </webx?14@@.59b7b5d1/42>
[just poking fun at the news you announced in post #31]
um, nobody reads post #5, do they? :)