Something screwy here...

Discussion in 'Mac Basics and Help' started by GraphicOutput, May 10, 2008.

  1. GraphicOutput macrumors newbie

    Joined:
    Aug 28, 2007
    Location:
    South Bay Area, CA
    #1
    I'm getting pretty worried here.

    A few days ago after installing Photoshop CS3 on my iMac, I began to work on a file. I went to save the file and my system froze. A transparent gray image was overlaid across the screen instructing me to restart my computer.

    After resetting, I took a look to see if the file I was working on was saved, and by chance, I accidentally clicked on my root directory. What I saw there disturbed me quite a bit... There was a file there named "Ahmbed.gz". Through a series of ridiculous events, instead of throwing it away like I meant to do, I instead accidentally extracted it onto my desktop. There was just one file by the same name, Ahmbed, only with no extension.

    After getting over the initial panic, I searched on google a bit and I found that this file apparently had something to do with pirated Adobe software. I knew this had nothing to do with my Photoshop install since I am sure that I have the full retail version, but I digress. I ended up tossing the file into the trash can and sought out some sort of virus scanner. I decided on Clamxav since it seemed to come highly recommended across the board, including MacWorld and Apple itself.

    Today, after a successful scan, it appeared that the only viruses lying on my hard drive were some ancient .EXE's in my 2002 email archive from my Windows days.

    I was pretty relieved to see this and hoped the ordeal was over, but just moments ago, instead of visiting the link I had intended, I was redirected to a website called "waytotheprofit" dot com, informing me that I was about to enter a malicious website. I suppose in some circles, Digg.com could be considered malicious, but I highly doubt Firefox has gone and developed itself an opinion of my internet habits.

    I'm really at a loss here. If my computer was infected, it was by my own fault, but I'm hoping that if that's the case, there's still something I can do.

    Sorry for the novel-length post. :p
     
  2. Mr.Noisy macrumors 65816

    Mr.Noisy

    Joined:
    May 5, 2007
    Location:
    UK™
    #2
    Where did you get your copy of CS3? a reputable retailer??
    only there are so many people now trying to rip us off it's becoming a real pain in the grass, there is a thread over at Adobe where a guy had the same thing show up on his version of CS3, Ahmbed.gz

    http://www.adobeforums.com/webx?14@@.3c05ba4b/10

    turns out he purchased it via ebay and checked it out and this was the result:

    Okay, I've been had! The SN is not valid according to Adobe :eek:

    contact Adobe see what they say, Might be something completely different and your versions ok, but then again your supplyer could have been ripped off, only one phone call to find out, good luck :)
     
  3. XweAponX macrumors newbie

    Joined:
    Jul 29, 2008
    #3
    ACTUALLY:

    This Ahmbed file came WITH the file I downlaoded here:

    http://www.adobe.com/cfusion/tdrc/index.cfm?loc=en_us&product=indesign

    The archive file, called

    ADBEPHSPCS3_WWE.exe is 463 MB->

    By running the EXE the installer package Extracts the CS3 Installer to where you point it on your hard drive:

    Here is the TREE from where I installed it to- I dont know if your OSX has a Tree command like this, but Windows DOES:


    C:\DOWNLOAD\Adobe CS3\Photoshop>tree /f
    Folder PATH listing for volume VistS__t-PC
    Volume serial number is 0015F688 88B7:8570
    C:.
    └───Adobe CS3
    Ahmbed.gz
    │ Setup.exe
    │ WinBootstrapper.msi

    ├───payloads
    │ ├───AdobeALMAnchorServiceAll
    │ │ AdobeALMAnchorServiceAll.msi
    │ │
    │ ├───AdobeAssetServices3All
    │ │ AdobeAssetServices3All.msi
    │ │
    │ ├───AdobeAUM5.1All
    │ │ AdobeAUM5.1All.msi
    │ │
    │ ├───AdobeBridge2All
    │ │ AdobeBridge2All.msi
    │ │
    │ ├───AdobeCameraRaw4.0All
    │ │ AdobeCameraRaw4.0All.msi
    │ │
    │ ├───AdobeCMapsAll
    │ │ AdobeCMapsAll.msi
    │ │
    │ ├───AdobeColorCommonSetAll
    │ │ AdobeColorCommonSetAll.msi
    │ │
    │ ├───AdobeColorEU_ExtraSettingsAll
    │ │ AdobeColorEU_ExtraSettingsAll.msi
    │ │ en_US.mst
    │ │ ja_JP.mst
    │ │ ko_KR.mst
    │ │ zh_CN.mst
    │ │ zh_TW.mst
    │ │
    │ ├───AdobeColorJA_ExtraSettingsAll
    │ │ AdobeColorJA_ExtraSettingsAll.msi
    │ │ ar_AE.mst
    │ │ cs_CZ.mst
    │ │ da_DK.mst
    │ │ de_DE.mst
    │ │ el_GR.mst
    │ │ en_GB.mst
    │ │ en_US.mst
    │ │ es_ES.mst
    │ │ fi_FI.mst
    │ │ fr_FR.mst
    │ │ hu_HU.mst
    │ │ it_IT.mst
    │ │ nb_NO.mst
    │ │ nl_NL.mst
    │ │ pl_PL.mst
    │ │ pt_BR.mst
    │ │ ru_RU.mst
    │ │ sv_SE.mst
    │ │ tr_TR.mst
    │ │
    │ ├───AdobeColorNA_RecommendedAll
    │ │ AdobeColorNA_RecommendedAll.msi
    │ │ en_US.mst
    │ │
    │ ├───AdobeColorPhotoshopAll
    │ │ AdobeColorPhotoshopAll.msi
    │ │
    │ ├───AdobeDefaultLanguageCS3All
    │ │ AdobeDefaultLanguageCS3All.msi
    │ │ ar_AE.mst
    │ │ bg_BG.mst
    │ │ ca_ES.mst
    │ │ cs_CZ.mst
    │ │ da_DK.mst
    │ │ de_DE.mst
    │ │ el_GR.mst
    │ │ en_GB.mst
    │ │ en_US.mst
    │ │ es_ES.mst
    │ │ et_EE.mst
    │ │ fi_FI.mst
    │ │ fr_FR.mst
    │ │ he_IL.mst
    │ │ hr_HR.mst
    │ │ hu_HU.mst
    │ │ it_IT.mst
    │ │ ja_JP.mst
    │ │ ko_KR.mst
    │ │ lt_LT.mst
    │ │ lv_LV.mst
    │ │ nb_NO.mst
    │ │ nl_NL.mst
    │ │ pl_PL.mst
    │ │ pt_BR.mst
    │ │ ro_RO.mst
    │ │ ru_RU.mst
    │ │ sk_SK.mst
    │ │ sl_SI.mst
    │ │ sv_SE.mst
    │ │ tr_TR.mst
    │ │ uk_UA.mst
    │ │ zh_CN.mst
    │ │ zh_TW.mst
    │ │
    │ ├───AdobeDeviceCentralAll
    │ │ AdobeDeviceCentralAll.msi
    │ │
    │ ├───AdobeExtendScriptToolKitAll
    │ │ AdobeExtendScriptToolKitAll.msi
    │ │ ar_AE.mst
    │ │ be_BY.mst
    │ │ bg_BG.mst
    │ │ ca_ES.mst
    │ │ cs_CZ.mst
    │ │ da_DK.mst
    │ │ de_DE.mst
    │ │ el_GR.mst
    │ │ en_GB.mst
    │ │ en_US.mst
    │ │ en_XC.mst
    │ │ en_XM.mst
    │ │ es_ES.mst
    │ │ es_QM.mst
    │ │ et_EE.mst
    │ │ fi_FI.mst
    │ │ fr_FR.mst
    │ │ fr_XM.mst
    │ │ he_IL.mst
    │ │ hi_IN.mst
    │ │ hr_HR.mst
    │ │ hu_HU.mst
    │ │ is_IS.mst
    │ │ it_IT.mst
    │ │ ja_JP.mst
    │ │ ko_KR.mst
    │ │ lt_LT.mst
    │ │ lv_LV.mst
    │ │ mk_MK.mst
    │ │ nb_NO.mst
    │ │ nl_NL.mst
    │ │ pl_PL.mst
    │ │ pt_BR.mst
    │ │ ro_RO.mst
    │ │ ru_RU.mst
    │ │ sh_YU.mst
    │ │ sk_SK.mst
    │ │ sl_SI.mst
    │ │ sq_AL.mst
    │ │ sv_SE.mst
    │ │ th_TH.mst
    │ │ tr_TR.mst
    │ │ uk_UA.mst
    │ │ vi_VN.mst
    │ │ zh_CN.mst
    │ │ zh_TW.mst
    │ │
    │ ├───AdobeFontsAll
    │ │ AdobeFontsAll.msi
    │ │
    │ ├───AdobeHelpViewerAll
    │ │ AdobeHelpViewerAll.msi
    │ │
    │ ├───AdobeLinguisticsAll
    │ │ AdobeLinguisticsAll.msi
    │ │
    │ ├───AdobePDFL8All
    │ │ AdobePDFL8All.msi
    │ │
    │ ├───AdobePDFSettingsNAEU
    │ │ AdobePDFSettingsAll.msi
    │ │
    │ ├───AdobePhotoshop10en_US
    │ │ AdobePhotoshop10en_US.msi
    │ │ en_US.mst
    │ │
    │ ├───AdobeStockPhotos1.5All
    │ │ AdobeStockPhotos1.5All.msi
    │ │
    │ ├───AdobeTypeSupportAll
    │ │ AdobeTypeSupportAll.msi
    │ │
    │ ├───AdobeVersionCueClient3All
    │ │ AdobeVersionCueClient3All.msi
    │ │
    │ ├───AdobeWinSoftLinguisticsPluginAll
    │ │ AdobeWinSoftLinguisticsPluginAll.msi
    │ │
    │ ├───AdobeXMPPanelsAll
    │ │ AdobeXMPPanelsAll.msi
    │ │
    │ └───BridgeStartMeeting
    │ BridgeStartMeeting.msi

    ├───redist
    │ WindowsInstaller-KB893803-v2-x86.exe
    │ WindowsServer2003-KB898715-ia64-enu.exe
    │ WindowsServer2003-KB898715-x64-enu.exe
    │ WindowsServer2003-KB898715-x86-enu.exe
    │ WindowsXP-KB898715-x64-enu.exe

    └───resources
    └───common
    └───scripts
    ContainerProxy.js
    localization.js
    silentWorkflow.js
    utils.js


    C:\DOWNLOAD\Adobe CS3\Photoshop>

    Note that if I got this in a Windows version straight from ADOBE- And you guys have it in the MAC version...

    And I know where i got it, I downloaded the TRIAL version of CS3 from Adobe. THIS FILE is part of the Adobe Package. DON'T KNOW what it is, but certainly, if you don't like it, you can delete it, like I did, with no Ill effects.

    If it IS a virus however, then someone at ADOBE put this thing right into the package.

    IT IS NOT A CRACK. A Crack for CS3 is the entire Photoshop.exe file, 43 Megabytes- It is dropped into the Photoshop directory before initially running any part of CS3, then when Photosho.exe is run, it inserts a serial number and activates it, bypassing the flexLM licence manager.

    THAT is how a Photochop crack works, one of the cracks I have seen- Others are simply Keygens, like CS2, you perform a Phone Activation, enter the Acvitation code into the keygen, and it spits out the answer code.

    THIS little POS file however, is NOT a keygenm and it is NOT an exe that can be dropped into a folder, it is simply extra code left over from installing CS3, and Adobe made it.

    :mad:;):eek::(:eek:;):mad:


    EDIT:

    I opened the alleged Ahmbed "VIRUS" file,

    There is simply NOTHING in it but some references to PAYLOAD locations (IE: Places on your hard drive where your Adobe CS3 Install Files are located).

    Here is ONE LINE from the file:

    BEGIN - Updating Media Sources - BEGIN --------------------
    Updated source path: C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58

    AS YOU CAN SEE: A VALID piece of ADOBE PROGRAMMING

    I hope that in the future, people would CHECK THINGS OUT before spewing off their mouth. There is NO VIRUS- And NO understanding of how "cracks" work - If you had more than 2nd hand knowledge of how cracks work, then you would have known like myself, that this file was absolutely NOT a virus, crack or anything even LIKE a virus or a crack and/or both (But actually neither).

    Next time investigate before posting a spew of erroneous dogma that has been cut and pasted all over the Abode areas of the internet- That I have to chase down to refute.
     
  4. XweAponX macrumors newbie

    Joined:
    Jul 29, 2008

Share This Page