Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Adobe Gamma Loader.exe Detected as Trojan.Gen.X

Created: 21 Sep 2012 • Updated: 24 Sep 2012 | 18 comments
This issue has been solved. See solution.

This morning we had a fair number of machines that detected Trojan.Gen.X for the Adobe Gamma Loader.exe (file path on XP:  C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe).  I think the systems are all running Adobe CS 3 but am not 100% positive on this.  Is this a legitimate detection or a false positive?

Thanks!

Comments 18 CommentsJump to latest comment

ragenkagen's picture

On Google + others running different versions of CS or other Adobe products are getting this as well.

P_K_'s picture

https://www-secure.symantec.com/connect/forums/adobe-gamma-loaderexe-alerts-today

Please submit the file to Symantec security response.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

ragenkagen's picture

Prachand, I will try to do this if I can get it.  SEP Policies have been deleting it on a lot of machines, though we may have some different groups with different policies.

Michael B.'s picture

Submitted to Symantec.

We are getting quite a few machines reporting this.  Some running CS3, CS5 and some running Adobe PS Elements !

It is part of the Adobe screen gamma calibration tool.

Michael B.'s picture

I added it to the centralized exception policy, then restored the file backup in the quarantine.  Submitted the file to Symnatec support, and here is the result.

Will leave in my exception policy until I can get word from Symantec that the detection issue is resolved.

 

Submission Summary
Files Submitted
# Filename MD5 Determination Signature Protection Name RR Seq#
1 adobe gamma loader.exe C2FF17734176CD15221C10044EF0BA1A

Developer Notes:
adobe gamma loader.exe is a clean file.

Assessment File1:  adobe gamma loader.exe (113664 bytes)
MD5:  C2FF17734176CD15221C10044EF0BA1A
SHA-1:  C5B97DCD1EF1DD4A0FB5D7CE13E85FE1820CEF47
SHA-256:  B0D83215E105E2CC88AAA556B1DF380B2E67500A21077F83447199DB8E8CB7BD
Machine: Machine
Determination: Clean
Determination Detail:  This file is clean.

  

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

P_K_'s picture

Can you  open a case with Symantec and ask it be relooked.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Fabiano.Pessoa's picture

Hi,
Adobe has always been and will always be vulnerable.
If possible swap if you do not just put the SEP always on alert with adobe
There are vulnerabilities and exploits that are created to always attack with this type of application.
take care

Fabiano Pessoa

Systems Analyst - Forensic Expert

Michael B.'s picture

Done

Support indicates the fix should be in defs r17 from today, or in tomorrow's base certified release.

Hope that helps you out.

I'm leaving my centralized exception entry in until Monday to be sure.

 

 

.Brian's picture

So this is a confirmed false positive?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Michael B.'s picture

Hi Brian.. Yes it's confirmed by Symantec support as a false positive.

.Brian's picture

Great, thanks for updating.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

chestnutoak's picture

I have a home copy of SEP provided by my employer. it detected adobe gamma loader.exe as trojan.gen.x yesterday evening. I deleted it and ran a full msanual system scan.

SEP found another file that it identified as trojan.gen.x:

A0098343.exe

Is this a coincidence, or has SEP found two real trojans?

Not being very versed in these deep computer detail, might it be a restore version of the same adobe file?

 

 

Action Risk Type Original Location
Cleaned by deletion File c:\System Volume Information\_restore{CCBD9007-8833-4453-B61E-BB22C73B8EBD}\RP774\
 

 

.Brian's picture

Have you updated to latest revision? Any detections?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

is the system updated with the latest definition?

can you open a support ticket?

Mithun Sanghavi's picture

Hello,

Symantec have received multiple reports of a file named Adobe Gamma Loader.exe being detected as Trojan.Gen.X. It is confirmed this was a False Positive.

It was resolved as of definition Version: 20120921.003.

It is recommended to make sure you are running the Latest version of Virus Definitions on the Symantec Endpoint Protection clients.

Similar Thread: https://www-secure.symantec.com/connect/forums/adobe-gamma-loaderexe-alerts-today

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Mick2009's picture

Hello ragenkagen,

Please see this thread:

https://www-secure.symantec.com/connect/forums/adobe-gamma-loaderexe-alerts-today

There was a recent False Positive with a file of this name, but that has now been corrected.

With thanks and best regards,

Mick

mm12345's picture

Thanks all for helping out in determining that this was a false positive.