Is my computer at risk?
October 19, 2009 4:07 PM   Subscribe

I bought Photoshop CS4 (Windows) on eBay (I know, dumb, dumb, dumb, and more dumb). Packaging, product numbers, and dvds looked real, and it worked for exactly 30 days. Adobe says that serial number is invalid. Have read stories on Internet about trojans in MAC Photoshop CS4 software. I've run spyware and virus scans and turn up nothing. Is there any way I can be sure that this counterfeit software hasn't left a rootkit or something else nasty on my computer. Thanks!
posted by cyrreb to Computers & Internet (12 answers total) 1 user marked this as a favorite
If it worked for exactly 30 days it was most likely simply the demo version packaged as the real thing. A version intended to infect your computer would more likely have been cracked and kept on working.
Not saying it *couldn't* have been infected, but imo the odds are more in favor of it being a simple demo-sold-as-full scam.
posted by Billegible at 4:13 PM on October 19, 2009 [1 favorite]

If you don't have any viruses or spyware, the only last possible danger I can think of is that someone's installed a backdoor or an undetectable keylogger on your system. Download Zonealarm or Kerio Firewall and slowly start enabling programs, making sure to check to see if anything suspicious is trying to access the system.
posted by suedehead at 4:40 PM on October 19, 2009

There's no way to be 100% sure; I advise wiping the drive and starting fresh. You do have a backup, don't you?

I hope you were at least able to get your money back from your credit card company or eBay. Buying legal software on eBay can be done, but it's not for the faint of heart.
posted by LuckySeven~ at 5:46 PM on October 19, 2009

Since the install CD is the suspect source, that's the best place to do your analysis. Get a known good copy of the CD (making sure it's the same exact version) & run a cryptographic hashing program on both it & your copy, then compare hashes. I'm not sure how practical that is for you, but aside from that the only options are to either trust your PC's AV/malware detection or wipe/reinstall.
posted by scalefree at 6:42 PM on October 19, 2009

If you haven't done any major installing/uninstalling other than CS4 in those 30 days, why not do a System Restore? Just roll back to where you were before you installed. I'm not sure whether rootkits and backdoors are Restoreproof or not, but it's an easy precaution to take.
posted by JustWandering at 8:11 PM on October 19, 2009

I bought Photoshop CS4 (Windows) on eBay (I know, dumb, dumb, dumb, and more dumb).

The Photoshop I use at home was bought on eBay many years ago, and has been upgraded a couple of times, since, so this isn't necessarily a dumb thing to do.

The recent versions (since CS1, I think) are always full versions that run in demo mode for 30 days, I think. That happens to me whenever I reinstall and can't be bothered to dig up the number. So I doubt this is any spyware or super-nefarious thing: it's just a normal copy without a valid serial number.
posted by rokusan at 9:36 PM on October 19, 2009

Just Googled that trojan report, because I hadn't heard that one before. According to this story, the pirated CS4 installer that floated around was normal/clean, but it came with a tiny "hack your serial number" application that was, surprise, some sort of malware that installed nastiness on your Mac.

Since all you're running is the actual installer, you'd be immune to this sort of thing, which is more social engineering than real hackery. ("Here, stupid user: run this program and enter your root password, please!")
posted by rokusan at 9:38 PM on October 19, 2009

(For future purchases, have had very good service and very, very good prices with Discount Mountain.)
posted by Tufa at 10:32 PM on October 19, 2009 [3 favorites]

Here's a scanner download for this particular Trojan.
posted by starman at 5:07 AM on October 20, 2009

I think after reading the problem you are having that most likely you are seeing what others have hinted at, and that is a clean instalation that is running in Demo mode. Which is standard behaviour in my experience with Adobe stuff. Unless you have a specific reason to suspect an infection outside of the app expiring if would roll back as previously suggested and then try to reinstall paying attention to the prompts during install to make sureyou install the full version and not the demo.
posted by theButterFly at 5:49 AM on October 20, 2009

If the software looks legit and Adobe says it is a bad serial number I would have them provide you with a valid serial number. How? Complain to high hell that the software, packaging, manuals, registration form, whatever you have says 100% legit, and demand a new #. Adobe will eventually relent, and make you sign something or send them something, and that will be that. Remember you bought a license which means you have the right to install the software on your computer. Adobe, unless they can prove the software, packaging, etc. is counterfeit has to make you whole.
posted by Gungho at 6:23 AM on October 20, 2009

Nope, not really, except a wipe and reinstall. That's pretty much what rootkits do: they make themselves undetectable. It's unlikely you have a rootkit but that wasn't your question.
posted by chairface at 4:38 PM on October 20, 2009

« Older Biography series for kids?   |   "He took too much LSD in the '60s". Newer »
This thread is closed to new comments.