portrait professional 10 exe FP?

Hi,Just done a full scan with Avast IS and it’s flagged “portrait professional 10 exe” as malware.
I’ve had this prog on my laptop for quite a while and done many scans before and it’s never been
detected as a threat.
So i’m thinking it must be an FP,but would like verification.
Thanks in advance for any help. :-\

So i'm thinking it must be an FP,but would like verification.
then upload to www.virustotal.com and test with 40+ malware scanners

alternative: www.jotti.org or www.metascan-online.com

Here’s the virustotal scan https://www.virustotal.com/file/737240e9ea4be01b5ea557484e589d0dde19e13f6a2295f1c73717da31f3c905/analysis/1356802257/ still not sure if it’s an FP or not though, 2 say it’s dodgy and 15 say it’s ok.

OK you say 15 OK, 2 dodgy, but according to your link there are 24 of 46 say its bad. For me those kind of numbers are fairly clear, whilst may of those detections are generic (more prone to FP detection) it is hard to see them all being wrong.

At the very least there is something which they find suspect, what that is is anyone’s guess. It could be method of packing, e.g. a compression method that is commonly used with malware or exotic type of packer not normally seen.

2 say it's dodgy and 15 say it's ok.
where do you see that.....as i see a 26/46 s infected score here

First seen by VirusTotal
2012-06-08 18:51:42 UTC ( 6 måneder, 3 uker ago )

Sigcheck
publisher…: Anthropics Technology Ltd.
product…: Portrait Professional
copyright…: Copyright 2012 Anthropics Technology Ltd.
file version…: 10, 9, 5, 0
description…: Portrait Professional

many heuristic/generic detections… but strange if a file this old is FP
has there been program update lately ?

Hi Pondus,
Yeah the official score is 24/46 also if you look to the top right hand side you will see
a devil and angel,hover the mouse over the devil.
Whats confusing me(it does’nt take much) is the fact that this file has been scanned
since i’ve had portrait professional for almost a year,but now all of a sudden today it tells
me it’s a virus.
Also like you said the virustotal score were mostly generic which in my experience is
usually a sign of an FP.Theres been no update to the prog.

well after some conversation with Sophos lab it seems detection is correct

> Can you please confirm this as being a legitimate copy of Portrait > Professional Studio?

The person that gave it to me, say he had this program for some time, and
the problem started today when his avast internet security detected it…

We only ask this because this version was packed with a compromised
version of VMProtect. All of the packed versions out there have been
compromised and that is why Avast and our software are detecting it.

So what you are saying is that the detection is good?

It seems as though any packed version we have scanned are all cracked versions of this software.
Any of the legal copy’s of Portrait Professional are not packed at all.
We would have to say that the detection is valid since VMProtect has been compromised.

so where did you download it from?

So to check if you are clean…

Follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done the the removal experts will be notified. It may take hours before one arrive so be patient

I managed to do the four scans as instructed,there was a little glitch with the
OTL scan there was only one scan log and when i tried to save it as an ansi
file it would’nt let me,and said it had to be saved as a unicode file because
otherwise most of the characters would be missing.
You asked where i downloaded the exe from and i think a friend put it on my
laptop when i first had it about a year ago.
Here’s the log files from the scans.

it looks correct as i can read them all…

Essexboy is notified and should be in here later today :wink:

While i was waiting for a reply a MBAM popup alert flagged portrait professional 10 exe as a
virus and quarantined it saying it was riskware.
So i decided to uninstall portrait professional 10 using Revo uninstaller which successfully
removed it and said no left over files.
I then ran MBAR which said scan was clean,i then did a MBAM and Avast full scan and both give
clean bill of health.
I also deleted the quarantined file from MBAM and Avast.

While i was waiting for a reply a MBAM popup alert flagged portrait professional 10 exe as a virus and quarantined it saying it was riskware.
yes i sendt the sample to Malwarebytes yesterday, and they added detection for it as Riskware.Crack so...now you see the risk of using cracked software.

No apparent problems showing in the logs, is the computer behaving itself

Sorry it’s been a long time for my reply but i’ve been away from my laptop for a couple of hrs.
In answer to your question,the computer seems fine and i have’nt noticed any malfunctions.

Does this mean i’m clear to go :-\

Yup, run OTL and press the cleanup button to remove it ;D