After having used Printmaster Gold 11 on my computer for about two years, Avast detected Win32:Evo-gen [Susp], which it then moved to the virus chest. Thinking it unlikely that a virus would have attached itself to this particular program, I restored the file (pmw.exe). Avast immediately detected the file again and moved it back to the virus chest. So, now I have three questions:
What is the likelihood of this being a false positive, and is there any way to know for sure?
Assuming it is an actual virus, is it safe to leave it in the chest, or do I need to follow the involved removal procedures I have seen online, or is there another action I should take?
Should I uninstall the Printmaster program and reinstall it, in case there was a corrupted file or something that could have caused a false positive? Obviously, I can’t use it as is anyway, without the exe file, but I’m concerned that if I uninstall it, then the folders with my project data in them will be deleted too. I guess I could temporarily move the data files into a different folder.
1) What is the likelihood of this being a false positive, and is there any way to know for sure?
1.a high
1.b uploading and testing file at www.virustotal.com
2) Assuming it is an actual virus, is it safe to leave it in the chest, or do I need to follow the involved removal procedures I have seen online, or is there another action I should take?
yes .... that is what chest quarantine is made for
Is there an advantage to submitting the file to VirusTotal rather than the Avast virus lab for analysis? What is the difference between the two? Does VirusTotal provide an immediate analysis?
I can’t quite seem to figure out how to get the suspected file into box to submit it to VirusTotal. I know how to extract the file out of the chest to put it in a different location on my computer, but I don’t know how to get it into the submission box on the VirusTotal website.
Since it is safe to leave a virus in the virus chest, and I assume most anti-virus programs have such a chest or vault, why are there so many postings online about how to remove or delete various viruses? Is it because certain viruses resist being put into a safe place like the chest?
You have to restore file (your AV may detect and remove it again) to orginal location or a location of your choice, then you browse to that location from the VT box. search youtube for a how to use VT video
Yes, resist being moved/deleted or it my avoid being detected. No security program have 100% detection or zero false positives
Thanks for your help! It’s good to know about the VirusTotal site; that’s a valuable tool! None of the 57 virus engines–including Avast–detected a virus. Unfortunately, I’m going to have to uninstall and reinstall Printmaster anyway, as it will not run now, despite the fact I restored the suspect file back to where it was. Avast did not move the file to the chest again, even when I ran a quick scan.
A related issue has arisen. I did a full scan a couple of days ago. As usual, there were quite a few files Avast couldn’t scan. Normally, these are all install_flashplayer files, with this message:
Error: Archive is password protected. (42056)
However, this time there were four Printmaster files in addition to all the flash player files. When I had uninstalled Printmaster, prior to doing that scan, several dialogue boxes popped up asking me if I wanted to delete specific files, and that other applications might not work properly if I did. I think I deleted 2 - 4 of these, and the rest I chose not to delete. At least one of the files (and perhaps all four) that Printmaster couldn’t scan was one of the ones that I was asked if I wanted to delete during the uninstall process (and did delete), so I’m assuming that has something to do with the fact those files can’t be scanned. What should I do, if anything?
This is the error message for the Printmaster files:
Error: The process cannot access the file because another process has locked a portion of the file (33)
Thanks! I had read an answer in the past to the question about files that couldn’t be scanned, in Avast FAQ’s or knowledge base or something, but I’m specifically wondering why those Printmaster files are now on the list of files that can’t be scanned. I’m also wondering if it had to do with my decision to delete or not delete the files during the uninstall process, and whether I made a wrong choice. Maybe those are questions that only someone who is very familiar with Printmaster could answer. I appreciate all the answers you have given me though. You have been very helpful!
but I'm specifically wondering why those Printmaster files are now on the list of files that can't be scanned.
as i understand this was the message avast gave
“Error: The process cannot access the file because another process has locked a portion of the file (33)”
Sorry it took me so long to get back to you. I have been getting home too late to do a full scan. I finally had the time to do one and those files are no longer in the list of files than could not be scanned.