Avast Internet Security
just checking …but got a pop up alert for c:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe
the analysis says not enough evidence to identify the file as malware but recommended using in sandbox?
I recently chose the PUP option when full scanning but did not do any scan today when this alert popped up
I have never gotten alerts about a program before.
is there any reason to not run this photoshop version normally as I always have?
*I just noticed there is no letter “O” in photoshop.exe… is the extension valid for “photoshp.exe”?
I think the missing “o” is just an old way to have names 8+3 characters.
It would be safe if you submit the .exe file to www.virustotal.com and post back the results.
Thanks.
Since this is a relatively old version of photo shop, the file may not have a high prevalence in the avast database, it may also not be digitally signed. The more of the things the autosandbox is looking at the more likely it will recommend running a sandbox check.
Given the VT results and the fact that the autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.
You can use the dropdown selection to have avast open it normally.
A packer is an method of zipping (archiving) files to make them smaller, so all this it is showing in the additional information is that the file is packed (made smaller) using that packer.
Some packers are more commonly used by malware writers (not necessarily the case for the Armadillo packer) as they can be difficult to unpack to scan for malware. So some consider them suspect just because they use that packer method, but that doesn’t mean all files packed in this way are malicious.