Virus Alarm (False Positive?) in PaintShop Photo Pro X3

Scotty1978 · Post by **Scotty1978** » Fri Feb 05, 2010 4:16 pm

An original file in Paint Shop Pro Photo X3 from Corel is infected by a
virus, so at least some of the report AntiVirus Tools.

See:
http://www.virustotal.com/analisis/8827 ... 1265029800

Affected are the following files:
c:\program files\corel\mle\vfx_plug\bwout.vfx
?:\Corel PaintShop Photo Pro X3\CDS\MLE.msi

Post by **Ron P.** » Fri Feb 05, 2010 7:05 pm

Where did you download the file from?

I've installed it a few times now, and never received any such virus alerts on it. I think it is safe, if you're getting your file from a reputable source, to consider that a false hit.

Scotty1978 · Post by **Scotty1978** » Fri Feb 05, 2010 8:01 pm

I have downloaded the PSP directly from Corel.

For example, a warning comes even if you do a complete scan, or is the AntiVirus software attaches directly on it, or the file from the PSP bwout.vfx loaded into memory.

Post by **Ron P.** » Fri Feb 05, 2010 8:05 pm

Corel would not release any files that are infected with a virus. It is not uncommon for some anti-virus programs to give false hits. With a flash authoring program I have, McAfee is notorious for this.

Scotty1978 · Post by **Scotty1978** » Fri Feb 05, 2010 8:18 pm

I also believe that it is a false alarm. I've been using Norton AntiVirus. Users should be careful, but just because the file is usually deleted. The PSP will not work, perhaps entirely.

pdxrjt · Post by **pdxrjt** » Sat Feb 06, 2010 12:57 am

Since installing PSP-X3, I've run 3-4 anti-virus checks with 2 different programs. They have not reported a virus.

sjj1805 · Post by **sjj1805** » Sat Feb 06, 2010 3:58 am

Scotty1978 wrote:I also believe that it is a false alarm. I've been using Norton AntiVirus. Users should be careful, but just because the file is usually deleted. The PSP will not work, perhaps entirely.

Anti-Virus programs contain a facility to exclude any files or directories from future checks. These programs try to calculate if something is a virus - they do not rely on a big list of them. (How else would they detect new ones!)

Scotty1978 · Post by **Scotty1978** » Sat Feb 06, 2010 11:38 am

pdxrjt wrote:Since installing PSP-X3, I've run 3-4 anti-virus checks with 2 different programs. They have not reported a virus.

See:
http://www.virustotal.com/analisis/8827 ... 1265029800
This was an original file from Corel.

sjj1805 wrote: Anti-Virus programs contain a facility to exclude any files or directories from future checks.

Had I made, but only after the false positive.
You simply need to know beforehand, and who knows ...

Post by **Ron P.** » Sat Feb 06, 2010 1:11 pm

I'd say find another anti-virus program. I used to use McAfee and Norton, but got tired of all the B.S. they throw. McAfee gives more false hits than about any other. Norton (Symantec) is next to impossible to remove from your PC once it's installed, and most PC vendors love putting that one on.

If that file was in fact infected, then everyone of us would have received hits on it, and had Corel notified in a second. Corel would have stopped any further downloads, and repaired it. Viruses from a corporation is very, very serious. It could cost them big money in just a short time.

With that said, don't go spouting that Corel's files are infected all over the web. If you think it is contact Corel, and the support for the antivirus program you use. They then can communicate to get things corrected.

pdxrjt · Post by **pdxrjt** » Sat Feb 06, 2010 4:18 pm

Scotty,

Not sure of your point....I clicked on the link and went to a webpage of viruses (your computer??) Anyway, my point is that I run an anti-virus program about every other day..one that is always active and then another that does not boot with my OS, but I turn on just to scan. Since I've had PSPX3, I've probably run 4 anti-virus scans (and probably 4 anti-spyware scans) and nothing shows up. Hope this helps.

Post by **LeviFiction** » Sat Feb 06, 2010 5:29 pm

The link Scotty keeps showing is an online service that uses multiple anti-virus programs to detect if a virus exists in the file you uploaded.

False positives are likely so the more confirmed hits the more likely a virus does exist.

Now this link shows 11 out of 40 scans reveal viruses. Of those 11 scans I only recognize 6 of the anti-virus programs.

The consistency of the naming of these virus possibilities is pretty good but there are enough differences to make me think they were found through heuristics and not from a virus database which most anti-virus systems use. So if it were a confirmed known and fixable virus as determined by the database you'd have a lot more hits.

Also the areas of the file that they think might be proof of a virus are listed at the bottom. The hex values, as far as I can tell, and the listed imports, commands, and DLLs I think you're safe.

I'm no expert mind you but from what I can tell this is most assuredly a false-positive.

So in other words...you're safe.

Philocalist · Post by **Philocalist** » Tue Feb 16, 2010 2:21 pm

For what it's worth, I can confirm that the file IS 100% SAFE.
I had the same issues (using Vipre). I submitted the file to them as a suspected false positive, and got confirmation from them very quickly ... it IS a false-positive result (and will be included in their next DB update, which is usually available several times each day)

Hope this puts a few minds to rest