Author Topic: Malware / virus attacking Paint Shop Pro  (Read 14285 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84886
  • No support PMs thanks
Re: Malware / virus attacking Paint Shop Pro
« Reply #15 on: January 18, 2009, 10:49:41 PM »
I know it isn't my problem, but I'm just expressing it is a strange action for malware to do and it isn't one that I have heard of before.

You mentioned "In 2000 I got a virus which distorts any graphics files saved by PSP7."
Was this the same effect as you are now describing ?
What was that virus called ?
And how did you deal with it back then if you can recall.

Other than the above I honestly don't know what you can do if there is no detections with these files, it would effectively have to be whatever file that is responsible for the creation or modification of the image that could be the one you need to find.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline normski-

  • Jr. Member
  • **
  • Posts: 25
Re: Malware / virus attacking Paint Shop Pro
« Reply #16 on: January 19, 2009, 08:46:23 AM »
'You mentioned "In 2000 I got a virus which distorts any graphics files saved by PSP7."
Was this the same effect as you are now describing ?'

Yes.

'What was that virus called ?'

No idea. None of the virus checkers I used at that time could detect it.

'And how did you deal with it back then if you can recall.'

I reformatted the hard drive.

Then used a data recovery program to retrieve whatever was left after that.

Then left it alone for several years until I got a new system & new virus checker.

Btw I transferred the virus to a laptop recently. It survives system restore.

I am probably going to nuke the laptop but am holding off doing that, as would prefer to have the virus detected and dealt with.

I could attach images here (after VT-ing them) to display what it does but it wouldn't really add anything to my previous description. Plus for all I know the images themselves may be infected.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84886
  • No support PMs thanks
Re: Malware / virus attacking Paint Shop Pro
« Reply #17 on: January 19, 2009, 02:57:44 PM »
Well the end result, if only (I know, it isn't effecting me) messing with the physical image quality that is saved as you are seeing, then it wouldn't show any sign of virus infection. Which is why I suggested checking some of the files at VT (to basically confirm this) or as I suggested later to view the file with a text editor to see if there is anything say text string to open a and execute a file, etc.

However, I don't think that is likely as that hacking of an image file would certainly ring alarm bells in avast and probably several other AVs. It is this lack of a payload that I find very strange, whilst in the old days (2000) perhaps there were people who only wanted to see just how widely they could spread a piece of malware or announce their so called abilities. Again if that were the case why target paint shop pro with a restricted audience.

So we keep getting back to the how is it determined to be a virus if nothing found it then and nothing finds it now, with none of the usual malware symptoms other than this graphic quality issue (which no doubt makes having that version of PSP worth very little).

So I honestly don't know what else to suggest, perhaps it is time to try a later version of PSP.

System restore is far from perfect and it isn't something I would pin any hopes on as it doesn't monitor all files nor is it a backup tool. I prefer using drive imaging software, that makes and exact copy of the partition, which you can restore.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline normski-

  • Jr. Member
  • **
  • Posts: 25
Re: Malware / virus attacking Paint Shop Pro
« Reply #18 on: January 19, 2009, 06:14:08 PM »
'Well the end result, if only (I know, it isn't effecting me) messing with the physical image quality that is saved as you are seeing, then it wouldn't show any sign of virus infection. '

Evidently not.

'in the old days (2000) perhaps there were people who only wanted to see just how widely they could spread a piece of malware or announce their so called abilities.'

Well it is an old problem dating back to 2001.

'Again if that were the case why target paint shop pro with a restricted audience.' It's just a bit of vandalism as far as I can see, for someone's amusement.

'how is it determined to be a virus if nothing found it then and nothing finds it now'
By its behaviour.
That the diagnostic tools don't know what to look for or where or how to look for it is annoying but irrelevant to its definition as a piece of malware.

'perhaps it is time to try a later version of PSP.'
That's on my list.

Your comments about system restore and drive imaging are appreciated & will be explored.

I'm no expert in this but was hoping I could just send some boffin a series of files which probably contain the virus so they could enjoy cracking it.










Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84886
  • No support PMs thanks
Re: Malware / virus attacking Paint Shop Pro
« Reply #19 on: January 19, 2009, 07:27:36 PM »
I'm sorry to drag this out as it really isn't going anywhere positive, we could talk about this for a long time, but the action of distorting images isn't a symptom of anything that I have come across.

So I'm sorry but there is no clear indication this is malware.

When you are manipulating or creating an image in PSP you could try to see what files are active (task manager cpu%, etc.) as 'if and I think it a big if' this were a virus then it would be that file which needs to be checked out (as I mentioned earlier).

Other tools FileMonitor (filemon.exe) from MS http://technet.microsoft.com/en-us/sysinternals/bb545046.aspx.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Malware / virus attacking Paint Shop Pro
« Reply #20 on: January 19, 2009, 09:28:25 PM »
Sorry to jump in a such long thread now... but did you run on-line scanning?

Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender
The best things in life are free.