wonder why alert for suspicious progam c:\Program Files\Adobe\Photoshop 6.0\Phot

[Karen R]

Avast Internet Security
 just checking ...but got a pop up alert for c:\Program Files\Adobe\Photoshop 6.0\Photoshp.exe

the analysis says not enough evidence to identify the file as malware but recommended using in sandbox?

I recently chose the PUP option when full scanning but did not do any scan today when this alert popped up
 I have never gotten alerts about a program before.

is there any reason to not run this photoshop version normally as I always have?

*I just noticed there is no letter "O" in photoshop.exe... is the extension valid for "photoshp.exe"? 

Thank you

[Lisandro]

I think the missing "o" is just an old way to have names 8+3 characters.
It would be safe if you submit the .exe file to www.virustotal.com and post back the results.
Thanks.

[Karen R]

OK thank you
will do

[Karen R]

is this all you need for the Virus Total log (attached)? 

there is also another lengthy additional log.

UPDATE
what is this?

PEiD packer identifier
Armadillo v1.71

from the additional info on VirusTotal log?

[DavidR]

Since this is a relatively old version of photo shop, the file may not have a high prevalence in the avast database, it may also not be digitally signed. The more of the things the autosandbox is looking at the more likely it will recommend running a sandbox check.

Given the VT results and the fact that the autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn't had a definitive detection.

You can use the dropdown selection to have avast open it normally.

[Karen R]

Thank you both for your prompt assistance!

and can I please just ask what that Armadillo packer thing means?

PEiD packer identifier
Armadillo v1.71

[Lisandro]

Seems clean https://www.virustotal.com/file/3e9b62d731fba25f966de28c8791d64e2115a18d5344e299f69dff1696157fcc/analysis/
You can follow David's advices and make an exception in the AutoSandbox settings to exclude that file.

[Karen R]

MANY thanks again !!

[DavidR]

Thank you both for your prompt assistance!

You're welcome.

and can I please just ask what that Armadillo packer thing means?

PEiD packer identifier
Armadillo v1.71

A packer is an method of zipping (archiving) files to make them smaller, so all this it is showing in the additional information is that the file is packed (made smaller) using that packer.

Some packers are more commonly used by malware writers (not necessarily the case for the Armadillo packer) as they can be difficult to unpack to scan for malware. So some consider them suspect just because they use that packer method, but that doesn't mean all files packed in this way are malicious.

[Karen R]

you explain things so well ...

with appreciation
Karen

[DavidR]

No problem, glad I could help.