[quote user="nadevel"]

The version is the latest download 4.62, Aug 11 2011, build 191.[/quote]

The latest version is 4.63 from Jan 2012.  It is a good idea to use the latest - download from here:

http://download-us.pmail.com/w32-463.exe

[quote]I don't use AVG, rather Comodo and Avast.  But no issues there.[/quote]

Plenty of programs use packers to reduce their size - it's not just viruses.  If your machine scans clean, it probably is.

I'm a little paranoid right now because I have just, after five days and nights, mainly in "safe-mode", managed to disinfect my Win 7 computer of a trojan or two after a descending crisis into "blue screen".

One of the useful tools I used is Process Explorer, which apart from showing hooks, shows open applications in different colours and highlighted according to differing criteria.

One form of colour highlighting is:

Highlight Packed Images: malware, including viruses,

spyware, and adware is often stored in a packed encrypted form on disk in order

to attempt to hide the code it contains from antispyware and antivirus.

In the past five days I have undeleted all such suspect applications and since sucessfully downloaded and reinstalled them with no problem.

However, Pegasus still gives me this signal that it may have picked up an infection.  So I "kill" it immediately in Process Explorer.

Which is a different sort of problem because it is my principal emailer and I'm rather lost without it.

I have uninstalled and fresh installed Pegasus several times on a multiply-scanned and theoretically clean system.  Also separated the "MAIL" folder on an unattached disk.

Is it possible that Pegasus has "packed images" (encrypted data) in normal mode?  Could someone verify this for me?

If so, I''ll be content to reinstall it.

Many thanks for any assistance.

Nadia

which virus scanner? I'll look at my own.

Also which version of Pegasus, I'd recommend to redownload it.

Pegasus Mail v4.63 on virus total:

https://www.virustotal.com/en/file/a8dcdff079f9d59858798d9146148e34a73b53ba68f09cf3d34e4c45829ee027/analysis/1370585930/

winpm-32.exe on virus total:

https://www.virustotal.com/en/file/495476b04890b09be4c503899b4ce9eeea1c4f88818bff9f7e76c987d8baeafe/analysis/1370586140/

looks clean, I would recommend redownloading:

http://community.pmail.com/files/5/default.aspx

Or you might have a rootkit or something holding in the background reinfecting. But I'm not sure what program your looking at what.

Hope that helps,

Christy Ganger

[quote user="fancypearl"]

which virus scanner? I'll look at my own.[/quote]

Not a virus scanner but an application called Process Explorer.

http://technet.microsoft.com/en-au/sysinternals/bb896653.aspx

It's an alternative for Windows Explorer.

[quote user="fancypearl"]Also which version of Pegasus, I'd recommend to redownload it.[/quote]

I downloaded from the official David Harris site

Pmail W32-431.exe

[quote user="fancypearl"]Or you might have a rootkit or something holding in the background reinfecting.[/quote]

I did have a rootkit, trojan, whatever, even several. I've cleaned those up (according to Kaspersky, ESET, Avast, MalwareBytes etc)

[quote user="fancypearl"]Hope that helps[/quote]

Thanks. Nadia

As you have not yet answered the versioning questions, this is a wild guess. AVG is reporting false positive problems with packed images. No mention yet of any update to its signature database or program file.

So if you are using AVG, watch their website for possible solution.

Martin 

The version is the latest download 4.62, Aug 11 2011, build 191.

 I don't use AVG, rather Comodo and Avast.  But no issues there.

 I'm using Pegasus again.  I don't think the software is infected.  Perhaps my data from several years back?

Anyway trusting that all is well.

Thanks for your response.

Nadia

winpm-32.exe is displayed as packed image in Process Explorer.

For your convenience/comparison:

$ sigcheck -a -h winpm-32.exe

Sigcheck v1.92 - File version and signature viewer
Copyright (C) 2004-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

Z:\winpm-32.exe:
        Verified:       Signed
        Signing date:   19:50 2011-12-21
        Publisher:      David Harris
        Description:    Pegasus Mail for Windows
        Product:        Pegasus Mail System
        Version:        4.63
        File version:   4.63
        Strong Name:    Unsigned
        Original Name:  WINPM-32.EXE
        Internal Name:  Pegasus Mail for Windows v4.63
        Copyright:      Copyright ⌐ David Harris, 1993-2011, all rights reserved.
        Comments:       n/a
        MD5:    7517DD09E031DF782D4693F3E073270F
        SHA1:   5727B85B683BD68739AAA577C99A305344A31019
        PESHA1: 60B5EBF403BE8F0E7DF1EA697885480D996C0CA2
        SHA256: 495476B04890B09BE4C503899B4CE9EEEA1C4F88818BFF9F7E76C987D8BAEAFE

$