Explore related tutorials & articles
9
Replies
The problem with Windows Defender and Security Essentials is they get a relatively high rate of false positives. What you should try is uploading pngquant.exe to
VirusTotal - Free Online Virus, Malware and URL Scanner
That is a free resource that scans individual files with around 50 different virus scanners and shows you the results. If you get a low positive score there then the file is almost certainly safe. I checked my version of pngquant.exe with the Kaspersky application advisor and you can see the result below. As you can see it comes back as trusted. If you are using the very latest version of Photoshop 2017 and have some software to calculate hash values then you should find the MD5 and SHA-1 values for the file agrees with the values listed in green below. If they don't agree then your file has been modified by a third party and could be a 'keylogger' as suggested by Defender. My money though would be on Defender having come up with a false positive. Of course this does assume you are using a legal version of Photoshop downloaded from Adobe, if not then it could be malware, but the hash code will tell you that.
But this file downloaded as I was updating ADOBE? So it had to come from them or how else would it be downloaded?
So what did you do when Defender found the suspect malware? Normally it would quarantine it unless you opted to do something different, so I assume the update didn't get installed? The file is harmless unless you run it, so what I would do is
1) turn Defender temporarily off. That should allow you to take pngquant.exe from the quarantine folder
2) Now upload it to VirusTotal it's only 267KB
VirusTotal - Free Online Virus, Malware and URL Scanner
Run a fresh scan as it will tell you that 'pngquant.exe' has been scanned before. After a minute or so it will give a report like below. When I did it just now 0/61 antivirus programs detected a problem , including Microsoft which might be a worry as your copy disagrees with that.
AdChoices