Corel PaintShop Pro spyware?

Topic

New Reply

I recently had a firewall security alert that an external site characterized as ‘known, malicious” had attempted to contact a program on my computer.  That program was “infatica-service-app.exe”.  I looked up Infatica.  It is a Peer business-to-business proxy service.  They feature stealth and wide support for “scraping” system and software usage.

Upon further investigation, I found a Scheduled Task for Infatica that launched whenever the computer was started, as soon as a network connection became available.  But, I also found a registry link between Corel and this Infatica proxy service.

Therefore, I contacted Corel via their technical support to inquire whether their PaingShop Pro installer also installed Infatica proxy software, and if so why was it being contacted by a “known, malicious” actor.  The first response I received asked me to send them a screen shot of the error message.  (?!)  I asked that they reread my inquiry as it was a security-related question and not (necessarily) a Corel software error.

The second reply I received from Corel informed me, “In order to properly assess the circumstances at hand, [we] require a copy of your MSINFO32 report and a WinAudit report from your Windows OS.”  (??!!)  They sent an executable to produce the WinAudit report, and I ran it to produce the report so I could see what it was reporting.  This report is more than 100 pages of very fine print that includes, along with a list of all installed software, includes details on all communications ports.

Here, I have requested security-related information about a Corel program installer with a possible connection to a serious spyware threat.  Corel says that before they can answer that question I must deliver to them comprehensive information on the configuration of my computer system, including all communication port configuration.

I am, of course, working with scant evidence and many assumptions.  But sometimes one has to be cautious.  But in this case Corel appears to me to be acting in a very guilty manner.

Is anyone else aware of a connection between unauthorized installation of Infatica and Corel? 

Any ideas why Corel is responding this way to a security-related question?

 

 

Reply | Quote

Replies

If I were you, I’d uninstall the software, run a full antivirus/malware scan, then do a re install. If you still see Infatica, I’d suggest a full uninstall and find something else.

Corel probably wants a full report on your system to see if you installed something that left your system open to infection. I’m not sure I’d trust Corel with any sensitive info.

 

 

1 user thanked author for this post.

geekdom

Reply | Quote

Upload infatica-service-app.exe to:
https://www.virustotal.com/gui/home/upload

See if it’s flagged as a virus.

You might want to run a virus check on Corel’s installation medium, too.

Corel’s request seems out of line.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

What version of PaintShop Pro do you have?

Reference:
https://en.wikipedia.org/wiki/PaintShop_Pro

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Corel, who acquired Paintshop from its creator, recently sold out to another company.  Under Corel Paintshop initially purchased from their Canadian-based company, payment made to a German company, software sent from Portugal (from memory) and support from the Philippines – who ALWAYS requested  you send a screen shot.  The amout of “stuff” dumped on your system was beyond normal. I liked  Paintshop when I bought it from Jasc – great experience; have used it for many years. I have recently removed it from one computer and am seriously considering removing it from this one. I’ve totally lost all confidence in the product and its owners, whoever they may be.

Reply | Quote

Cee Arr wrote:

Corel, who acquired Paintshop from its creator, recently sold out to another company.  Under Corel Paintshop initially purchased from their Canadian-based company, payment made to a German company, software sent from Portugal (from memory) and support from the Philippines – who ALWAYS requested  you send a screen shot.  The amout of “stuff” dumped on your system was beyond normal. I liked  Paintshop when I bought it from Jasc – great experience; have used it for many years. I have recently removed it from one computer and am seriously considering removing it from this one. I’ve totally lost all confidence in the product and its owners, whoever they may be.

I have been a user of Paint Shop Pro since Jasc version 4. I currently am on Version Corel X7-64. I do know that version X7 has a CorelUpdateHelperTask and a CorelUpdateHelperTaskCore that was used to look for updates. I have had that disabled since 2017. There is also a process that verifies your license status, but I cannot locate it as running, probably since it is so long out of support.

I always found PSP to be far easier to use than Adobe Photoshop, and it fully mey my needs. Now that even the budget version of Photoshop is subscription I will still use the older PSP and current releases of GIMP (open source). GIMP is pretty decent since they improved the bizarre interface and once you get past some of the strange process names, plus it supports my Canon 5DIII and the Canon RAW files, which PSP can be picky about in newer model cameras.

Reply | Quote

I’m still using Paintshop Pro v7.04 (last version by Jasc) because when I tired to upgrade to Paintshop Pro 9 (the Corel version) it installed a Protexis service (PSIService.exe) that did exactly the same thing as your infatica-service-app.exe and I didn’t want it “phoning home” with info about everything I did on my PC!

I suspect the Infatica service is just a newer version of what the Protexis service did and, if so, you “should” be able to disable/remove it without effecting the operation of Paintshop.

Can’t find a link for specific instructions for Infatica, but here’s a link on how to disable Rotexis that may help you track down how it’s hooked into your system and stop it.

https://www.mydigitallife.net/how-to-disable-and-uninstall-protexis-licensing-service-psiservice-exe/

Good luck!

Reply | Quote

I used to be a user of both Corel Photopaint (which, from an artistic perspective I very much loved. I’ve never been able to find a “Watercolour” filter that is anywhere near the same delicate quality), and Paintshop Pro (which was… ok)

I uninstalled Photopaint a LONG while back, after Corel was outed for snooping, and I also stopped using Paintshop Pro when Corel took it over, and now use the Gimp exclusively. As has been mentioned the Gimp’s most recent incarnations are functionally quite sufficient for most hobbyists, and its current interface is not quite so aggressively anti-anything-Windows-like as it once was

Reply | Quote

Just another Forum Poster wrote:

I’m still using Paintshop Pro v7.04 (last version by Jasc) because when I tired to upgrade to Paintshop Pro 9 (the Corel version) it installed a Protexis service (PSIService.exe) that did exactly the same thing as your infatica-service-app.exe and I didn’t want it “phoning home” with info about everything I did on my PC!

Just an update here for users of more recent editions of Paintshop Pro.

I am running several recent Corel applications and have noticed the Protexis service was always running.  It didn’t cause me any problems, so I let it be. Your linked Protexis article inspired me to do a bit of testing…

I used Autoruns by Sysinternals to check my system, and the Protexis service was found in the “Services” tab after running a system scan. So I opened up Windows Services, stopped the Protexis service, and disabled it.

Apparently the service is not needed to run the application after installation has been completed, nor is it necessary to copy a license file anywhere with this version of Paintshop Pro. It started up and ran just fine with Protexis disabled, and I didn’t copy any license files.

I had an updated version of Paintshop Pro 2022 that I hadn’t gotten around to installing, so I gave that a shot. First I uninstalled PSP 2021, the ran the new installer for PSP 2022. The Protexis service was set back to “Automatic”, and was running after the install and authorization! So I stopped the service and disabled it. PSP 2022 starts up and runs just fine without Protexis running!

I suspect that Protexis is just used initially when activating the license key for the first time.

Not sure if this applies to the older versions of PSP, but as far as the last couple, it seems good to go!

Windows 10 Pro 22H2

Reply | Quote

Bill C. wrote:

I have been a user of Paint Shop Pro since Jasc version 4. I currently am on Version Corel X7-64. I do know that version X7 has a CorelUpdateHelperTask and a CorelUpdateHelperTaskCore that was used to look for updates. I have had that disabled since 2017.

As far as CorelUpdateHelper, that seems to get installed any time you run a Corel installer.

I always run the utility Autoruns by Sysinternals to locate anything new that may have been dropped by an installer, and the CUH tasks can be found in the “Scheduled Tasks” tab of Autoruns.

Those CUH tasks are placed in the Windows Task Scheduler. Easy enough to go into Task Scheduler, then find and disable those scheduled tasks.

For example, just today before I ran the installer for Paintshop Pro 2022 I made certain that the CUH tasks were disabled, but there they were again ready to run after the fresh install!

Annoying, but easy enough to disable them…

Windows 10 Pro 22H2

Reply | Quote

I know its a year or more onwards but I have also been asked for detailed info from MSINFO and WINAUDIT files, to help Corel research why PSP23 Pro is performing so poorly (extremely slowly) and slowing the whole PC down, when PSP21 Pro performs wonderfully. I’ve refused to provide it. They will not explain why they need it or what they are looking for.
They know that uninstalling 23 and reinstalling 21, results in all the Laptop performance issues disappearing. Why they need my laptopn details other than the config I’ve provided is a mystery.

Reply | Quote