Hi,
A short while ago I just got a warning (from Comodo Firewall) that Java was trying to run pdfupd.exe. I searched around to find out what it was, and looks like serious malware. I was surprised that Avast had not detected it, so I ran a quick scan on my computer and it found nothing. I tried to update Avast and it reported that it was fully up to date. I even did a full scan on the folder that contains pdfupd.exe (…\AppData\Local\Temp) and Avast did not find it.
It is Avast’s opinion that pdfupd.exe is harmless, or is there a problem with Avast?
I am running:
Windows Vista
Avast Program version: 5.0.594
Virus definitions version: 100731-0
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
If multiple VT scanners detect this - Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.
How do I get to the chest to put the malware into it? I used to be able to look at the chest with Avast 4, but I can’t figure out how to get there with the new user interface in version 5. I found settings for the chest, but not the chest itself.
Thanks. I’ve got it added to the chest now, and I used the “Submit to virus lab…” option. However, I was surprised that adding it to the chest did not appear to have removed the file from the AppData\Local\Temp folder. I can still see it there, even if I refresh the folder. I think I should probably move it someplace else, and maybe into a compressed folder. Does Avast have its own copy of the file in the chest, or will moving it prevent it from being sent during Avast’s next update?
Adding to the chest is just copying it to the chest, it isn’t the same as a detection where it removed it from the original location. You have answered your own question as you have been able to submit to virus labs, so it has to be in the chest to do that.
Where did this file come from that you uploaded to VT (A7C0B9550016B225752804A4D9928300919452A1.exe) as it doesn’t match the file name you first mentioned, pdfupd.exe
Once you manually send a file to the chest, either rename the original file or delete it, but note doing either may result in an error message relating to the file not being found (though that shouldn’t stop you from doing it. This is because there is likely to be a registry entry to run this file.
You have to retain the copy in the chest (where it can do no harm) as that may be your only copy if you opt to delete the file in the original location.
@David: I have no idea where the strange file name came from. What I uploaded to VirusTotal was named pdfupd.exe. I just tried it again, and noticed this time that I got a message that said the file was already analyzed. Maybe someone else uploaded the same file (with a matching MD5 hash) under a different name.
Thanks again (to you both) for your help. I was not expecting such a quick response on a Saturday.
