F/P on a .pdf document file

ky331 · 2015-07-20T23:24:54.000Z

Avast definitions 15-07-20-2 is suddenly picking up on an almost 3-year-old document “Sophos_ZeroAccess_Botnet.pdf” as PDF:Url-Mal [Trj].

It is clean according to 54 other anti-virus engine at VirusTotal
https://www.virustotal.com/en/file/71bf30b5ac3436becb41a73aba35d2e88a0580b8193bcceb2ef91ee73d6e50c1/analysis/1437433852/

system · 2015-07-20T23:30:36.000Z

Hi David.

Add it to the virus chest and send it to Avast lab as a F/P.

Regards.

ky331 · 2015-07-20T23:32:36.000Z

Hernan,

I already did that. But figured it couldn’t hurt to report here as well.

system · 2015-07-20T23:34:20.000Z

No harm done really If it is your document, surely it is a F/P.

ky331 · 2015-07-20T23:41:04.000Z

It’s a copy of a technical paper issued by Sophos Labs, dated Sept. 2012, entitled “The ZeroAccess Botnet – Mining and Fraud for Massive Financial Gain”. It’s been sitting in my documents folder ever since I downloaded it. Avast never questioned it until today’s scan.

Milos · 2015-07-21T12:28:37.000Z

Hello,
the PDF contains clickable URL “hxtp://google-updaete.com:8344/”.

Milos

Pondus · 2015-07-21T12:53:44.000Z

https://www.virustotal.com/nb/url/7ef59a7a66ea88b35ccca18103ef7f196879cdc50cf8e78ce6e55156a713c293/analysis/1437482453/

ky331 · 2015-07-21T13:13:06.000Z

Thank you for the explanation.

Announcements