When I scanned my computer today this popped up JS:Pdkfa-gen [expl] in Users:Appdata\local\temp\plugtmp-2\plugin-willlookthis.pdf file.

I tried googling the pdf to figure it out if it was something I downloaded.But couldnt find anything.

I searched the forum n saw some mention of this issue but not involving pdf files.

Does anybody have any ideas on what I should ,if it’s a possible false negative? .

What avast version are you using 4.8 or 5.0 ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

• avast4 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
• avast5 - Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect* That will stop the File System Shield scanning any file you put in that folder.

Heya David,Avast 4.8

Did what you said. here’s the scan results

http://www.virustotal.com/analisis/e3fabd43850b7c08d98d3222469b2a3f188b73d87f94d599393e6fa9001dba1b-1264565636

I wonder how come avast! isn’t one of the scanners at VirusTotal any more.

Funny I didn’t notice that.

Well there are certainly enough detections there to consider it at least suspect. So I would suggest that you send the sample to avast for further analysis as a possible false positive (though possibly not):

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and possible false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Well there are currently only 37 scanners where there was 41, so it looks like some maintenance going on. In the case of avast! perhaps they are getting ready to use avast5’s virus engine, etc.

Thanks David.I did the second option n it should be send to Alwil in the next update.So I guess I should wait two weeks now n see my computer acts weird at all.If not then just delete it right?

Do a manual iAVS Update and it will upload it as a part of the update process.

No, deletion is only after investigation and or a few weeks. Since we have started the investigation process it should be followed through and if confirmed a good detection or not act on that. Periodically scan the file from inside Chest, after VPS updates, when it is no longer detected you can restore the file/ to their original location/s. If it continues to be detected then after a few weeks (long enough for any analysis of a possible FP and correction in a VPS Update, then deletion from the chest.