I saw this the passage "PDF:UrlMal-inf[trj]. It moved the file to the chest and I deleted the file.
It seems that the pdf was from a spam email that wasn’t in junk yet. But I didn’t open this pdf at all, for some reason avast detected it without me opening or it opened itself? I assume outlook stored a temp of pdf in windowscommunication folder and then moved it to chest asap.
And it seems the popup appeared as soon as the email came in when I compare the time stamps.
There are a few questions that I have.
Why did it pop up even though I didn’t open the PDF file?
How does this work? Like an explanation to why it detected stuff without even opening?
Is it too late and am I infected? Or did avast stop the file when I received the email through outlook?
So if I understand it correctly… Mail app downloads the attachments in to a temp folder and because of that, avast will scan the file and that triggered the alert before it or I could do anything?
But as long as it isn’t opened or used I should be safe?
I assume it could only go wrong if I opened it or clicked the link in it? Like isn’t that the general rule, if I don’t open it, I should be good?
Just kind of a weird how it is formulated, I saw that as URL malware which was embedded on the pdf with some sort of trigger and that I had been activated cuz of the alert
I know this is a risk pdf because it’s from a “PayPal” spam mail. And I am pretty paranoid about that stuff.
So if I understand it correctly... Mail app downloads the attachments in to a temp folder and because of that, avast will scan the file and that triggered the alert before it or I could do anything?
Antivirus programs monitor in realtime [b]EVRYTHING[/b] that goes on in your computer when on
I know this is a risk pdf because it's from a "PayPal" spam mail. And I am pretty paranoid about that stuff.
In this case the pdf.doc or URL itselfe will not infect your computer. However the website that the URL point to may do but in your case i assume it was a URL to a fake PayPal site trying to trick you to give away your PayPal account name/password
I assume it could only go wrong if I opened it or clicked the link in it? Like isn't that the general rule, if I don't open it, I should be good?
In most cases yes but may depend on the malware type/payload
If suspicious you can always upload and scan attachments at VirusTotal before you open >> www.virustotal.com
Note scan date at top right when result show, if old (cashed result, someone have uploaded same file before you) then click the rescan button above the scan date for a fresh updated result
So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL. Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.
I deleted them from the chest, if I’m right, this should delete the file from the pc permanently
So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL.
Possible, depends if the website that the URL point to is infected with something that could jump over to the computer, most likely that would also be detected, avast is usually good at detecting website malware
Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.
Yes
Other AV vendors does it differently, they will let you read the pdf.doc but block the URL when you click it if blacklisted
I deleted them from the chest, if I'm right, this should delete the file from the pc permanently
Yes. Files moved to chest (quarantine) can not harm your computer, they are in virus prison, encrypted by the antivirus program and can not run
When you delete you dont have the option to restore it if it was wrongly detected ( False Positive )
Note that when you delete something in a computer it isn’t actually removed, what you do is telling the operating system that it can overwrite that section on disk anytime it need to use that space
I have the same problem and I was trying to understand where it could come from, thanks for this topic. the wrong pdf come from meilleur videoprojecteur