My Windows 8 based system is running McAfee Total Protection. It got infected by Heur_pdfexp.e and McAfee Total protection wasn't able to detect it. It was detected when I seen an email with a pdf attachment to my work email and McAfee Eterprise flagged it.
I ran a full scan and still no results. There are no references to this virus in the community or in the virus definitions.
Does anyone know what to do here?
thanks in advance for help.
You may try running the Latest McAfee Getsusp Tool to see if it detects it as a Suspicious/Unknown File/Program. When doing so please remember to add your Email Address under "Preferences" before scanning. Follow up with Malwarebytes (Free) for a second opinion.
Follow the instructions just before Downloading/Installing to keep it free. These Superb Free Tools and more, can be obtained here:
You can upload the File to www.virustotal.com and see what other Anti-Virus engines determine as well.
All the very BEST
McAfee Community Moderator
Hi CatDaddy, Thanks for your quick response. I ran the file in VirusTotal and got a 1/56 detection. TrendMicro was able to flag it.
This PDF document has an invalid cross reference table.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 14 object start declarations and 14 object end declarations.
This PDF document has 3 stream object start declarations and 3 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
Running other tools like Adware and MalwareBytes didn't detect this file as an issue.
Is the invalid cross reference table causing the malware engines to think that the file has a malware?
Or my only alternative is to buy TrendMicro and clean the file with it.
It should have been detected as it's been on McAfee's books for ages now, since 2013 to be exact and listed under a different name: RDN/Downloader.a!ms!0B8762D1E841 | Virus Profile & Definition | McAfee Inc.- However I suppose a new variant may slip by the filters. As Catdaddy had suggested, running the GetSusp tool would be the best method so the labs get hold of it.
Thanks Ex_Brit. Running GetSusp opened a whole new can of worms. It is reporting 68 suspicious files and 27 unknown files but the list doesn't have the .pdf file that caused the issue. The zipfile size is exceeding 10Mb so the tool cant send to labs.
I have uploaded the logfiles only through the tool.
Whoops, that's too bad. Best get a 2nd opinion, try AdwCleaner and Malwarebytes Free, both linked in my signature below, last link.
Note the instructions there on how to keep Malwarebytes free of charge.
Maybe that HEUR_PDFEXP.E file is held in Quarantine? Open SecurityCenter, go to Navigation and scroll down to
Quarantined and Trusted Items and expand those areas.
Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers
Thanks Peter. I ran both Malware byte and AdwCleaner and both didn't report any issue.
The HEUR_PDF.E file is not quarantined. It is still in the same folder as before and hasn't been flagged or quarantined by any of the programs.
In that case is it possible to zip that file only and encrypt it/password-protect it using the word infected ? Then email file to: firstname.lastname@example.org and make the header of the email start with the word FALSE - for example FALSE (possibly): file not detected by McAfee