You may try running the Latest McAfee Getsusp Tool to see if it detects it as a Suspicious/Unknown File/Program. When doing so please remember to add your Email Address under "Preferences" before scanning. Follow up with Malwarebytes (Free) for a second opinion.
Follow the instructions just before Downloading/Installing to keep it free. These Superb Free Tools and more, can be obtained here:
You can upload the File to www.virustotal.com and see what other Anti-Virus engines determine as well.
All the very BEST
McAfee Community Moderator
Moved to Malware Discussion > Home User Assistance > Discussions By Moderator
For better assistance
Hi CatDaddy, Thanks for your quick response. I ran the file in VirusTotal and got a 1/56 detection. TrendMicro was able to flag it.
TrendMicro HEUR_PDFEXP.E 20150216
This PDF document has an invalid cross reference table.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 14 object start declarations and 14 object end declarations.
This PDF document has 3 stream object start declarations and 3 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
Running other tools like Adware and MalwareBytes didn't detect this file as an issue.
Is the invalid cross reference table causing the malware engines to think that the file has a malware?
Or my only alternative is to buy TrendMicro and clean the file with it.
It should have been detected as it's been on McAfee's books for ages now, since 2013 to be exact and listed under a different name: RDN/Downloader.a!ms!0B8762D1E841 | Virus Profile & Definition | McAfee Inc.- However I suppose a new variant may slip by the filters. As Catdaddy had suggested, running the GetSusp tool would be the best method so the labs get hold of it.
Thanks Ex_Brit. Running GetSusp opened a whole new can of worms. It is reporting 68 suspicious files and 27 unknown files but the list doesn't have the .pdf file that caused the issue. The zipfile size is exceeding 10Mb so the tool cant send to labs.
I have uploaded the logfiles only through the tool.
Whoops, that's too bad. Best get a 2nd opinion, try AdwCleaner and Malwarebytes Free, both linked in my signature below, last link.
Note the instructions there on how to keep Malwarebytes free of charge.
Maybe that HEUR_PDFEXP.E file is held in Quarantine? Open SecurityCenter, go to Navigation and scroll down to
Quarantined and Trusted Items and expand those areas.
Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers
Thanks Peter. I ran both Malware byte and AdwCleaner and both didn't report any issue.
The HEUR_PDF.E file is not quarantined. It is still in the same folder as before and hasn't been flagged or quarantined by any of the programs.
In that case is it possible to zip that file only and encrypt it/password-protect it using the word infected ? Then email file to: firstname.lastname@example.org and make the header of the email start with the word FALSE - for example FALSE (possibly): file not detected by McAfee
More instructions here: What To Do When McAfee Detects Software As An Infection - How to Submit To McAfee Labs & Appeal