suddenly old pdf-files are infected with PDF.UrlMal-inf [Trj]

[REDACTED]

Hello,

I did a full-system-scan today (with avast internet security 2015) and it suddenly marked several pdf's from 2012 as infected with PDF.UrlMal-inf [Trj]
All the infected pdf-files are from the same company (they concern my solarpanels, so I would like to keep these pdf's)
For now Avast has put them in quarantine in the Virus Chest.

Would it be safe to recover them ? Or are they really infected ?

Thanks a lot for your help.

[Eddy]

You are using a old(er) version of avast.
Latest final : https://forum.avast.com/index.php?topic=178580.0
Latest beta : https://forum.avast.com/index.php?topic=179386.0

If you believe the detection is a false positive : https://blog.avast.com/tag/false-positive/

[REDACTED]

ok, I have updated Avast programm.
Now I have the new version, but where is the Virus Chest now ?? I cannot find it. So I cannot restore the items and do a new scan with the updated programm..

[Pondus]

I did a full-system-scan today (with avast internet security 2015) and it suddenly marked several pdf's from 2012 as infected with PDF.UrlMal-inf [Trj]

it means pdf file(s) containe Blacklisted URLs ... not 100% sure but i think avast only detect this if links are clickable

[REDACTED]

Never mind, I have found the viruschest. I wil now do a new full-system-scan, perhaps it will give different results.

Anyway, I cannot imagine why the url's that these documents may contain are blacklisted. They are pdf-files from a ligit company

[Pondus]

They are pdf-files from a ligit company

Why should that be an issue?

FBI may send you pdf doc tomorrow containing a URL to some webiste, then one month later that website is hacked and infected and end up on a blacklist ... then nextime you open that pdf it is detected as containing a blacklisted URL

[REDACTED]

OK. So what should I do with these pdf's now ? Should I leave them quarantined?

[Pondus]

OK. So what should I do with these pdf's now ? Should I leave them quarantined?

at the moment yes, if the urls are taken of blacklist detection will be gone and you can restore them
you may right click files in chest and report to avast lab as False Positives -> https://www.avast.com/faq.php?article=AVKB21#artTitle

[Michael (alan1998)]

Can you find all the links, paste them here so we can take a look? Break the links so they aren't clickable by others. Have you already reported them as FP to Avast!? If not, dpi g that may resolve the issue.

@Pondus, that'd be the NSA. They want into iPhones now lol. However, I find the FBI just as untrustworthy

[HonzaZ]

Yup, as others pointed out, this detections flags PDF files if they have a clickable link to a blacklisted URL. I am not sure if we can actually solve the problem without having the PDF(s)
You can send the file for example by using:
- FTP server (post the filename here) (https://www.avast.com/faq.php?article=AVKB160)
- any file hosting (post the link here)

[REDACTED]

Michael, how do I find the url's if I cannot open the pdf-file because it is in the viruschest ?

[mikaelrask]

hey if you want to send the files to avast, you can go into the viruschest and right click on the files in there and click on send to virus lab.

[REDACTED]

ok, thanks I did that now

[HonzaZ]

While the file should be in our system now (or maybe at your next update, depending on your settings), I have no way of finding it, if you do not supply additional data. Could you turn the shields off, restore the file from the chest, upload it to virustotal and post the link to virustotal results here?