Author Topic: Need advice about PDF:UrlMal-inf[trj]  (Read 3051 times)

0 Members and 1 Guest are viewing this topic.

Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Need advice about PDF:UrlMal-inf[trj]
« on: April 28, 2020, 11:14:27 PM »
Hello,

I saw this the passage "PDF:UrlMal-inf[trj]. It moved the file to the chest and I deleted the file.

It seems that the pdf was from a spam email that wasn't in junk yet. But I didn't open this pdf at all, for some reason avast detected it without me opening or it opened itself? I assume outlook stored a temp of pdf in windowscommunication folder and then moved it to chest asap.
And it seems the popup appeared as soon as the email came in when I compare the time stamps.

There are a few questions that I have.

- Why did it pop up even though I didn't open the PDF file?

- How does this work? Like an explanation to why it detected stuff without even opening?

- Is it too late and am I infected? Or did avast stop the file when I received the email through outlook?
« Last Edit: April 28, 2020, 11:16:23 PM by Zoart666 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #1 on: April 29, 2020, 12:34:52 AM »
Quote
- Why did it pop up even though I didn't open the PDF file?

- How does this work? Like an explanation to why it detected stuff without even opening?
Antivirus programs scan incoming mail/attachments


Quote
- Is it too late and am I infected? Or did avast stop the file when I received the email through outlook?
You are not infected and the pdf.doc was not infected

PDF:UrlMal-inf [trj] = a pdf.doc that containe a URL blacklisted by avast




Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #2 on: April 29, 2020, 07:40:28 AM »
Quote
- Why did it pop up even though I didn't open the PDF file?

- How does this work? Like an explanation to why it detected stuff without even opening?
Antivirus programs scan incoming mail/attachments


Quote
- Is it too late and am I infected? Or did avast stop the file when I received the email through outlook?
You are not infected and the pdf.doc was not infected

PDF:UrlMal-inf [trj] = a pdf.doc that containe a URL blacklisted by avast

So if I understand it correctly... Mail app downloads the attachments in to a temp folder and because of that, avast will scan the file and that triggered the alert before it or I could do anything?

But as long as it isn't opened or used I should be safe?
I assume it could only go wrong if I opened it or clicked the link in it? Like isn't that the general rule, if I don't open it, I should be good?

Just kind of a weird how it is formulated, I saw that as URL malware which was embedded on the pdf with some sort of trigger and that I had been activated cuz of the alert

I know this is a risk pdf because it's from a "PayPal" spam mail. And I am pretty paranoid about that stuff.
« Last Edit: April 29, 2020, 08:24:43 AM by Zoart666 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #3 on: April 29, 2020, 08:29:48 AM »
Quote
So if I understand it correctly... Mail app downloads the attachments in to a temp folder and because of that, avast will scan the file and that triggered the alert before it or I could do anything?
Antivirus programs monitor in realtime EVRYTHING that goes on in your computer when on


Quote
I know this is a risk pdf because it's from a "PayPal" spam mail. And I am pretty paranoid about that stuff.
In this case the pdf.doc or URL itselfe will not infect your computer. However the website that the URL point to may do but in your case i assume it was a URL to a fake PayPal site trying to trick you to give away your PayPal account name/password


Quote
I assume it could only go wrong if I opened it or clicked the link in it? Like isn't that the general rule, if I don't open it, I should be good?
In most cases yes but may depend on the malware type/payload


If suspicious you can always upload and scan attachments at VirusTotal before you open  >>  www.virustotal.com
Note scan date at top right when result show, if old (cashed result, someone have uploaded same file before you) then click the rescan button above the scan date for a fresh updated result








« Last Edit: April 29, 2020, 10:41:11 AM by Pondus »

Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #4 on: April 29, 2020, 11:27:51 AM »
Quote
So if I understand it correctly... Mail app downloads the attachments in to a temp folder and because of that, avast will scan the file and that triggered the alert before it or I could do anything?
Antivirus programs monitor in realtime EVRYTHING that goes on in your computer when on


Quote
I know this is a risk pdf because it's from a "PayPal" spam mail. And I am pretty paranoid about that stuff.
In this case the pdf.doc or URL itselfe will not infect your computer. However the website that the URL point to may do but in your case i assume it was a URL to a fake PayPal site trying to trick you to give away your PayPal account name/password


Quote
I assume it could only go wrong if I opened it or clicked the link in it? Like isn't that the general rule, if I don't open it, I should be good?
In most cases yes but may depend on the malware type/payload


If suspicious you can always upload and scan attachments at VirusTotal before you open  >>  www.virustotal.com
Note scan date at top right when result show, if old (cashed result, someone have uploaded same file before you) then click the rescan button above the scan date for a fresh updated result

So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL. Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.

I deleted them from the chest, if I'm right, this should delete the file from the pc permanently

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #5 on: April 29, 2020, 12:01:53 PM »
Quote
So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL.
Possible, depends if the website that the URL point to is infected with something that could jump over to the computer, most likely that would also be detected, avast is usually good at detecting website malware


Quote
Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.
Yes
Other AV vendors does it differently, they will let you read the pdf.doc but block the URL when you click it if blacklisted


Quote
I deleted them from the chest, if I'm right, this should delete the file from the pc permanently
Yes. Files moved to chest (quarantine) can not harm your computer, they are in virus prison, encrypted by the antivirus program and can not run

When you delete you dont have the option to restore it if it was wrongly detected ( False Positive )



Note that when you delete something in a computer it isn't actually removed, what you do is telling the operating system that it can overwrite that section on disk anytime it need to use that space





« Last Edit: April 29, 2020, 12:29:03 PM by Pondus »

Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #6 on: April 29, 2020, 12:43:55 PM »
Quote
So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL.
Possible, depends if the website that the URL point to is infected with something that could jump over to the computer, most likely that would also be detected, avast is usually good at detecting website malware


Quote
Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.
Yes
Other AV vendors does it differently, they will let you read the pdf.doc but block the URL when you click it if blacklisted


Quote
I deleted them from the chest, if I'm right, this should delete the file from the pc permanently
Yes. Files moved to chest (quarantine) can not harm your computer, they are in virus prison, encrypted by the antivirus program and can not run

When you delete you dont have the option to restore it if it was wrongly detected ( False Positive )



Note that when you delete something in a computer it isn't actually removed, what you do is telling the operating system that it can overwrite that section on disk anytime it need to use that space

Again, thanks for your time.

I think that answered my questions and put me at ease.

Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #7 on: April 29, 2020, 06:36:06 PM »
Quote
So in short if I understand correctly, nothing has been infected, would have been the case if I opened the URL.
Possible, depends if the website that the URL point to is infected with something that could jump over to the computer, most likely that would also be detected, avast is usually good at detecting website malware


Quote
Avast detected the URL because it was blacklisted and in prevention of sorts put it in the chest.
Yes
Other AV vendors does it differently, they will let you read the pdf.doc but block the URL when you click it if blacklisted


Quote
I deleted them from the chest, if I'm right, this should delete the file from the pc permanently
Yes. Files moved to chest (quarantine) can not harm your computer, they are in virus prison, encrypted by the antivirus program and can not run

When you delete you dont have the option to restore it if it was wrongly detected ( False Positive )



Note that when you delete something in a computer it isn't actually removed, what you do is telling the operating system that it can overwrite that section on disk anytime it need to use that space

One more dumb question. For example in this case, if avast wanted to detect the url, wouldn't it need to open it somehow? Or how does it exactly work?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #8 on: April 29, 2020, 06:52:34 PM »
It is scanning the pdf.doc and will see the URL inside ... the url will be part of the program code that make up the pdf




« Last Edit: April 29, 2020, 07:33:13 PM by Pondus »

Offline Zoart666

  • Jr. Member
  • **
  • Posts: 96
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #9 on: April 30, 2020, 09:58:37 PM »
It is scanning the pdf.doc and will see the URL inside ... the url will be part of the program code that make up the pdf

I see, so it scans the code

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #10 on: April 30, 2020, 10:45:05 PM »
It is scanning the pdf.doc and will see the URL inside ... the url will be part of the program code that make up the pdf

I see, so it scans the code
Evrything inside the computer is program code, including the program that scan the code    ;)


Offline kiproto

  • Newbie
  • *
  • Posts: 1
Re: Need advice about PDF:UrlMal-inf[trj]
« Reply #11 on: May 04, 2020, 05:44:13 PM »
I have the same problem and I was trying to understand where it could come from, thanks for this topic. the wrong pdf come from meilleur videoprojecteur
« Last Edit: May 06, 2020, 02:06:40 PM by kiproto »