False positive : JS:Pdfka-gen [Expl]

[mrapi]

Hi,please reanalyze the file attached,Avira Lab report for it shows that is clean,but Avast detect it as JS:Pdfka-gen [Expl]

https://www.virustotal.com/file/05128fb49caaeb3a49f19d1c674239395f42403257e741dc55d9bcbad545c2e1/analysis/1326731619/

Avira Lab report:
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00947588.

We received the following archive files:
File ID    Filename    Size (Byte)    Result
26496057    S1001_nr2_121211.zip    146.37 KB    OK

A listing of files contained inside archives alongside their results can be found below:
File ID    Filename    Size (Byte)    Result
26496058    S1001_nr2_121211.pdf    156.62 KB    CLEAN


Please find a detailed report concerning each individual sample below:
Filename    Result
S1001_nr2_121211.pdf    CLEAN

Thanks!

[polonus]

Maybe you already were infected by this malware, but did not have the Adobe file installed for it yet to wake up the malcode for it to become active. It is a detection for exploit code, in order for the exploit to work it has to be able to exploit a vulnerability in your PDF reader. First trick is that it tries to have you open it, and apparently you did.
Maybe you have to wait for essexboy here to have a look. It could well that some adware brought this malware along. Well wait for him to have a look. With 6 on VT alerting this it sure is no FP,

polonus

[Pondus]

Posting a VT scan wont help unless you also send the file to avast lab.....

[mrapi]

Sample file sent with topic link.

Thanks !

[mrapi]

Hi Pondus,you sent me a personal message but I'm not allowed  to reply to you,
I got : An Error Has Occurred! You are not allowed to send personal messages.

So I answered mailing again to virus@... (link topic in subject)
Thanks

[polonus]

Hi mrapi,

Welcome to the forums. Stay with us and when you have reached 20 postings the PM function will be available to you also. Stay safe and secure,

polonus

[mrapi]

k,thanks for clarifications,file sent to Pondus mailbox

[Pondus]

Sophos lab

SophosLabs has analyzed the submitted file(s) and determined they are not malicious and can safely be authorized.

S1001_nr2_121211.pdf -- can be authorised

Norman lab

S1001_nr2_121211.pdf : Clean!

[mrapi]

What about Avast lab?

Sophos lab

SophosLabs has analyzed the submitted file(s) and determined they are not malicious and can safely be authorized.

S1001_nr2_121211.pdf -- can be authorised

[Sirmer]

Hello,
it will be fixed in next VPS.

[Pondus]

So was it my upload that did it....or    


EDIT: guess it was....just got the mail   

[mrapi]

Hello,good news,thanks !

Hello,
it will be fixed in next VPS.

[mrapi]

Fixed after today update !
Thanks!