Jump to content

Checking if I got a virus from a PDF


Go to solution Solved by MKDB,

Recommended Posts

The story:

A friend of mine sent me a PDF, it is supposed to contain a coding challenge (just pictures for the challenge itself and what functionality the project should have). I downloaded it, opened it via browser and it said it couldn't open. He had to redownload the pdf because it was 'corrupted'. Which I know can happen if the file doesn't download correctly. This is a file he got from his school, but as you know, I tend to over worry about viruses which is why I've had many topics here. So I wanted to make sure no spyware or malware or anything like that was in the file just in case.

Notes: I have Malwarebytes Premium

What I have done so far:
I have reinstalled said browser I opened the file on (well repaired it, so it technically redownloaded it)
I have ran a quick scan and a full stystem scan with Malwarebytes Premium (both are below)
Scanned with FRST and attached both to this post
Scanned with Sophos (free) and attached that here
Scanned with your adwcleaner and attached that here as well

Side notes about files:
I have VISUAL CODE STUDIO installed
I have MongoDB installed which is for SQL 
The files with the extension jfif in downloads were images of design mockups that I saved from a friend on twitter.

If needed, I can upload the pdf if you would like to check it

MBytes Premium Quick Scan Results:

Quote

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/28/22
Scan Time: 10:29 AM
Log File: f886b504-de9a-11ec-a02b-18602474c7d4.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55527
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: DESKTOP-53AA4PV\kacie

-Scan Summary-
Scan Type: Quick Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 2906
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Disabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 



MBytes Premium Full Scan Results:

Quote

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/27/22
Scan Time: 8:02 PM
Log File: ea905e06-de21-11ec-8c39-18602474c7d4.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1676
Update Package Version: 1.0.55495
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: DESKTOP-53AA4PV\kacie

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1102624
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 10 hr, 28 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

Edited by kelizabeth
Link to post
Share on other sites

Wanted to update with another scanner

Microsoft Safety Scanner Quick Scan results are attached (I'll do a full scan after I post this)
It found and removed: VirTool:Win32/DefenderTamperingRestore

(I've been through this a few times, so I tried to cover all the bases we usually do)

Forgot to note: It may show two language sets on my scans if it does, one is English and one is Korean. 

Link to post
Share on other sites

Hello @kelizabeth  and  :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

I will guide you along on looking for potential malware. Lets keep these principles as we go along.

  • Searching, detecting and removing malware isn't instantaneous, please be patient. Please stick with me until I give you the "all clear".
  • Only run the tools I guide you to.
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.

 

You logfiles look good, no active malware is visible. 🙂

"VirTool:Win32/DefenderTamperingRestore" is a configuration of the Defender that was not optimal for security, not malware itself. So no need to worry.

 

 

Step 1

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe".
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes.
  • When prompted for scan type, Click on Full scan
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on the Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.  ( e.g. their standard program). You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Note: If you do need to do a File Restore from ESET please follow the directions below

[KB2915] Restore files quarantined by the ESET Online Scanner version 3

https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner

 

 

 

  • Thanks 1
Link to post
Share on other sites

Hello @MKDB! Thank you so much for your help, I truly appreciate it!

I disabled malwarebytes and all other virus protectors as instructed, as well as turned off Microsoft smartscreen on edge, then ran the scan and then turned malwarebytes back on again after.

I have attached the results to this reply, thank you again!

 

scanresults.txt

Link to post
Share on other sites

Good job @kelizabeth.

 

We can use FRST to check windows system files. If there are any problems, those files will be repaired automatically. This may take some minutes, please be patient.

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\kacie\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

Since it's late here in Germany, I'll be back tomorrow.

 

fixlist.txt

  • Thanks 1
Link to post
Share on other sites

  • Solution

Thanks for your feedback @kelizabeth.

Everything seems to be fine here.

 

Thank you for your cooperation, we're done.

 

Final Step

  • Right-Click on FRST64 and choose Rename.
  • Rename FRST64 into Uninstall.
  • Run Uninstall.
  • FRST and it’s files/folders will be deleted.
  • If the tool needs a restart, please make sure you let the system restarts normally.

 

 

A few final recommendations:

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

 

 

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.