Hi
I’ve used PDF Exchange viewer for years so know you are one of the “good guys”.
But, I’ve just downloaded the latest version (2.5 Build 201.0 V5) and as it starts to install, my Kaspersky AV throws a fit telling me there is a “UDS:DangerousObject.Multi.Generic”
It points me to my Documents and settings Temp directory:
local settings\temp\is-7qqi2.tmp\pdfxvwer.tmp
And:
_shfoldr.dll
I very much doubt that this is a real virus (unless one has sneaked in without you knowing!).
Any thoughts? Should I be worried?
Thanks
Skeletal
Installing latest PDF Xchange Viewer shows a virus
Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Paul - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange
-
Skeletal
- User
- Posts: 8
- Joined: Mon Jun 15, 2009 9:05 am
-
Walter-Tracker Supp
- User
- Posts: 381
- Joined: Mon Jun 13, 2011 5:10 pm
Re: Installing latest PDF Xchange Viewer shows a virus
This appears to be the result of heuristic, or other generic, detection, which tries to find and report potentially dangerous objects based on partial matches with true viruses:
http://en.wikipedia.org/wiki/Antivirus_ ... Heuristics
This type of scanning is very prone to false detections, and I would say that there's virtually 100% certainty that this is the case. However, we do take all such reports seriously and are investigating your report with high priority.
http://en.wikipedia.org/wiki/Antivirus_ ... Heuristics
This type of scanning is very prone to false detections, and I would say that there's virtually 100% certainty that this is the case. However, we do take all such reports seriously and are investigating your report with high priority.
-
Ivan - Tracker Software
- Site Admin
- Posts: 3603
- Joined: Thu Jul 08, 2004 10:36 pm
Re: Installing latest PDF Xchange Viewer shows a virus
There are results of testing installer:
https://www.virustotal.com/file/43819bc ... 335458936/
looks like it is clean. Now I will check components of the installer to be 100% sure.
https://www.virustotal.com/file/43819bc ... 335458936/
looks like it is clean. Now I will check components of the installer to be 100% sure.
PDF-XChange Co Ltd. (Project Director)
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
-
Walter-Tracker Supp
- User
- Posts: 381
- Joined: Mon Jun 13, 2011 5:10 pm
Re: Installing latest PDF Xchange Viewer shows a virus
While Ivan is testing this, I would like to report that I have not been able to reproduce the report with the latest version of Kaspersky 2012 (most recent virus definitions), Avira, and MalwareBytes.
This is most likely a false detection by your specific system, or you had something else already on your PC that piggybacked onto the installer (after it was downloaded). Because of the nature of the detection ("Generic") I suspect a false heuristic detection.
This is most likely a false detection by your specific system, or you had something else already on your PC that piggybacked onto the installer (after it was downloaded). Because of the nature of the detection ("Generic") I suspect a false heuristic detection.
-
Skeletal
- User
- Posts: 8
- Joined: Mon Jun 15, 2009 9:05 am
Re: Installing latest PDF Xchange Viewer shows a virus
Ivan: Thank you for your efforts. I’m sure it is clean, but I wonder why Kaspersky moans?
Ah well…I look forward to the results of your next tests.
Walter: Just read your post as I was about to post the above. Now that is interesting. I had assumed that Kaspersky was being a bit too sensitive, but if you’ve actually tried that yourself, and got a different result, then life gets more complicated! Like you I’m using 2012.
For interest, I tried downloading from your site, and also a site mirror. Both downloads cause the alert as I try to install.
I think the heurist argument is probably a good explanation.
I’m being more cautious than usual, because I’m about to recommend your software to someone else, and the last thing I want to do is direct someone to a virus!
Thanks to both.
Skeletal
Ah well…I look forward to the results of your next tests.
Walter: Just read your post as I was about to post the above. Now that is interesting. I had assumed that Kaspersky was being a bit too sensitive, but if you’ve actually tried that yourself, and got a different result, then life gets more complicated! Like you I’m using 2012.
For interest, I tried downloading from your site, and also a site mirror. Both downloads cause the alert as I try to install.
I think the heurist argument is probably a good explanation.
I’m being more cautious than usual, because I’m about to recommend your software to someone else, and the last thing I want to do is direct someone to a virus!
Thanks to both.
Skeletal
-
Paul - PDF-XChange
- Site Admin
- Posts: 7445
- Joined: Wed Mar 25, 2009 10:37 pm
Re: Installing latest PDF Xchange Viewer shows a virus
Hi Skeletal,
I also tried unsuccessfully to reproduce this. I had thought that perhaps it was the Ask Toolbar that Kaspersky was picking up but it allowed me to install that also.
I used Antivirus 2012 not the Internet Security version. Would you like to post a link to the Version of Kaspersky that you used and I'll try again?
regards
I also tried unsuccessfully to reproduce this. I had thought that perhaps it was the Ask Toolbar that Kaspersky was picking up but it allowed me to install that also.
I used Antivirus 2012 not the Internet Security version. Would you like to post a link to the Version of Kaspersky that you used and I'll try again?
regards
Best regards
Paul O'Rorke
PDF-XChange Support
http://www.pdf-xchange.com
Paul O'Rorke
PDF-XChange Support
http://www.pdf-xchange.com
-
Skeletal
- User
- Posts: 8
- Joined: Mon Jun 15, 2009 9:05 am
Re: Installing latest PDF Xchange Viewer shows a virus
Sorry for the delayed reply, I’ve been otherwise occupied.
The mystery deepens. After the various attempts to install PDF viewer, reboots etc. the other day, all making Kaspersky moan about dangerous objects, following a night and a reboot I tried another install. Guess what…Kaspersky didn’t object at all.
AFAIK, the only difference in the state of my computer was the fact I was working on another day…I had already tried rebooting.
So, I’m now in the same state as you guys i.e., no virus reported in the download/installation, just as we would all expect to be honest.
My Kaspersky version, I suspect, is the same as you guys have tried i.e. the very latest, all up to date, 2012, but full fat internet security (rather than just AV).
I think Walter is probably on the right track; for some inexplicable reason, on the fateful day, Kaspersky’s heuristic detection decided that the installer was doing something dodgy.
I’m sorry I sent you guys on a bit of a wild goose chase, but, I’m sure you will agree, getting repeated virus warnings is a bit alarming.
If any good can come from this, I hope that anyone getting to this thread via a Google, will be comforted by the efforts you guys have made in trying to sort out the problem.
Oh, and I’ve forwarded the PDF viewer’s details to the person interested as well.
Once again, thanks to all for your help.
Skeletal
The mystery deepens. After the various attempts to install PDF viewer, reboots etc. the other day, all making Kaspersky moan about dangerous objects, following a night and a reboot I tried another install. Guess what…Kaspersky didn’t object at all.
AFAIK, the only difference in the state of my computer was the fact I was working on another day…I had already tried rebooting.
So, I’m now in the same state as you guys i.e., no virus reported in the download/installation, just as we would all expect to be honest.
My Kaspersky version, I suspect, is the same as you guys have tried i.e. the very latest, all up to date, 2012, but full fat internet security (rather than just AV).
I think Walter is probably on the right track; for some inexplicable reason, on the fateful day, Kaspersky’s heuristic detection decided that the installer was doing something dodgy.
I’m sorry I sent you guys on a bit of a wild goose chase, but, I’m sure you will agree, getting repeated virus warnings is a bit alarming.
If any good can come from this, I hope that anyone getting to this thread via a Google, will be comforted by the efforts you guys have made in trying to sort out the problem.
Oh, and I’ve forwarded the PDF viewer’s details to the person interested as well.
Once again, thanks to all for your help.
Skeletal
-
Stefan - PDF-XChange
- Site Admin
- Posts: 19930
- Joined: Mon Jan 12, 2009 8:07 am
Re: Installing latest PDF Xchange Viewer shows a virus
Hi Skeletal,
Thanks for the kind words, and while it might have been a "wild goose chase" - we do take all such report really seriously and are happy that the Kaspersky at your end (maybe after a silent update) is also "happy" with our installers
Best,
Stefan
Thanks for the kind words, and while it might have been a "wild goose chase" - we do take all such report really seriously and are happy that the Kaspersky at your end (maybe after a silent update) is also "happy" with our installers
Best,
Stefan