Nuance PDF converter and PDF virus

March 7, 2011 at 22:55:37
Specs: Windows XP

What is Luhe.Exploit PDF B?
My antivirus "AVG 2011 Free" is reporting that all of my PDF files are infected with this. However, when I google the Luhe.Exploit PDF B, I don't find any match.

What gives?


See More: Nuance PDF converter and PDF virus

Report •


#1
March 8, 2011 at 00:34:47

Hi,
http://vil.nai.com/vil/content/v_14...

Download and run the following, in this order:
Rkill: http://www.bleepingcomputer.com/for...

TDSSkiller: http://support.kaspersky.com/viruse...

Malwarebytes: http://www.malwarebytes.org/ (update and run a full scan, removing all that it finds.

HitmanPro3.5: http://download.cnet.com/Hitman-Pro...

If there still a problem run the first three in safe mode.


Report •

#2
March 8, 2011 at 02:26:00

AVG just found this on all my pdfs - since the exploid is from 2008 and you had your alarm yesterday I start thinking that this is a failure in the last update of AVGs signature base

I ran ESET from another computer over the shared folder with "infected" pdfs and it found nothing


Report •

#3
March 8, 2011 at 04:04:33

Hi guys, I have the same problem here: my AVG reports the same "luhe.exploit.pdf.B" virus. Anything new ? If it is an AVG mistake as you mention, how can I confirm that it is indeed a mistake by AVG ?

I am not a very good computer user, actually I am almost a computer illiterate...
So, thank you for any info coming from you, dear computer literates. I will keep an eye on this forum in case there are new developments abreast.

Have a great day,
SM Traducciones.


Report •

Related Solutions

#4
March 8, 2011 at 04:22:16

Would you advise to destroy the infected files ??

Report •

#5
March 8, 2011 at 07:09:04

I'm in the same boat as the rest of you. Yesterday AVG popped up with a warning about Found: Luhe.Exploit.PDF.B. It has affected 553 of my PDF files. I posted on the AVG forum last night.

I got an email from:

Jaroslav Nix
Core Development Team
AVG Technologies CZ, s.r.o.
Holandska 4, 639 00 Brno, CZ
Tel.: +420 549 524 011
Fax.: +420 549 524 073
Email: jaroslav.nix@avg.com
www.avg.com

The email said:

we have noticed your report about infection Luhe.Exploit.PDF.B on the AVG free forum:
http://forums.avg.com/ww-en/avg-fre...

Could you please send us couple of detected PDF files. Please ZIP them with some password and send the archive file together with the password to my email address. You can also upload the file to our FTP server and send me just the name of uploaded file.
http://www.avg.com/ww-en/faq?num=2713

Thank you in advance,

My response is "oh crap!" My infected PDF files are in the Virus Vault. Does anyone know if I will be able to "clean" these files or if I will ultimately have to destroy them?


Report •

#6
March 8, 2011 at 07:29:25

The latest from the guys at AVG as of 7:28 am PDT on March 8, 2011:

My excuse once more, the fixed virus definition update is not yet released. It's going to be release in couple of minutes/hours. You understand well, but please wait with the restoration of PDF files untill your AVG (virus definitions) will be updated to version 1498/3491.

Thank you and once more sorry for these inconveniences.

So, it appears that help is on its way!


Report •

#7
March 8, 2011 at 07:52:52

Tempoary cock up at AVG.
Patch being prepared

Before you go any further and run the risk of loosing data click AVG on your start up menu.

Then under the sub headings click user interface.

If you are using AVG 2011 you should get about 14 little shields with green ticks through them.

Double Click on the Resident Shield icon (on mine this icon is 2nd row 2nd column)

Locate "advanced AVG setting" and double click. You will then get a menu with lots of tick boxes. You simply need to click the enable resident shield tick box to disable the shield.

This will allow you to use your PDF converter without havign the scanner thinking that it is a threat to you computer. The next patch should sort this out but who knows when this will come out so you are best off looking at the AVG website for information on the patch.

Dont forget that once the patch is avialable you may still need to reverse the disabling process.

Rhys Brookes


Report •

#8
March 8, 2011 at 08:45:36

Wife just called said she is getting the same mesage on her laptop (has AVG 2011 on it). It was opening PDF doc's last night just fine. My work laptop, with Semantec/Norton AV is posting no such errors.

Report •

#9
March 8, 2011 at 09:03:18

Just updated manually - came up with version 1497/3491. Is this the patch required, or just progress towards it ?

Report •

#10
March 8, 2011 at 09:30:20

In the email to me, the AVG rep said:

You understand well, but please wait with the restoration of PDF files untill your AVG (virus definitions) will be updated to version 1498/3491.

So, maybe you won't get the pop up anymore, but I'm going to hold off on trying to restore the PDF files that were sent to my Virus Vault.


Report •

#11
March 8, 2011 at 13:41:02

So is their a fix

Report •

#12
March 8, 2011 at 14:00:43

Its called "patience" wait for the patch to be released and it will all be fine again. Until then don't delete your pdf's.

Report •

#13
March 8, 2011 at 16:54:03

is it working with 1497/3492?

Report •

#14
March 9, 2011 at 05:35:15

Once they did1497/3492, I felt safe in restoring my 553 PDF files that were in Virus Vault. I did a new scan and one file was still sent to Virus Vault. The infection description was "Found Luhe.Exploit.PDF.CVE-20..." I saw this morning that they were now on to 1497/3493 so I'm running a whole computer scan now and so far it looks like everything is back to normal.

Report •

#15
March 9, 2011 at 07:54:36

they just pushed down another, it is 1497/3494... no issues so far.

Report •

#16
March 25, 2011 at 19:35:42

do i literally go to all those websites and download them...will they harm my computer at all?
Kate in Iowa

Report •


Ask Question