Specificially https://en.z-lib.gs/
I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.
Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.
Here is the analysis itself.
I’m starting to panic, please help if you have any advice
Thank you all, you are wonderful people
Check the behavior tab
I think these tabs are meant for experts who know how to interpret a full log. Seems to me like Virostotal uses Acrobat Reader or something to open the files. I’m not an expert on what Acrobat is supposed to do once it runs. Sure, it’s going to do some system calls as every software does. And there is something with internet URLs. Could be some phishink link detection or URL prefetching, that is either part of Acrobat or Virustotal? And Acrobat Reader seems to be calling home to check for updates. That triggers the “low” IDS rule. Everything else is pretty much “NOT FOUND” or “INFO” and tells the story of how Acrobat Reader operates. None of it is flagged or indicated in red text.
I’d treat those PDFs like any other one. Don’t just click on any random link in them, and if the PDF contains a form, don’t enter your private details and submit them unless you’ve verified where that form sends them to. But I doubt that’s happening here.