Exploit.pdf 9669 Virus

Computer viruses are attacking once again. Another computer virus has been detected in some computers. It’s called Exploit.PDF computer virus or Exploit.PDF 9669 computer virus.

Some computer users say that this computer virus slows down your computer with the mouse usually freezes.

One user said “PDF-9669 seems to be matching most HTML encoded messages on older versions of ClamAV”

Gossamer Threads’ user said:

I’ve seen lots of false positives matching on this signature. At first I
thought somebody was mass-mailing a PDF exploit under lots of different
guises, though it’s definitely a false-positive.

It looks like Exploit.PDF-9669 matches on an empty 0 byte string:

d41d8cd98f00b204e9800998ecf8427e:0:Exploit.PDF-9669

For now I’ve commented out the line in daily.inc/daily.hdb – it’s the last
line in the file in the version that I have, though this is only going to
help until freshclam runs. This really needs to be fixed ASAP, I hate to
think how many systems around the world are hitting on this and blocking
huge amounts of legitimate mail. I’m very suprised that there isn’t some
sort of automated check that is run against a signature release that
ensures that a signature isn’t matching 0 bytes.

Leave a Comment