obsence

Yes again, it has malicious intent, the FILE ITSELF is NOT malicious. If by definition a Trojan can be anything that has malicious intent, then I think a lot of files can be misinterpreted as harmful even if they are not BY THEMSELVES but only as a vehicle to the virus. This can lead to a lot of time lost in researching the file by non expert users like me who might think they actually got something. Wouldn't it be better to mark is as not-a-virus warning and/or quarantine them? I'm not expert enough, I just think that if the definition is applied correctly it is misleading by nature for less knowledgeable people like me. Thanks again, I will mark this as solved.

Then I'm sorry to disturb you but why does ESET flag it as A Trojan if it doesn't do anything? Does it mean it is 100% harmless and it is just flagged as suspicious because it can lead to a malware? Thanks for the replies!

Yes, I actually did all that, I had the PDF file and the (fake 750MB) big file on my desktop, I realized it WAY too late, but I didn't open the .scr file once I saw I did dumb stuff. I'm left with verifying if the PDF ALONE was dangerous or not. The details in the post are about the PDF alone and the Trojan itself would (?) be in that PDF. It says something about Acrobat, I don't know how PDF viruses work, in any way I opened it only on Firefox and not in other PDF readers (in case this is useful). This happened before the PDF was detected, I then thought everything else was safe (again, it was DUMB to assume). Is the PDF alone dangerous?

------------------------------------------------------------------- TOO LONG DIDN'T READ I opened a PDF that was then detected as a Trojan Downloader, I don't know how it works or what is needed to be triggered, I opened with Firefox so this might have disabled macros? It has something about Acrobat so maybe it assumes Acrobat to be triggered... I hope for this. Here is the Virus Total information: https://www.virustotal.com/gui/file/7eac6a51a7113f614aa37b2bdc4dd71690d35ac3a599a23ddde153fe0ff18cd6?nocache=1 I don't know if I have the virus or if I have to do something with Registry since it seems it modified something... I'm a rookie and a programmer which makes this even more embarassing, take what I say with a grain of salt and sorry for the mistakes. ------------------------------------------------------------------- DETAILED STORY Premiss Context: I was contacted for a job offer to my business email, so it seemed legit, searching for the domain unfortunately popped up a result that was in line with my expectations and I went ahead, I know this was bad practice, I will not repeat the same error. What did I do? I downloaded and opened an Infected PDF via Firefox, this was from an email and I didn't know PDFs could trigger or be viruses. The "bigger" virus was a redline stealer, but I didn't open it and deleted it immediately. Once I realized what it was I deleted everything, but ESET complete scan still detected a Trojan Downloader in the Recycle Bin folder that actually was the PDF (I cleaned everything also from there before, not sure why it would still be there). I guess the hackers target specific people and want backdoor access, to then activate the redline stealer or maybe use the computer in some other way. QUESTION 1: Now in the next section, you will see "Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal" does this mean the virus needs Acrobat to be triggered and so opening it via Firefox was safe or safer? More juice - Thecnical Information This is what was inside the PDF, via Virus Total: We can see something strange, but this part is far above my knowledge. What now? I run a full scan and ESET still sees the PDF in the recycle bin, now it says it deleted it. QUESTION 2: What do I do now? QUESTION 3: Do I need to worry for those Registry changes or are they just meaningless if there is no virus going around? I would like to apologize for my poor knowledge, I learned this in these days of virus rabbit hole around internet, thanks for the help!