Bitdefender Antivirus Free - English GUI

Discussion in 'other anti-virus software' started by PaulBB, Dec 23, 2012.

  1. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Nope. Just MBAE Free perpetual beta (real-time exploit defense). Latest build available here: https://www.malwarebytes.com/antiexploit/

    The free beta link is reached by clicking on the "Go to Forums" link... the latest updates are always listed here.
     
    Last edited: May 10, 2017
  2. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,007
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Agreed. Very annoying! It's been like this for ages.
     
  4. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Maybe it's a Win10 thing. I don't have any issues using BD on Win7 ...
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    I received this answer from Bitdefender support regarding the Windows Security Center warning;

    Hi shadek,

    It is possible for Windows to display this message if it checks while Bitdefender is still downloading or installing an update. You can ignore it as Bitdefender will make sure it updates when it needs.
    As long as the Events don't indicate an update error you're good to go.

    Best regards,
    Andrei Cimpeanu
    Technical Support Team Leader


    The notification is benign and I can confirm that it disappear as soon as Bitdefender successfully update itself automatically.
     
  6. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,157
    Please ignore all bugs in Bitdefender, as long as your computer isn't infected it's no problem. :D
     
  7. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Came across a probable malware which was not detected by bf which is rare.

    http://imgur.com/a/0nZOL

    It then proceeded to download a file named "Chrome_59.3.8.1.js".

    There are only 4 detections on virustotal as of today. How do I report it to bf so they can analyse it?

    Edit: Never mind I found it. Submitted to multiple av vendors and ms.
     
    Last edited: May 22, 2017
  8. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,081
  9. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    711
    Location:
    Baden Germany
    BD-free-2016 auto updated to 1.0.8.8
     
  10. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
  11. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,081
    Possible false positive. Virus total now only shows 2 detections. None now from Trend Micro.
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,108
    More than likely it is. One of the two products detecting it is Rising, which has major issues with false positives.
     
  13. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    but still it has to be something shady.. look at the analysis https://www.hybrid-analysis.com/sam...00304c53d061f296e37a69656a6?environmentId=100.

    The method by which it downloaded itself was shady showing me a false update chrome screen and downloading a file off dropbox.
     
  14. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,081
    Maybe Trend sees the .js file as okay but the issue is the payload on dropbox.
     
  15. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Whatever it was I will get a report from bf within 72 hrs. Unable to track my submission on MS I do not know why, but I guess virustotal should be able to provide the progress with my various reports in the coming days.
     
  16. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Well this is disappointing.. opened a friend's usb drive and sure enough there were 2 weird executables there. Didn't autoplay...didn't click on them Bf detected one and then I could no longer see the hidden executables. I though they were deleted but nope it has seemingly successfully infected my computer, I can no longer enable the show hidden files option like effing windows xp days and after all this time. Damn I miss applocker :( Now what do I do?
    Guess I will restore from a system backup. Damn.
     
  17. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,108
    Since you didn't open the files, then I highly doubt your system is infected.
     
  18. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,478
    This is just a suggestion for the future, for third party USB drives and flash drives it is better to plug them in sandboxed (with Sandboxie free or paid) even better on a virtual volume (Shadow Defender), I would never trust any AV as a first line of defense... I's good you have an image to restore.
     
  19. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Yeah you're right. I don't think it was able to fully infect the system since other avs don't detect anything on the computer but some part of it was able to run since my show hidden files option is disabled. Dont see anything in autoruns or procexp.. Guess I was blinded by the "windows 10 is the most secure version of windows ye"t deal.


    It is a sort of partial infection if it is indeed possible since my show hidden files option has been disabled.
     
  20. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    I restarted and the hidden items could be enabled once again without my doing anything. It seems bf cured it as soon as it started to run. I will restore still just in case. Lesson learnt again after a long time.
     
  21. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,108
    Since you didn't launch any of the files yourself, then really nothing should have run as they won't run by themselves. Bitdefender scanned the files when you opened the folder in Explorer, and detected and quarantined the infected file. With most antiviruses, just opening a folder in Explorer, leads to the folder being scanned.
     
  22. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    I understand that is the on access scanner working...

    Now that i am replaying the events in my mind, i think the problem started when the icon of the file was displayed in explorer. I tried to upload one file to virustotal since i was receiving no notifications from bf (only a generic exe icon was being displayed up until that point).. in order for it to be uploaded it had to be added to exclusions, and thats when its icon displayed and subsequently i noticed I didn't see the hidden folders and files anymore but i also started receiving notifications of blocked threats from bf at that point.

    Curiosity did nearly kill this cat apparently.

    The executable having gained access to the registry leads me to believe it exploited some vulnerability in explorer while it was generating the icon for the file.
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,108
    But if can't gain access to the registry unless you manually run it.
     
  24. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    That's what I'm trying to say, I did not explicitly run the file, but if it still managed to change the hidden file policy when I had excluded it in order to upload to virustotal, there has to be some vulnerability which it exploited in explorer when it displayed the icon for the file. Else how did it manage to change these settings without being run on simply uploading it to virustotal through chrome?
     
  25. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Now detection has risen to 8... ironically none from the vendors that I submitted the file to (MS, avast, bf, avira)...
     
Loading...