Solved - False positive by Bitdefender? | PC Help Forum
  1. Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Virus removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
    Dismiss Notice

Solved False positive by Bitdefender?

Discussion in 'Am I Infected?' started by PcGuy34, Dec 19, 2017.

Thread Status:
Not open for further replies.
  1. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
    My PC acquired a virus "Trojan.Ciusky.Gen.13" on December 9, 2017 after I clicked a friend's facebook link. My paid BitDefender program found it not in C drive but another hard drive & I quarantined it. Virus was attached to two old files I had for years, that I scanned through numerous times without any alerts. One file is 7-Zip. Other file is RAR.
    Afterwards, I noticed every image file said .JPG at the end of the filename & every OpenOffice file said .odt at the end of the filename. I fixed that by clicking "Show hidden files, folders and drives" > "Hide extensions for known file types". Then I scanned every drive with BitDefender & all was clean. On December 11, 2017 I scanned all drives with my paid Malwarebytes program & all was clean.
    Today, I went into BitDefender quarantine section. I saw they were files I want to keep so I restored them & quickly scanned the two individual files & the folders they are in with BitDefender twice. Results are clean. Scanned with Malwarebytes twice. Results are clean. Was it a false positive by Bitdefender?
     
  2. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    As we are yet to know the files in question there is a possibility that they may have been suspicious/false positives that the AV provider has since whitelisted. I would suggest you check the files concerned at VirusTotal.

    You also say that you have two paid for AV's, with Bitdefender being one of the very best. I do hope you are not running both with realtime protection together IRRESPECTIVE of what the manufacturer of one says. Apart from the extra computer resources used running both AV's the real problem comes when they both try to take control of a suspect file at the same time.

    Would recommend you run Bitdefender as your first line of defence as realtime protection, and turn Malwarebytes realtime protection off and use it strictly as a second opinion scanner.
     
    PcGuy34 likes this.
  3. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
    Gus, thank you for the VirusTotal site. Sorry for any confusion. BitDefender is my only anti-virus. Malwarebytes is for exploit protection, malware protection, & ransomware protection.
     
  4. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    Pretty much what the paid version of Bitdefender does well:)

    I take it the files scanned clean at VirusTotal?
     
  5. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
    Oh, I thought BitDefender was antivirus only. VirusTotal didn't say if it was clean or not. I don't quite understand how it works there. They have an option for other people to vote yes or no, if it's clean or not.
     
  6. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    Try and follow this guide to check your files at VirusTotal. Both VirusTotal and Jotti provide online scanning using around 50 AV engines. Very handy sites:)

    Can you please got to VirusTotal and follow the instructions below.

    Click on Upload and Scan file.

    [​IMG]

    Using the dialogue box browse your computer to and locate your suspicious file.
    • Click on the file "xxxxx" which will place it in the Virustotal scan container.
    • VirusTotal will then upload the file and start the scanning process.
    • If VirusTotal gives a message that the file has been scanned before, choose to Reanalyse it.
    • Wait till the scan completes, which may take a couple of minutes to finish, depending on the file size.

    [​IMG]

    Can you please copy the Virustotal link from your browser address bar and paste in your next post?:)

    Repeat for the other file.
     
    Last edited: Dec 20, 2017
  7. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
  8. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    Sorry I just noticed that and updated the instructions above, can you repeat the steps for both files please? I can see why that file was looked on as suspicious, 3 extensions??????
     
  9. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
    I deleted the other file. Here's the scan for the file above
    [​IMG]
     
  10. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    Any file with multiple extensions are commonly picked up by security apps, so yeh no problems here:) Suggest you rename the files with only one extension and they should not be picked up again?
     
    PcGuy34 likes this.
  11. PcGuy34

    PcGuy34 PCHF Member PCHF Member

    Joined:
    Nov 6, 2017
    Messages:
    31
    Thank you. It's part of a movie of 8 files. I joined all 8 files & deleted them all. Scanned the joined, complete movie & all is clean :)
     
    gus likes this.
  12. gus

    gus PCHF Administrator Administrator PCHF Donator Security Team

    Joined:
    Jul 19, 2016
    Messages:
    2,458
    Wasn't false positive, just suspicious due to multiple file extensions.

    Looks like you are good to go, will close this thread, and should you require further help with this issue in the future please contact a staff member who will reopen it for you:)
     
    PcGuy34 likes this.
Thread Status:
Not open for further replies.