[CLOSED] Panda cannot remove files from Windows directory. Maybe FP?

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users.
Locked
PhilVancWA
Registered user
Registered user
Posts: 1
Joined: Mon, 07 Mar 2016, 04:12

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by PhilVancWA » Mon, 07 Mar 2016, 04:24

I get several error messages because Panda 16.0.2 with AV updates as of 3/6/2016 18:06 Pacific Time on Win 10 (insider preview) build 14279 treats DNSAPI.dll as a trojan. This causes most things accessing the internet to fail. By excluding this file in both system32 and SysWOW64 everything seems happy. This is definitely a false positive since the dnsapi.dll bits just came from Microsoft and the certificate is correct.

I first saw errors from PSUAMain.exe - Bad Image with C:\WINDOWS\SYSTEM32\DNSAPI.dll error code 0xc0000045.

FromAporiaToEpoche
Registered user
Registered user
Posts: 2
Joined: Mon, 07 Mar 2016, 08:20

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by FromAporiaToEpoche » Mon, 07 Mar 2016, 08:45

I'm getting this same alert, as well, this morning. Windows 10 Pro Insider Preview, build 14271.rs_release.160218-2310.

I had just updated the machine last Friday and shut it down. This is the first time I've booted it since. Now Firefox crashes at start (every time), Chrome returns DNS_PROBE_FINISHED_NXDOMAIN for all attempts to browse, Internet Explorer returns a generic "This page can't be displayed" error. Only Edge appears to operate normally.

I have attached (in a 7z archive) my Application and System errors from Event Viewer from the last hour (it has been less than that since I booted and first encountered this issue).

One of the errors says that Build 14279 failed to install.

edit: For reference, here is my VirusTotal scan on that file: https://www.virustotal.com/en/file/26ab ... 457331289/
Attachments
logs.7z
(4.73 KiB) Downloaded 211 times
Last edited by FromAporiaToEpoche on Mon, 07 Mar 2016, 08:54, edited 1 time in total.

FromAporiaToEpoche
Registered user
Registered user
Posts: 2
Joined: Mon, 07 Mar 2016, 08:20

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by FromAporiaToEpoche » Mon, 07 Mar 2016, 08:53

liubomirwm, are you also running Windows 10 Insider Preview Build 14271 or 14279? If so, that's all three of us so far.

jrpaulson
Registered user
Registered user
Posts: 1
Joined: Mon, 07 Mar 2016, 14:50

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by jrpaulson » Mon, 07 Mar 2016, 15:00

I am running Windows 10 14279.rs1_release.160229-1700 and am Panda has identified dnsapi.dll as a Trojan, also.
I rolled back to the last release of Windows 10 and dnsapi.dll was ok. Overnight Windows 10 upgraded itself, again, and this morning I am back with the trojan dnsapi.dll.

User avatar
GoneToPlaid
Registered user
Registered user
Posts: 56
Joined: Fri, 13 Jun 2014, 06:56

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by GoneToPlaid » Wed, 09 Mar 2016, 08:19

What a coincidence. On Friday, March 4th I was fiddling around in BIOS on my old XP machine. I changed the way hard drives are detected from IDE to ACPI and then booted. That screwed up Win XP. So this morning and after trying all weekend to resolve the issues via System Restore and/or registry hacks to force new hardware detection, this morning I resorted to restoring a backup from December. That fixed everything, or so I thought. Today (March 7) no matter what Firefox hangs for three or so minutes whenever I go to a different URL. It turns out that it really is Panda which is hanging since EVERYTHING is hung (including the systray clock) during these three or so minutes. The other side effect is that the drive C NTFS volume gets corrupted and must be repaired on the next reboot. ESENT shows up in the Windows event logs, but not always. Everything works fine on my restored system EXCEPT when I open Firefox and try to go to any other URL other than the first URL (the home page). So it looks like (for the time being) I will have to exclude dnsapi.dll in Panda.

Also note that Mozilla recently has had issues with their most recent updates. I updated my Firefox to the latest 45 after restoring my XP system. See this Firefox connectivity issue which is related to Firefox 43 and nVidia drivers:

https://support.mozilla.org/en-US/kb/co ... :win7:fx45

If you look at the above URL, the trailing :fx45 would seem to imply that this issue still persists with Firefox 45. I don't know if this is related.

User avatar
GoneToPlaid
Registered user
Registered user
Posts: 56
Joined: Fri, 13 Jun 2014, 06:56

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by GoneToPlaid » Wed, 09 Mar 2016, 08:56

Alrighty. I excluded DNSAPI.DLL in System32 on my XP machine, but still noted some slowdown in Firefox. As soon as I turned off Behavioral Blocking in Panda, then Firefox once again became as fast and responsive as what I am normally used to. This was merely some simple and quick tests by going to a few web sites which I know are safe. Thus it would appear that Behavioral Blocking has priority over exclusions when one would think that it should be the other way around. Anyway, I hope that Panda gets the FP for DNSAPI.DLL fixed quickly. Or perhaps the real issue is within either the Behavioral Blocking or Behavioral Analysis engines.

User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by VirusBuster » Thu, 10 Mar 2016, 17:01

Can you provide a password compressed copy of the wrongly detected dnsapi.dll file?
GoneToPlaid wrote:I was fiddling around in BIOS on my old XP machine. I changed the way hard drives are detected from IDE to ACPI and then booted. That screwed up Win XP.
I guess you mean AHCI instead of ACPI, right?
I also had this problem in my home machine and its related with the disk mode when the windows installation is done. If you change from IDE to AHCI or viceversa after having installed windows, you'll get BSODs
You must change from 3 to 0 the start key for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msahci before changing to AHCI in BIOS
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them

User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda cannot remove files from Windows directory. Maybe FP?

Post by VirusBuster » Thu, 24 Mar 2016, 11:26

Topic closed due to lack of response
TOPIC CLOSED
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them

Locked

Return to “Virus - Archive Issues”