[CLOSED] Panda cannot remove files from Windows directory. Maybe FP?

[PhilVancWA]

I get several error messages because Panda 16.0.2 with AV updates as of 3/6/2016 18:06 Pacific Time on Win 10 (insider preview) build 14279 treats DNSAPI.dll as a trojan. This causes most things accessing the internet to fail. By excluding this file in both system32 and SysWOW64 everything seems happy. This is definitely a false positive since the dnsapi.dll bits just came from Microsoft and the certificate is correct.

I first saw errors from PSUAMain.exe - Bad Image with C:\WINDOWS\SYSTEM32\DNSAPI.dll error code 0xc0000045.

[FromAporiaToEpoche]

I'm getting this same alert, as well, this morning. Windows 10 Pro Insider Preview, build 14271.rs_release.160218-2310.

I had just updated the machine last Friday and shut it down. This is the first time I've booted it since. Now Firefox crashes at start (every time), Chrome returns DNS_PROBE_FINISHED_NXDOMAIN for all attempts to browse, Internet Explorer returns a generic "This page can't be displayed" error. Only Edge appears to operate normally.

I have attached (in a 7z archive) my Application and System errors from Event Viewer from the last hour (it has been less than that since I booted and first encountered this issue).

One of the errors says that Build 14279 failed to install.

edit: For reference, here is my VirusTotal scan on that file: https://www.virustotal.com/en/file/26ab ... 457331289/

[FromAporiaToEpoche]

liubomirwm, are you also running Windows 10 Insider Preview Build 14271 or 14279? If so, that's all three of us so far.

[jrpaulson]

I am running Windows 10 14279.rs1_release.160229-1700 and am Panda has identified dnsapi.dll as a Trojan, also.
I rolled back to the last release of Windows 10 and dnsapi.dll was ok. Overnight Windows 10 upgraded itself, again, and this morning I am back with the trojan dnsapi.dll.

[GoneToPlaid]

What a coincidence. On Friday, March 4th I was fiddling around in BIOS on my old XP machine. I changed the way hard drives are detected from IDE to ACPI and then booted. That screwed up Win XP. So this morning and after trying all weekend to resolve the issues via System Restore and/or registry hacks to force new hardware detection, this morning I resorted to restoring a backup from December. That fixed everything, or so I thought. Today (March 7) no matter what Firefox hangs for three or so minutes whenever I go to a different URL. It turns out that it really is Panda which is hanging since EVERYTHING is hung (including the systray clock) during these three or so minutes. The other side effect is that the drive C NTFS volume gets corrupted and must be repaired on the next reboot. ESENT shows up in the Windows event logs, but not always. Everything works fine on my restored system EXCEPT when I open Firefox and try to go to any other URL other than the first URL (the home page). So it looks like (for the time being) I will have to exclude dnsapi.dll in Panda.

Also note that Mozilla recently has had issues with their most recent updates. I updated my Firefox to the latest 45 after restoring my XP system. See this Firefox connectivity issue which is related to Firefox 43 and nVidia drivers:

https://support.mozilla.org/en-US/kb/co ... :win7:fx45

If you look at the above URL, the trailing :fx45 would seem to imply that this issue still persists with Firefox 45. I don't know if this is related.

[GoneToPlaid]

Alrighty. I excluded DNSAPI.DLL in System32 on my XP machine, but still noted some slowdown in Firefox. As soon as I turned off Behavioral Blocking in Panda, then Firefox once again became as fast and responsive as what I am normally used to. This was merely some simple and quick tests by going to a few web sites which I know are safe. Thus it would appear that Behavioral Blocking has priority over exclusions when one would think that it should be the other way around. Anyway, I hope that Panda gets the FP for DNSAPI.DLL fixed quickly. Or perhaps the real issue is within either the Behavioral Blocking or Behavioral Analysis engines.

[VirusBuster]

Can you provide a password compressed copy of the wrongly detected dnsapi.dll file?

I was fiddling around in BIOS on my old XP machine. I changed the way hard drives are detected from IDE to ACPI and then booted. That screwed up Win XP.

I guess you mean AHCI instead of ACPI, right?
I also had this problem in my home machine and its related with the disk mode when the windows installation is done. If you change from IDE to AHCI or viceversa after having installed windows, you'll get BSODs
You must change from 3 to 0 the start key for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msahci before changing to AHCI in BIOS

[VirusBuster]

Topic closed due to lack of response
TOPIC CLOSED