BD continually detects PUP (Venus.Cynthia. . . . ) in DropBox.cache

Bitdefender Total Security has started continually notifying me of a "Potentially Unwanted Program" in my DropBox.cache\new files directory.

Two of the malwares detected are 1) Gen:Application.Venus.Cynthia.Amifl.13buY@am!tBBk  and 2) Venus.Cynthia.Donquijote.8auX@aer1sOl

Two of the file names are 1) a923c15245f51a38b37d01d3e6aab030   and 2) 985179de1a76b88f40fd4679b6027347 .

Searching says “venus” malware is a remote desktop service ransomware so I am happy and grateful BD is protecting me but I need to know what is creating these files so I can eliminate the cause, not just delete the resulting file and get re-notified of a new one when it gets created. And in case I need to pause BD. These files are locked down and can be examined even with admin privileges. I tried restoring them to what I hoped was a safe location but they could not be restored. 

Another user had as similar problem with malware detection in the DB cache and DB said:  

DB " uses the "dropbox.cache" folder as a staging area to download your files in small chunks during the syncing process. Sometimes antivirus programs will pick up some of these partial files as false positives and continuously quarantine them. The problem here is that Dropbox keeps downloading the file in an attempt to sync the file down to your computer. To tackle this behavior you can either add the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file or/and temporarily disable your antivirus. Once synced and "Up to date", you should no longer see these warnings or quarantine messages.” 

I am reluctant to disable protection for the DB cache or BD itself. I suspect it is DB that is creating the file by trying to sync some file but I’d like to know which one(s) so it can be checked to make sure it is not infected rather than just somehow creating a temporary small chunk for which the malware notifications are annoying but hopefully harmless. Any insights or solutions gratefully appreciated.

Comments

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Only the anti-malware researchers at Bitdefender Labs can help you with the issue.

    You should report the file(s) as false positive to Bitdefender Labs here:

    You could also follow the steps below.

    First, take screenshot(s) of the issue,

    create a log file on your Windows device using Bitdefender Support Tool, by following these steps:

    and

    create a log file on your Windows device using BDsysLog, by following these steps:

    Next, contact Bitdefender Consumer Support by e-mail:

    with short description of the issue.

    After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.

    Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.

    Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.

    Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.

    NOTE: If any of the log file is larger than 25MB, you can upload the log file here:

    After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support.

    Regards.