[Fixed] Very Frustrating Problem With Bitdefender, Bandwidth Usage, Bandwidth Consantly And Massivel

123578

Comments

  • Hello,


    Thanks for messages.


    @werby3:


    Actually, your live radio use destination port which is not standard. For now, the current fix handle only HTTP (80) and HTTPS (443) traffic when destination server run on his default port (most web sites).


    I will release soon an update to handle also "exotic" port for web transfer.


    @realkaka2204:


    Thank you for the change. Actually, Bitdefender doesn't send back ACK/FIN to the server which results in many connection in FIN_WAIT_2 state. But, in theory tcp connections in the state FIN_WAIT_1 should not consume bandwidth because the timeout is properly working.


    Thanks for your information. :)

  • Thank you JoshY


    You are a treasure! We're waiting for your next diamond. :)


    My Best


    lol, absolutely...incredible coding and understanding :)

  • JoshY
    edited March 2013

    Hello,


    Final Version 0.1


    http://www17.zippyshare.com/v/53614871/file.html


    (I have made the installer, add support for all ports, and made the program stard automatically at Windows Startup)


    [iNSTALL]


    1) Delete any previous version of the fix.


    2) Just launch the setup.exe on your computer, and it works!


    [uNINSTALL]


    Go to: C:\Program Files (x86)\BitdefenderBandwidthFix\ and click on unins000.exe.


    [REQUIREMENTS]


    About 1 MB of RAM Memory only!


    Thanks.

  • Hi,


    Until BD developers decide to fix this "ancient" issue, a perfect solution is here :


    http://forum.bitdefender.com/index.php?sho...st&p=181119 thanks to JoshY.


    NOTE: For this solution to work, Visual C++ 2012 (x86) must be installed.


    Regards

  • realkaka2204
    edited March 2013

    The best temporary solution for bandwidth issue is use JoshY's program to "kill" the state FIN_WAIT2 .


    Download at www17.zippyshare.com/v/53614871/file.html


    The program requires vcredist 2012 must be installed. if not, you can download at http://www.microsoft.com/en-us/download/de...s.aspx?id=30679


    Read more at this topic: http://forum.bitdefender.com/index.php?sho...43701&st=30


    Thanks so much for your program, JoshY! :)

  • Thanks again for you help, JoshY, your check is in the mail :D It has been used and linked to already by others here. I really like how you "packaged it up" in your post, werby3, it is a good summation reference link: http://forum.bitdefender.com/index.php?s=&...st&p=181144


    Hopefully Bitdefender Techs. will acknowledge your work...and offer you a job ;) How do you feel about Romania ? :D

  • Hello,


    Final Version 0.1


    http://www17.zippyshare.com/v/53614871/file.html


    (I have made the installer, add support for all ports, and made the program stard automatically at Windows Startup)


    [iNSTALL]


    1) Delete any previous version of the fix.


    2) Just launch the setup.exe on your computer, and it works!


    [uNINSTALL]


    Go to: C:\Program Files (x86)\BitdefenderBandwidthFix\ and click on unins000.exe.


    [REQUIREMENTS]


    About 1 MB of RAM Memory only!


    Thanks.

    Hello JoshY,


    In forty minutes you succeeded what BD team could not in forty months!


    THANK YOU!!!

  • I have this Problem Too In windows 8 security


    Maybe BD Must respect To Costumers And Reslove This Problem that Exist For 2 Years


    Or Maybe We must Change Or Security solution

  • Hi,


    Until BD developers decide to fix this "ancient" issue, a perfect solution is here :


    http://forum.bitdefender.com/index.php?sho...st&p=181119 thanks to JoshY.


    NOTE: For this solution to work, Visual C++ 2012 (x86) must be installed.


    Regards


    wo wrote the April/20/2013 no official BugFix available THx Joshy but what is with you Bit defender developers and or support :ph34r:

  • Still no official answer to this problem?

  • kesegy
    kesegy ✭✭

    Can someone say has this issue been fixed in the recent builds? I'm not reinstalling BD Internet Security until it is resolved.

  • Going by their silence and a community fix, im guessing bitdefender don’t give a flying f***!

  • Going by their silence and a community fix, im guessing bitdefender don’t give a flying f***!


    It is bad when the customers have to write code to fix issues that the developers can't.

  • What was the size of bandwidth ?


    Where is the fix to this?


    My bandwidth cost me a fortune and I just lost a big chunk to some auto play movie. Bad enough you price gouge my subscriptions and now my internet as well. FIX THIS!

  • ...Until BD developers decide to fix this "ancient" issue, a perfect solution is here :


    http://forum.bitdefender.com/index.php?sho...st&p=181119 thanks to JoshY.


    ...

    Hello,


    WARNING : BD and not only, now finds the above solution as a Trojan (Trojan.GenericKDZ.16544)


    Regards

  • werby3
    edited May 2013

    Hello,


    WARNING : BD and not only, now finds JoshY's solution as a Trojan (Trojan.GenericKDZ.16544).


    Is it a false +ve or what?


    P S : Once again BD deleted this file (BitdefenderBandwidthFix.exe) without any prompt or logged in Events.


    Regards

  • knocks
    edited May 2013

    Be nice if bd had some balls and would comment on this issue!

  • I was curious about this so I thought I would check it out on one of my W8 Pro x64 computers using Firefox 21.0 Beta BD W8 Security. I used TCPView to check the downloaded bytes.


    1. First test was actually downloading a video from YouTube. Flash (*.flv) file. Size 6.7 MB Amount of bytes downloaded 6.7 MB


    2. Then I streamed another video. Video size varied based upon the file type to be downloaded. Note that maybe six different files were showing as possible download candidates for that video. I could select any or all of them. I decided in this case to not download any of the files only but only stream the video. When the downloaded bytes for sn instance shown from that IPv4 address reached a certain number, the number which varied for each instance stopped increasing and a new instance begain showing bytes being downloaded from that same IPv4 address. Each instance continued to show downloaded bytes until they too reached a number and they then stopped showing the byte count for that instance increasing. In total TCPView showed six instances (coincidence) of that one IPv4 address downloading data. My guess one instance each for each file version for that video that I could download if I so choose or maybe stream?


    A few seconds after the video finished the bytes being downloaded stopped increasing for the last instance. When I left the page that the video was on each remote connection instance to that IPv4 addess disconnected and disappeared from TCPView though it took a couple of minutes for the last disconnect. My guess is that the webpage on which the video is located was no longer responding since it was closed so after a while Firefox or Windows closed the connection. Alternatively when I closed Firefox those connections disappeared albeit at the time I closed Firefox.


    I think maybe the reason that people see those bytes continue to download is because there are mulitple versions of the same file in different video formats. So when a video is streamed at least Firefox downloads all file versions. The downloads continue until finished even if Firefox is closed or the individual leaves the page that the video is on or stops playing the video. In my case since I choose a small file relative to my ISP download speed and CPU speed all versions of the video got fully downloaded before I finished playing the video.


    In conclusion it appears that this may not be a BD problem but rather the way that at least Firefox and Windows interacts with YouTube. I did not check other video streaming websites to see if I could duplicate the experience on another video streaming website.

  • I was curious about this so I thought I would check it out on one of my W8 Pro x64 computers using Firefox 21.0 Beta BD W8 Security. I used TCPView to check the downloaded bytes.


    1. First test was actually downloading a video from YouTube. Flash (*.flv) file. Size 6.7 MB Amount of bytes downloaded 6.7 MB


    2. Then I streamed another video. Video size varied based upon the file type to be downloaded. Note that maybe six different files were showing as possible download candidates for that video. I could select any or all of them. I decided in this case to not download any of the files only but only stream the video. When the downloaded bytes for sn instance shown from that IPv4 address reached a certain number, the number which varied for each instance stopped increasing and a new instance begain showing bytes being downloaded from that same IPv4 address. Each instance continued to show downloaded bytes until they too reached a number and they then stopped showing the byte count for that instance increasing. In total TCPView showed six instances (coincidence) of that one IPv4 address downloading data. My guess one instance each for each file version for that video that I could download if I so choose or maybe stream?


    A few seconds after the video finished the bytes being downloaded stopped increasing for the last instance. When I left the page that the video was on each remote connection instance to that IPv4 addess disconnected and disappeared from TCPView though it took a couple of minutes for the last disconnect. My guess is that the webpage on which the video is located was no longer responding since it was closed so after a while Firefox or Windows closed the connection. Alternatively when I closed Firefox those connections disappeared albeit at the time I closed Firefox.


    I think maybe the reason that people see those bytes continue to download is because there are mulitple versions of the same file in different video formats. So when a video is streamed at least Firefox downloads all file versions. The downloads continue until finished even if Firefox is closed or the individual leaves the page that the video is on or stops playing the video. In my case since I choose a small file relative to my ISP download speed and CPU speed all versions of the video got fully downloaded before I finished playing the video.


    In conclusion it appears that this may not be a BD problem but rather the way that at least Firefox and Windows interacts with YouTube. I did not check other video streaming websites to see if I could duplicate the experience on another video streaming website.


    I then played a larger video from YouTube, 45 minutes in length. As soon as I closed the webpage about 5-10 seconds after I began playing the video the downloaded byte count for that IPv4 address cesased to go up and eventually after a couple of minutes the connection to that IPv4 address was closed.


    So I am not seeing the problem on my W8-Pro with BD W8 Security and Firefox 21 Beta that has been indicated on this thread. Sorry about that.

  • I then played a larger video from YouTube, 45 minutes in length. As soon as I closed the webpage about 5-10 seconds after I began playing the video the downloaded byte count for that IPv4 address cesased to go up and eventually after a couple of minutes the connection to that IPv4 address was closed.


    So I am not seeing the problem on my W8-Pro with BD W8 Security and Firefox 21 Beta that has been indicated on this thread. Sorry about that.


    One other thought.


    Sometimes when you think you have closed Fiefox it has not really closed and may never close unless you kill its process using a tool like Windows Task Manager, System Explorer etc or restart your computer. So I can see where depending on the Windows OS, version of Firefox and/or download speed when a person thinks they have closed Firefox but its process is still running that the files on YouTube may continue to download (see my first post of three above) until all instances of the download are complete. This is what people might be seeing happening.


    Of course all of this is just my opinion and there in fact may be a problem with Bitdfender as discussed in this thread.

  • werby3
    edited May 2013
    ...Of course all of this is just my opinion and there in fact may be a problem with Bitdfender as discussed in this thread.
    Hello Nesivos,


    It's time for you to connect to a live stream (e.g. http://kallien.caster.fm/ ) and you'll understand what makes all these people post (not only here) about this really "ancient" BD issue which BD team cannot fix while it took about half an hour for a user (JoshY's topic) to fix it.


    P S : In TCPView look for a "FIN_WAIT_2" connection.


    Regards

  • Hi,


    Because I suspect that it is a false positive, I've added "BitdefenderBandwidthFix.exe" to "Excluded files and folders" till someone more expert will prove that it is really and not behaves like a Trojan.


    Regards

  • I am not sure...


    On vtt there are six vendors which recognize Malware. All these vendors are using the BitDefender Engine. But Symantec and since a few hours TrendMicro although recognizes a trojan....


    But why the support doesn´t say anything...


    Yours


    Olli

  • So Ikarus detects a Trojan, too!


    Suspect...

  • Hi,


    I know about AVs recognition and my question is :


    Is it a Trojan which sends infos to somewhere or it just behaves as a Trojan and actually doesn't send anything to anywhere?


    THX

  • Nesivos
    Nesivos
    edited May 2013
    Hello Nesivos,


    It's time for you to connect to a live stream (e.g. http://kallien.caster.fm/ ) and you'll understand what makes all these people post (not only here) about this really "ancient" BD issue which BD team cannot fix while it took about half an hour for a user (JoshY's topic) to fix it.


    P S : In TCPView look for a "FIN_WAIT_2" connection.


    Regards


    I will give it a try later and see what happens.

  • Hello Nesivos,


    It's time for you to connect to a live stream (e.g. http://kallien.caster.fm/ ) and you'll understand what makes all these people post (not only here) about this really "ancient" BD issue which BD team cannot fix while it took about half an hour for a user (JoshY's topic) to fix it.


    P S : In TCPView look for a "FIN_WAIT_2" connection.


    Regards


    Okay I tried it. After closeing the webpage the downloaded byte count stopped increasing however TCPView is showing a status of FIN_WAIT2 which means there is a communication problem.



    In TCP networking, what is a FIN_WAIT state?


    FIN_WAIT_2 seems to occur when the server has an active connection with a client and wants to shut down the TCP connection (probably in response to a normal application layer "exit"). The server sends the client a packet with a "FIN" bit set. At this point, the server is in FIN_WAIT_1 state. The client gets the FIN packet and goes into CLOSE_WAIT state, and sends an acknowledgment packet back to the server. When the server gets that packet, it goes into FIN_WAIT_2 state. From the server's perspective, the connection is now closed, and the server can't send any more data. However, under the TCP protocol, the client needs to shut down also by sending a FIN packet, which the server TCP implementation should ACK. The server should close about two milliseconds later.


    I then went to KJAZZ and opened their live streaming http://www.jazzandblues.org/programming/listen/ I then closed the live steaming and got the same results. Bytes downloaded count stop increasing and status went to FIN_WAIT2 instead of closing.


    I will now close Firefox and see what happens.

  • Nesivos
    Nesivos
    edited May 2013
    Okay I tried it. After closeing the webpage the downloaded byte count stopped increasing however TCPView is showing a status of FIN_WAIT2 which means there is a communication problem.


    I then went to KJAZZ and opened their live streaming http://www.jazzandblues.org/programming/listen/ I then closed the live steaming and got the same results. Bytes downloaded count stop increasing and status went to FIN_WAIT2 instead of closing.


    I will now close Firefox and see what happens.


    After closing Fiefox the FIN_WAIT2 stutus for that port remained connected with no increase in byte counts. I was able to close the connection using TCPView by right clicking on the line item in TCPView and clicking on close connection.


    I then accessed the kallien.caster.fm website using IE10. I closed the webpage in IE10 and the byte count stopped increasing but the connection remained open. I then closed IE10 the connection was closed. I then went to KJAZZ in IE10. When I closed the live streaming and the website the byte count continued to increase which it had not when I closed kallien.caster.fm. I then closed IE10 and the connection was closed.


    The hanging in Firefox in the FIN_WAIT2 state is a communication problem where data is no longer downloaded but the connection remains open. Clearly this is a security risk.


    In IE10 the fact that I can close the live streaming and the website in the case of KJAZZ but the IE10 continues to download bytes from that website until I close IE10 represents a bigger security risk and of course eats bandwidth. I did a little further research into the port that KJAZZ used in Firefox and the port was considered a risk. It IE10 the connection to KJAZZ used another port but low and behold Malwarebytes popped up and said "potentially malcious website blocked". So thanks to this thread I know to avoid JKAZZ.


    Personally I think the whole live streaming thing using a web browser is a risky business. I prefer to use Radio Sure for my radio listening. When I close it the connection is cut. As far as live streaming I guess it depends on the website. I just went to http://tv.lrytas.lt/live and they a basketball game on. Interestingly TCPView is showing the connection to this website is using Flash Video Player and not native Fiefox. When I close the website the connection is cut.

  • Hi JoshY,


    thank you for the solution. But, the download is recognized as malware. Is it possible that you release the source of your solution so that we could compile it ourself?


    regards


    Malte Krueger

  • Hello Nesivos,


    When you see the "FIN_WAIT_2" status in TCPView you will also see in Task Manager/Performance tab (on Win 8) that downloading doesn't stop even if you close your browser.


    Personally I think the whole live streaming thing using a web browser is a risky business
    Using a browser to receive a stream is not more risky than other ways especially when you're protected using a good AV.


    Regards

  • Hello Nesivos,


    When you see the "FIN_WAIT_2" status in TCPView you will also see in Task Manager/Performance tab (on Win 8) that downloading doesn't stop even if you close your browser.


    Using a browser to receive a stream is not more risky than other ways especially when you're protected using a good AV.


    Regards


    In TCPView it showed the downloading had stopped in the cirumstances I mentioned. I finished using that computer for the day about two hours ago. Ran my daily cleanup utilities; i.e. CCleaner, ASC Pro and Diskmax. I just went over to that computer and opened Windows Task Manager. It showed 0 Network activity. I did not restart that computer. I don't know what to tell you other than what I have already mentioned. I appreciate that I was able to find out that KJAZZ is a risky website and the nudge to learn more stuff about my computers and their software. I really have nothing else to say on the subject. I just related my experience with the three websites and the link I found on FIN_WAIT2.


    I still think it is a communication problem resulting form viewing streaming websites directly in Firefox 21.0 Beta and IE10. Of course I could be wrong. It sure wouldn't be the first time. Good luck

  • ...I still think it is a communication problem resulting form viewing streaming websites ...
    ...which disappears when uninstall or disable BitDefender... :rolleyes:


    Have a nice day!

  • Nesivos
    Nesivos
    edited May 2013
    ...which disappears when uninstall or disable BitDefender... :rolleyes:


    Have a nice day!


    It's too bad u have to uninstall BD to solve the problem. I did not.


    Have a nice day!
    You too :)
  • It's too bad u have to uninstall BD to solve the problem. I did not.
    Hello Nesivos,


    It's too bad u cannot (or don't want to) see the obvious. I(we) did :

    ...What I want you to know is that the ghost traffic issue reported here and in other topics of the forum has been acknowledged by our development team for some time and is currently being worked on for a fix. ...
  • Verify that the detection is Signature based or by Heuristics. Attach the snapshot of the detection.

  • I am not sure...


    On vtt there are six vendors which recognize Malware. All these vendors are using the BitDefender Engine. But Symantec and since a few hours TrendMicro although recognizes a trojan....


    But why the support doesn´t say anything...


    Yours


    Olli


    This may be because some of the Antivirus vendors such as GData, Emisoft etc uses Bitdefender Antivirus Engine. And Symantec detect because of the File Reputation technique and since the the tool discussed here is used only for specific task and is not known publicly, so File Reputation Detection method detect it as lacking repute. While the detection is by the TrendMicro-HouseCall which is Online In the Cloud On-Demand Scanner, so chance are for False +ve, while the regular TrendMicro product does not detect it.


    https://www.virustotal.com/en/file/67880128...sis/1367900339/

  • Hello Omer,


    I also tend to believe that it's a False +ve.


    I downloaded again (today) this file, checking and comparing it with the initial file (I had downloaded it minutes after JoshY's uploading) with MD5 which gives exactly the same number thus, file seems not to be injected/infected by something.


    So, I'm still using it, adding it to Exclusions.


    I've also sent a PM to JoshY who doesn't seem to monitor this forum.


    So, if someone more expert on file analyzing could give us some infos, it would be much appreciated.


    PS : I cannot trust BD Labs opinion just because this file embarrasses them and perhaps this is the reason of all this.


    Regards

  • hey, it works... thanks JoshY

  • Hello Nesivos,


    It's too bad u cannot (or don't want to) see the obvious. I(we) did :


    I am not denying there is a problem and for some bigger than others. How much of it is just BD products and how much of it relates to the way BD interacts with web browsers and Windows is the question.


    All I can tell you with regard to BD causing the problem is that I am using Windows 8 Pro, BD W8 Security and Firefox 21.0 Beta. The only problem I noticed with that combination is that some streaming websites do not disconnect when you close them and leave Firefox open but go into a FIN_WAIT2 state and hang there until I close Firefox. However, in no instance of the three streaming websites I tested did I notice a continution of bytes being downloaded after I closed Firefox.


    That was my exprience yesterday.


    cheers.

  • I use BD Win8 security, and Opera as my default browser, and do not have the bandwidth problem when streaming Youtube videos.I have checked on two different occasions with Windows resource monitor and BD firewall. I have never had problems with Opera in any Windows or Linux OS, so I did not expect problems with BD in Win8 either.

  • I use BD Win8 security, and Opera as my default browser, and do not have the bandwidth problem when streaming Youtube videos.I have checked on two different occasions with Windows resource monitor and BD firewall. I have never had problems with Opera in any Windows or Linux OS, so I did not expect problems with BD in Win8 either.


    Just curious have you tried http://kallien.caster.fm/ There appears to more than one problem with streaming from that website.

  • Just curious have you tried <a href="http://kallien.caster.fm/" target="_blank">http://kallien.caster.fm/</a> There appears to more than one problem with streaming from that website.


    I tried kallien, and the only way to stop it from streaming was to manually turn off my wireless router.


    On the other hand, it took about five minutes to connect to the server and start streaming. So neither BD nor Opera can handle this kind of crap. I could not care less. I have tried streaming Norwegian radio and TV, and no problems there.


    Fine to be aware of the problem, but I am reasonable sure that I will not run into it again.

  • I tried kallien, and the only way to stop it from streaming was to manually turn off my wireless router.


    On the other hand, it took about five minutes to connect to the server and start streaming. So neither BD nor Opera can handle this kind of crap. I could not care less. I have tried streaming Norwegian radio and TV, and no problems there.


    Fine to be aware of the problem, but I am reasonable sure that I will not run into it again.


    I connected immediately using a wireless and stopped it streaming download by exiting the page.


    This is definitely a tough one to solve.

  • Maybe the issue is not in W8 Security, i use total 2013 and until the user fix i could just sit and watch in tcpview the downloads continue!

  • JoshY
    edited May 2013

    Hello,


    Thanks werby3 for your PM.


    I promise that this file is not in any way a trojan ! It is 100% clean. This is definitely a false positive from BitDefender.


    If you don't trust this executable, you can always compile it yourself: a snippet is available on page 1...


    Regards.

  • Hello JoshY,


    That's what I've thought from the first time and of course, I'm still using it, adding it to Exclusion files.


    I guess that BD Labs will remove this file from their black list OR they will tell us where is the problem.


    THANK YOU very very much!!! :)

  • werby3
    edited May 2013
    ...WARNING : BD and not only, now finds the above solution as a Trojan (Trojan.GenericKDZ.16544)...
    Hello,


    JoshY, the creator of the solution (BitdefenderBandwidthFix), assure us that his file is NOT a Trojan, it is clean and offers the code he used for recompiling (if someone doesn't trust him).


    You may read this : http://forum.bitdefender.com/index.php?sho...st&p=185153


    After that, I hope that BD Labs will remove this file from their black list.


    Regards

  • Maybe the issue is not in W8 Security, i use total 2013 and until the user fix i could just sit and watch in tcpview the downloads continue!


    You could be correct. I don't recall from the many posts on this thread if anyone with BD W8 Security mentioned they are having the problem you and others have described. BD is looking into the problem

  • columbo
    columbo
    edited May 2013

    Kudos to werby3 and JoshY for following up.

This discussion has been closed.