False Positive Causing Crash

registry.dll (Thunderbird temp file) scans clean but when I use CCleaner to delete temp files Bitdefender pops up saying it found a virus. I assume it deletes the file and CCleaner locks up and remains stuck on trying to delete the file. The only way out is to hard boot out.

post-31695-1413791429_thumb.jpg

post-31695-1413791849_thumb.jpg

Comments

  • That's really odd. BD only detects a a virus when you're trying to delete a file using Ccleaner? is this only a single file or a lot of dll files? Only work around that I can think of right now is to disable real time protection probably. 1.gif

  • shpshftr@netzero.net
    edited October 2014

    Rampant, I did send it for analysis. I called too and sent the captures a couple days ago...


    stridert It is a very odd scenario. And it is a temp directory with other files in it. registry.dill is the one it hangs on along with another one called FindProcDLL.dll I don't think sending the files is going to help as far as finding an infection, I'm sure it is a false positive. It's a combination of events. I can't even exclude the directory because the temp sub-directoryname changes each time and I don't want to exclude the whole User\temp directory because it's a common place for infections to gain access to the computer. Something I didn't mention is this has been an issue since the 2012 version, about the time I started using the standalone version of Thunderbird, I just didn't say anything because it was not an everyday issue. I just found the time to pursue it last week. Till now I would just manually delete that set of files with a standard delete command, but I forget to do that from time to time and it's annoying. I can start using other cleaners I suppose, I even tried the cleaner built into BD but it has skipped this directory among a few others. Honestly, I don't trust it to do a good job. Any-who, I guess I'll just see what BD comes up with if anything.

  • antikythera
    edited October 2014

    What build of CCleaner are you using? Is it up-to-date from piriform or the filehippo mirror site? Reason I ask is I have used it for years, along with standalone Thunderbird (again which build are you using?) and never had any problems with Bitdefender flagging those files as infected.


    Disabling realtime protection isn't wise. However, if you are 100% sure the copy of CCleaner you are using is clean you could try adding it to the antivirus excluded process list.

  • shpshftr@netzero.net
    edited October 2014
    What build of CCleaner are you using? Is it up-to-date from piriform or the filehippo mirror site? Reason I ask is I have used it for years, along with standalone Thunderbird (again which build are you using?) and never had any problems with Bitdefender flagging those files as infected.


    Disabling realtime protection isn't wise. However, if you are 100% sure the copy of CCleaner you are using is clean you could try adding it to the antivirus excluded process list.


    I have the most recent version of CCleaner 4.18.4844, however like I said it's been doing the same thing for the last 2 years, going back to BDAV 2012.


    I tried what you suggested (something I should have thought of...duuuu) adding CCleaner to the exclusion list, but still no go. I do have CCleaner set for secure deletion 'Simple overwrite (one pass)' with 'Wipe Alternative Data Steams' and 'Wipe cluster tips' both checked. When I have normal file deletion checked, there is no problem with BDAV. So it has to do with secure deleting.