Malicious dll files in Panda Security Folder

[Rajat]

Today i just downloaded Panda Internet Security Free 6 Months Trial(ask me for the link in the comment section if you want installer). After completing installation i scanned my PC with Hitman Pro & it detected 2 Malwares in my system. Surprisingly these were dll files in Panda's Installation Folder. I suspected them to be False Positives, thus i did a virustotal scan on these 2 files. Results were bit shocking.

Antivirus scan for edb633f30955afe8049ef9dd5de64e5f796f000e4b4c95ef552b6ef430e141ae at 2015-12-28 16:03:06 UTC - VirusTotal

Antivirus scan for edb633f30955afe8049ef9dd5de64e5f796f000e4b4c95ef552b6ef430e141ae at 2015-12-28 16:03:06 UTC - VirusTotal

Should i remove these files with Hitman Pro & Uninstall Panda???

Note : No Malicious Process is/was Running in my PC. I am uploading a Process Explorer Screenshot along with Hitman Pro Scan results.

 

[SloppyMcFloppy]

Can you provide us the link where you get the installer? I guarantee you this is not Panda official installer but rather you got the installer from a 3rd party shady site.

 

[SloppyMcFloppy]

Update: Those two files is associate with Panda Security Toolbar no wonder it was detected by many AV because all of them think is PUPs. You can remove the Panda Security Toolbar if you really want to.

 

[Rajat]

Can you provide us the link where you get the installer? I guarantee you this is not Panda official installer but rather you got the installer from a 3rd party shady site.

Here's the Link
http://acs.pandasoftware.com/Panda2016/IS/187227/PANDAIS16.exe

 

[SloppyMcFloppy]

Here's the Link
http://acs.pandasoftware.com/Panda2016/IS/187227/PANDAIS16.exe

Thanks, i can confirmed those two files is associated with Panda Security Toolbar, therefore it is false positive since you got that toolbar from Panda Internet Security suite. But if you get this toolbar from other installers than Panda than it is a threat.

Some anti-malware programs classify pandasecurityDx.dll as a harmful extension to Internet Explorer: for example not-a-virus:WebToolbar.Win32.Agent.bhe (detected by Kaspersky), and TROJ_GEN.R021C0OF915 (detected by TrendMicro). Add-ons like this can display ads, slow down your computer and cause various other errors. If you can't remember installing the associated Panda Security Toolbar Link Library software, it's no surprise. In most cases, this kind of adware is installed on the side when you install a freeware product like a Youtube Downloader or a PDF Converter. In the following selection, you can read more about Panda Security Toolbar Link Library and how to get rid of it

 

[Rajat]

Thanks, i can confirmed those two files is associated with Panda Security Toolbar, therefore it is false positive since you got that toolbar from Panda Internet Security suite. But if you get this toolbar from other installers than Panda than it is a threat.

Some anti-malware programs classify pandasecurityDx.dll as a harmful extension to Internet Explorer: for example not-a-virus:WebToolbar.Win32.Agent.bhe (detected by Kaspersky), and TROJ_GEN.R021C0OF915 (detected by TrendMicro). Add-ons like this can display ads, slow down your computer and cause various other errors. If you can't remember installing the associated Panda Security Toolbar Link Library software, it's no surprise. In most cases, this kind of adware is installed on the side when you install a freeware product like a Youtube Downloader or a PDF Converter. In the following selection, you can read more about Panda Security Toolbar Link Library and how to get rid of it

But Panda didn't notified me that it is installing its toolbar(neither in the setup nor after installation) like most other AV's(avg, Kaspersky etc.) do.

 

[SloppyMcFloppy]

But Panda didn't notified me that it is installing its toolbar(neither in the setup nor after installation) like most other AV's(avg, Kaspersky etc.) do.

I remember BitDefender Total Security 2016 did the same to me. The installer didn't mentioned anything like toolbar, but after finish installed i open up Internet Explorer, and one thing is i noticed is Internet Explorer asked me if i want to enable Bitdefender SSL scanning or something like that, but i doubt it is a toolbar since its ask if i want to enable or disable. And we already know that these two files is associated with Panda Security Toolbar, you can uninstall them if you like. But as i said earlier, if you get this toolbar from Panda Internet Security suite, than it is safe. But if you get this toolbar from other installers other than Panda, than it it consider to be a threat.

 

[Rajat]

I remember BitDefender Total Security 2016 did the same to me. The installer didn't mentioned anything like toolbar, but after finish installed i open up Internet Explorer, and one thing is i noticed is Internet Explorer asked me if i want to enable Bitdefender SSL scanning or something like that, but i doubt it is a toolbar since its ask if i want to enable or disable. And we already know that these two files is associated with Panda Security Toolbar, you can uninstall them if you like. But as i said earlier, if you get this toolbar from Panda Internet Security suite, than it is safe. But if you get this toolbar from other installers other than Panda, than it it consider to be a threat.

Thanks for the Advice. I just removed these files with Hitman Pro & rebooted my system. Panda IS 2016 is running Fine without any Problem

 

[SloppyMcFloppy]

Thanks for the Advice. I just removed these files with Hitman Pro & rebooted my system. Panda IS 2016 is running Fine without any Problem

The toolbar and antivirus itself is a whole difference level of protection. Panda Internet Security 2016 will work without the toolbar because the toolbar act as a secure search engine.

 

[Rajat]

The toolbar and antivirus itself is a whole difference level of protection. Panda Internet Security 2016 will work without the toolbar because the toolbar act as a secure search engine.

A last Question.
Is Panda Internet Security a total cloud based security Product just like Panda Free Cloud AV(i usually don't use cloud AV's because i work in an environment where i have to plug in multiple of usb's & i don't have my wifi to access over there) or does it store some signatures in the computer(it didn't run any Update after Installation)????

 

[SloppyMcFloppy]

A last Question.
Is Panda Internet Security a total cloud based security Product just like Panda Free Cloud AV(i usually don't use cloud AV's because i work in an environment where i have to plug in multiple of usb's & i don't have my wifi to access over there) or does it store some signatures in the computer(it didn't run any Update after Installation)????

This is what Panda say what about their cloud Av.

Source:
Arguments against cloud-based antivirus - MediaCenter Panda Security
Cloud-based antivirus do not protect while offline
While this might be true of some cloud-based antivirus implementations, in the case of Panda Cloud Antivirus it is not true. Panda Cloud Antivirus has a local cached copy of the Collective Intelligence cloud servers. This local cache is tasked with detecting (even while not connected to the Internet) malware that is in the wild, non-PE malware and other threats. Unlike traditional signature updates, this local cache update is a “moving target” of what the community sees as circulating out there in the wild. Therefore it is able to efficiently protect against the important threats. This local cache does not protect against Win98 or DOS viruses or even malware that is dead or not circulating anymore. That is why the community aspect of Panda Cloud Antivirus is so important as, the more people use it, the better protection it offers.
UPDATE: Panda Cloud Antivirus 1.1 includes 4 additional new layers of offline protection: 2 behavioural engines (blocking & runtime analysis), autorun disabling and USB vaccination.

So that means that it provides lower protection while offline
First let’s take a look at the practical aspect: after running the beta and release of Panda Cloud Antivirus for over 7 months with millions of users, we have not had a single recorded incident of an infected user while not connected to the Internet. There’s a common misconception that protection = detection rates of millions of samples as tested by magazines. This is not really true as those tests include malware that is dead, not circulating anymore or even does not work on your operating system (like old DOS/Win98 viruses). If we define protection as stopping real-life malware that is circulating then the offline protection that is offered by Panda Cloud Antivirus is more than enough.

 

[scoob95]

I don't know why they include those dlls even know