Vista Security Center 2012

[Brandonn2010]

Whew. Somehow my mom's GeSWall was expired so this pos got on her computer. It blocked most programs from running, even in safe mode. I couldn't use a bootable AV because they couldn't update and I'm not sure how to connect to the Internet from them.

I finally tricked it by hitting ctrl+alt+del and getting to task manager from there instead of right-clicking the taskbar to get to it, hehe. I noticed PING.exe was consuming a large portion of the CPU and I killed it, but it kept coming back. I then noticed "hvw" running using less than 1MB of memory. I opened the file location and it had an apple icon?

Note that Panda Cloud and SpyShelter could both still run. I right-clicked hvw and uploaded to virustotal, which bypassed the rogue's Internet blocking capabilities. It got several hits for heuristics and rogues. I deleted the file (after getting a copy to upload to other AV vendors) and the rogue program disappeared.

However, now no exes can run. I have to change an exe to a com to get it to run. How do I fix this? And where can I upload the infection so other AVs can get a definition for it?

[Meriadoc]

Hi Brandonn2010, this one, or the same family...check out the fix.

Quote:

Originally Posted by Brandonn2010

However, now no exes can run

Quote:

To fix this we must first download a Registry file that will fix these changes.

you should follow the caned fix or ask to deal with all the idiosyncrasies of this malware.

edit: del quote

[TheKid7]

The Avira Rescue System CD and the Dr.Web Live CD have either up-to-date Malware signatures or very close to up-to-date Malware signatures at the time of the ISO Image download. If you made a fresh CD, you would not need to update prior to scanning the infected PC.

[Brandonn2010]

@Meriadoc

I actually read that right after I posted. It worked and all is well.

@TheKid7

I keep several bootable AVs on my SARDU thumb drive so I would like to be able to update them on the go rather than burn a new ISO every time I need it. What is a proxy server that would work? Or how do you configure a connection on those?

And also where can I submit the file so all AVs will be able to detect it?

[TheKid7]

Quote:

Originally Posted by Brandonn2010

I keep several bootable AVs on my SARDU thumb drive so I would like to be able to update them on the go rather than burn a new ISO every time I need it. What is a proxy server that would work? Or how do you configure a connection on those?

Do you have a wired or wireless Internet connection?

[Brandonn2010]

Quote:

Originally Posted by TheKid7

Do you have a wired or wireless Internet connection?

Wireless. Basically every computer I've worked on has a wireless connection. After trying a bunch of them, Bitdefender was the only one I could establish a connection, because it has the GUI network tool similar to the Network and Sharing Center in Windows, where it displayed our home network and I was able to click on it and enter our password.

[Brandonn2010]

Oh here are the Virustotal results

~ VirusTotal Results Removed per Policy ~

Is there any way to submit it to all the vendors that missed it, because I've sent it to like 6 already and it is annoying.

[TheKid7]

Quote:

Originally Posted by Brandonn2010

Is there any way to submit it to all the vendors that missed it, because I've sent it to like 6 already and it is annoying.

I don't know of any way to do this. Here is a list of the E-Mail addresses:

http://www.wilderssecurity.com/showthread.php?t=277780