Vista Security Center 2012

Whew. Somehow my mom's GeSWall was expired so this pos got on her computer. It blocked most programs from running, even in safe mode. I couldn't use a bootable AV because they couldn't update and I'm not sure how to connect to the Internet from them.

I finally tricked it by hitting ctrl+alt+del and getting to task manager from there instead of right-clicking the taskbar to get to it, hehe. I noticed PING.exe was consuming a large portion of the CPU and I killed it, but it kept coming back. I then noticed "hvw" running using less than 1MB of memory. I opened the file location and it had an apple icon?

Note that Panda Cloud and SpyShelter could both still run. I right-clicked hvw and uploaded to virustotal, which bypassed the rogue's Internet blocking capabilities. It got several hits for heuristics and rogues. I deleted the file (after getting a copy to upload to other AV vendors) and the rogue program disappeared.

However, now no exes can run. I have to change an exe to a com to get it to run. How do I fix this? And where can I upload the infection so other AVs can get a definition for it?

 

Hi Brandonn2010, this one, or the same family...check out the fix.

you should follow the caned fix or ask to deal with all the idiosyncrasies of this malware.

edit: del quote

 

The Avira Rescue System CD and the Dr.Web Live CD have either up-to-date Malware signatures or very close to up-to-date Malware signatures at the time of the ISO Image download. If you made a fresh CD, you would not need to update prior to scanning the infected PC.

 

@Meriadoc

I actually read that right after I posted. It worked and all is well.

@TheKid7

I keep several bootable AVs on my SARDU thumb drive so I would like to be able to update them on the go rather than burn a new ISO every time I need it. What is a proxy server that would work? Or how do you configure a connection on those?

And also where can I submit the file so all AVs will be able to detect it?

 

Do you have a wired or wireless Internet connection?

 

Wireless. Basically every computer I've worked on has a wireless connection. After trying a bunch of them, Bitdefender was the only one I could establish a connection, because it has the GUI network tool similar to the Network and Sharing Center in Windows, where it displayed our home network and I was able to click on it and enter our password.

 

Oh here are the Virustotal results

~ VirusTotal Results Removed per Policy ~

Is there any way to submit it to all the vendors that missed it, because I've sent it to like 6 already and it is annoying.

 

I don't know of any way to do this. Here is a list of the E-Mail addresses:

https://www.wilderssecurity.com/showthread.php?t=277780