VoodooShield/Cyberlock

Hey Kardo,

Cool, thank you! Are you about ready for the CS/VS combo? I am ready when you are .

 

Cool, thank you trjam, MrGump, TyRizian, and TH, I appreciate that!

 

I am going to post a link to some really, really, really bad viruses, malware and exploits.

PLEASE ONLY TRY ON TEST SYSTEMS OR VM's

http://malware-traffic-analysis.net/index.html

The reason I am posting this is because some dude supposedly found a way to bypass VS, although I have tried it several times and could not get it to work. Here is the one that he says can bypass VS... once again, PLEASE ONLY TRY ON TEST SYSTEMS OR VM's... this will really mess up your computer.

http://malware-traffic-analysis.net/2014/12/12/index.html

I tried to make the above links not clickable, but for some reason I cannot, so please be very careful! But please try some if you get a chance, I would like to see how VS does.

The good news is, if it really did bypass VS, then it is a simple fix that was suggested by the guy who supposedly bypassed VS. Basically, when VS is installed, it also installs the C++ 2010 runtime. There are 2 versions of the runtime, one for 32 bit and one for 64 bit. Since VS seemed to work well with just installing the 64 bit runtime, I left out the 32 bit runtime for windows 64 bit systems... there is no reason to install extra stuff we do not need. And besides, the C++ runtimes seem to conflict with each other (on occasion), if for example, a different software was using an old C++ runtime. So I am going to do some more testing, and if we do need the 32 bit C++ runtime for 64 bit systems, then I will include it in the next release if we need to. I have talked to the guy, and he seems like a good guy with good intentions, and I definitely appreciate his help. Because if VS does have a security hole, we need to fix it .

Here is the video of him bypassing VS... although I do not see an executable start, and if you watch his other "VS" (versus) videos, you will notice that the exploit does not get as far in the VoodooShield video. Although, he is saying that might be because it is an old exploit. But to me that does not make sense because why would they take down the html, but not the exploit / payload.

https://www.youtube.com/watch?v=uF4MJebbnoE&feature=youtu.be

If you do want to install the 32bit C++ runtime just to be extra safe while I figure out if we really need it or not, here it is:

http://www.microsoft.com/en-us/download/details.aspx?id=5555

Thank you Miquell for letting me know about this! It is kinda funny how we were just talking about exploits . Now we can test and see! But seriously, please only try these on a test computer or VM, and either way, please be extra careful! Thank you!

 

Hi Dan

To make it non clickable change the http to hxxp - that should be sufficient

hxxp://malware-traffic-analysis.net/2014/12/12/index.html

 

Thanks Dan

 

Hello Dan,

Thanks for the reply.

Yes, it is odd (first time encountered problem of this nature).

I am now running the latest version 2.23l & have managed to register it successful (after uninstalling version 2.23k, rebooting & clean up the VoodooShield file in Program Data).

I'll monitor & let you know if the problem still exists.

 

Hi Dan,

The Nuclear - EK IP address seems to be dead. However, I downloaded the malware file <>2014-12-12-Nuclear-EK-malware.zip <>, tried to run it and VS blocked it immediately.

Nothing showing up in process explorer that shouldn't be there and a couple of a/v scans were clean.

I have 32 bit and 64 bit C + + already installed on a Windows7 64 bit machine running VS version 2.22.

Edit
Not sure if any of this helps but I tried to run this piece of malware again without 32 bit C + + (x86) being installed, and the result was the same....VS blocked it immediately.

 

Hi Dan, my internet has been out since Saturday night so I have to play catch up now. If you scan the registry how will you get the hashes of the applications? Do you plan on allowing applications by name, and path alone? Also, a lot of uninstallers leave orphaned files in various registry locations. I'm not sure how often they leave them in HKLM Software\Microsoft\Windows\CurrentVersion\App Paths, but it could cause VS to add software to the Whitelist that is not currently installed. Also, I just checked that path on this machine, and all the software I have installed in Program Files is not listed there.

 

Here is the latest version, there are A LOT of changes. I added the 32bit C++ runtime, new web apps (thank you CET for the list), MAJOR changes under the hood, and the new feature that adds the program files from the registry... just click on "Automatically Allow allow all software from the Program Files folder" and it will prompt you. We can also add this feature as a button or on first run after installation, that will be super easy since it is already finished. I uploaded a 2.23m much earlier today as a test, so if you happened to have downloaded it, please install this version.

I will reply to the other posts later tonight or tomorrow. I see CET's posts, I have to reply to it, hehehe, you will see why .

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.23m beta.exe

 

Hehehe, I KNEW you were going to ask me something like that . If figured you would ask me how I am going to get the correct paths when the contain a "~". It is hard to explain how I did it, but basically I told VS to find the actual executable, then I cleaned up the path, then calculated the hash. I think most of the files are in there, but if not, they are in the registry somewhere most likely. We can play around with it and see and tweak it a little. Thank you!

BTW, I added a lot of the web apps that you sent me a while back, but I really do not want to add to many. We can always add more later... they take a long time to add because I have to install the software, get a good copy of the icon, track down the process name, and then add it to like 15 places in VS. Also, if we add way too many, VS will slow down some.

 

YES

 

What does the Command Lines tab on settings menu signify? It filled up on me a few days ago and would not allow me to Block or Allow. I removed some of the entries, but I have no idea what the purpose is for this tab.

 

Working stable and very smooth on my board (Win 8.1 64bit), I've no issues to report so far

Thanks Dan

Mike

 

Installed 2.23m and it seems to work as well as the last betas, however it prompts for a new version & when i say yes it displays the error in the second pic and knocks out the icon. I checked taskmanager and there is 1 VS process running.

 

BTW, we are upgrading the web server, so you might be prompted to update. If so, you can just ignore it. I will let you know when everything is ready!

 

Can you remove the word Beta from the installer?

Thanks,

Daniel

 

Works OK so I agree with TH

 

VS 2.23m installed over the top and running smoothly so far.

Thanks
Gordon

 

Hi Dan

Downloaded and installed...will keep you appraised of how things are running here.

Just a thought...but if you keep adding genius ideas will you ever get to the stage of releasing them all?

Regards, Baldrick

 

Version 2.23m is running well.

 

2.23m running great

 

I am super tired, but I will catch up on the above posts tomorrow. Here is the "Final" version hopefully. If everything looks great, we will release it soon. I added a quarantine function and now you can right click to add a blocked item in the user log. And a few other small things.

If it asks you to upgrade until we release it to the public, please do not! I will let you guys know when I release it to the public. Thank you!

http://www.voodooshield.com/freeoffer/Install VoodooShield.2.23n beta.exe

 

Version 2.23n running great on my system. Thanks Dan

 

I just installed build 2.23n as a new install so I may have more to report later. I executed an installer, and the VS prompt is missing the middle option. Is this expected behavior? Is it leaving out the sandbox option since it is an installer? Should something else be there instead?

 

Hey everyone, I will reply to the posts later today, but I just wanted to let you know that VS 2.30 is ready!!! Thank you for all of your help, I really do appreciate it!!! Sorry there were so many versions. Now that pretty much all of the bugs are worked out, things should go back to normal.

http://voodooshield.com/download/versions/Install VoodooShield.2.30.exe

And we have a new website! Although, I still have to add a few things like quotes and badges, and Ali the web developer has a few things to do on the Account page.

https://voodooshield.com/

Anyway, thanks again for all of your help and hard work!