Vista Security Center 2012

Discussion in 'malware problems & news' started by Brandonn2010, Dec 17, 2011.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Whew. Somehow my mom's GeSWall was expired so this pos got on her computer. It blocked most programs from running, even in safe mode. I couldn't use a bootable AV because they couldn't update and I'm not sure how to connect to the Internet from them.

    I finally tricked it by hitting ctrl+alt+del and getting to task manager from there instead of right-clicking the taskbar to get to it, hehe. I noticed PING.exe was consuming a large portion of the CPU and I killed it, but it kept coming back. I then noticed "hvw" running using less than 1MB of memory. I opened the file location and it had an apple icon?

    Note that Panda Cloud and SpyShelter could both still run. I right-clicked hvw and uploaded to virustotal, which bypassed the rogue's Internet blocking capabilities. It got several hits for heuristics and rogues. I deleted the file (after getting a copy to upload to other AV vendors) and the rogue program disappeared.

    However, now no exes can run. I have to change an exe to a com to get it to run. How do I fix this? And where can I upload the infection so other AVs can get a definition for it?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi Brandonn2010, this one, or the same family...check out the fix.
    you should follow the caned fix or ask to deal with all the idiosyncrasies of this malware.

    edit: del quote
     
    Last edited: Dec 17, 2011
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    The Avira Rescue System CD and the Dr.Web Live CD have either up-to-date Malware signatures or very close to up-to-date Malware signatures at the time of the ISO Image download. If you made a fresh CD, you would not need to update prior to scanning the infected PC.
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    @Meriadoc

    I actually read that right after I posted. It worked and all is well.

    @TheKid7

    I keep several bootable AVs on my SARDU thumb drive so I would like to be able to update them on the go rather than burn a new ISO every time I need it. What is a proxy server that would work? Or how do you configure a connection on those?

    And also where can I submit the file so all AVs will be able to detect it?
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Do you have a wired or wireless Internet connection?
     
  6. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Wireless. Basically every computer I've worked on has a wireless connection. After trying a bunch of them, Bitdefender was the only one I could establish a connection, because it has the GUI network tool similar to the Network and Sharing Center in Windows, where it displayed our home network and I was able to click on it and enter our password.
     
  7. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Oh here are the Virustotal results

    ~ VirusTotal Results Removed per Policy ~

    Is there any way to submit it to all the vendors that missed it, because I've sent it to like 6 already and it is annoying.
     
    Last edited by a moderator: Dec 18, 2011
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I don't know of any way to do this. Here is a list of the E-Mail addresses:

    https://www.wilderssecurity.com/showthread.php?t=277780
     
Loading...
Thread Status:
Not open for further replies.