Vista Security Center 2012

Discussion in 'malware problems & news' started by Brandonn2010, Dec 17, 2011.

Thread Status:
Not open for further replies.
  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Whew. Somehow my mom's GeSWall was expired so this pos got on her computer. It blocked most programs from running, even in safe mode. I couldn't use a bootable AV because they couldn't update and I'm not sure how to connect to the Internet from them.

    I finally tricked it by hitting ctrl+alt+del and getting to task manager from there instead of right-clicking the taskbar to get to it, hehe. I noticed PING.exe was consuming a large portion of the CPU and I killed it, but it kept coming back. I then noticed "hvw" running using less than 1MB of memory. I opened the file location and it had an apple icon?

    Note that Panda Cloud and SpyShelter could both still run. I right-clicked hvw and uploaded to virustotal, which bypassed the rogue's Internet blocking capabilities. It got several hits for heuristics and rogues. I deleted the file (after getting a copy to upload to other AV vendors) and the rogue program disappeared.

    However, now no exes can run. I have to change an exe to a com to get it to run. How do I fix this? And where can I upload the infection so other AVs can get a definition for it?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi Brandonn2010, this one, or the same family...check out the fix.
    you should follow the caned fix or ask to deal with all the idiosyncrasies of this malware.

    edit: del quote
     
    Last edited: Dec 17, 2011
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,585
    The Avira Rescue System CD and the Dr.Web Live CD have either up-to-date Malware signatures or very close to up-to-date Malware signatures at the time of the ISO Image download. If you made a fresh CD, you would not need to update prior to scanning the infected PC.
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    @Meriadoc

    I actually read that right after I posted. It worked and all is well.

    @TheKid7

    I keep several bootable AVs on my SARDU thumb drive so I would like to be able to update them on the go rather than burn a new ISO every time I need it. What is a proxy server that would work? Or how do you configure a connection on those?

    And also where can I submit the file so all AVs will be able to detect it?
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,585
    Do you have a wired or wireless Internet connection?
     
  6. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Wireless. Basically every computer I've worked on has a wireless connection. After trying a bunch of them, Bitdefender was the only one I could establish a connection, because it has the GUI network tool similar to the Network and Sharing Center in Windows, where it displayed our home network and I was able to click on it and enter our password.
     
  7. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Oh here are the Virustotal results

    ~ VirusTotal Results Removed per Policy ~

    Is there any way to submit it to all the vendors that missed it, because I've sent it to like 6 already and it is annoying.
     
    Last edited by a moderator: Dec 18, 2011
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,585
    I don't know of any way to do this. Here is a list of the E-Mail addresses:

    https://www.wilderssecurity.com/showthread.php?t=277780
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.