Whew. Somehow my mom's GeSWall was expired so this pos got on her computer. It blocked most programs from running, even in safe mode. I couldn't use a bootable AV because they couldn't update and I'm not sure how to connect to the Internet from them. I finally tricked it by hitting ctrl+alt+del and getting to task manager from there instead of right-clicking the taskbar to get to it, hehe. I noticed PING.exe was consuming a large portion of the CPU and I killed it, but it kept coming back. I then noticed "hvw" running using less than 1MB of memory. I opened the file location and it had an apple icon? Note that Panda Cloud and SpyShelter could both still run. I right-clicked hvw and uploaded to virustotal, which bypassed the rogue's Internet blocking capabilities. It got several hits for heuristics and rogues. I deleted the file (after getting a copy to upload to other AV vendors) and the rogue program disappeared. However, now no exes can run. I have to change an exe to a com to get it to run. How do I fix this? And where can I upload the infection so other AVs can get a definition for it?