VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, we have to keep the VoodooShield Service running, even if the GUI is closed. It should show up in the task manager under services as Running. We could probably shut down the service in XP (and maybe even Vista and 7) when the GUI closes. But the problem we run into is that the GUI does not have the privileges to start a service that runs as Local System. So if we shut down the service when the GUI closes, the user would have to manually restart the service, or reboot their computer for it to start again. The service is tiny and uses hardly any resources, so we just left it running all the time. I hope that makes sense, if not, please let me know. Thank you!
     
  2. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Hmmm, that is odd, sorry about that. Can you please send me your email address to dan@voodooshield.com and I will fix that for you?
     
  3. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    Hi Dan - using 2.38 8.1/64

    This popped up whilst I was away. Ctrl/c would not allow me to copy nor could I select it via the mouse.
     

    Attached Files:

  4. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you, that will work!
     
  5. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    rundll32.exe aeinv.dll,UpdateSoftwareInventory, That's just from installing Driverbooster. I find that I need to completely disable VS. sometimes for something like Avira because otherwise it says regsvr32.exe is blacklisted while trying to install Avira.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    These are the two command lines I have gotten so far. I have already sent them to Dan.
    "C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
    C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    I had to shut down VS to install updates for Microsoft Silverlight. Disable protection would not work. The update would just continue to fail each time.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,979
    Thank you! Most generous of you. ;)
     
  9. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Thank you everyone who submitted command lines recently, it is a huge help! I think we are just about there with there hardcoded / system ones. Although, there is a good chance that I had a typo or two in some of these, so if you see anymore, please send it to me again!

    Here is 2.39... I do not plan on releasing a new version everyday, but I wanted to get this one out because it has several minor annoying bug fixes, along with a new Command Line feature. VS will block the command line, and you can automatically allow it, then there is a new tab in settings where it lists all of the custom command lines, and you can add your own manually if you wish. There are only 10 for now, but there will be at least 20 once I am finished, I just have to make it scrollable. There are a few minor refinements I need to do on this feature, but I think it is going to be pretty cool. If there are some command lines that you think should be hard coded, please email them to me. VS will not prompt you to email me the command lines now that we have this new feature, but please email them to me if you think a lot of users will have this command line blocked.

    I still have to add command lines for cmd.exe, and put in some kind of a wildcard feature for command lines that change slightly (Roboform for example), and I will also make the tab scrollable and add some small instructions.

    Wow, we really are almost finished and bug free! We better hurry before we get to VS 2.99 ;). Thanks again for all of your help! I will reply to the above posts tomorrow or over the weekend. I think I got most of the command lines, but I might of missed one or two (I received around 25 or so through email and on here, so it was kind of hard to keep them straight (and without typos ;)).

    http://www.voodooshield.com/freeoffer/Install VoodooShield.2.39 beta.exe
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Install over the top?
     
  11. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    For now I would uninstall, reboot, reinstall and reboot. Although, it probably does not matter ;).
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,979
    I have just installed Maxthon browser on my computer earlier to today, and SSM popped this for me to accept/deny:

    Parent process:
    Path: C:\Program Files\Maxthon\Bin\Maxthon.exe
    PID: 5632
    Information: Maxthon Cloud Browser (Maxthon International ltd.)
    Child process:
    Path: C:\WINDOWS\system32\rundll32.exe
    Information: Run a DLL as an App (Microsoft Corporation)
    Command line:"C:\WINDOWS\system32\rundll32.exe" shell32.dll Control_RunDLL inetcpl.cpl,,4

    Don't know if that is a command line that you want to include?
     
  13. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    In 2.38 8.1/64 I have noticed and in the previous version that the tray icon dissappears. I have now installed 2.39 and as in 2.38 the background process can be shutdown in TM without protest or restarting. Having shut it down and re-started non of the icons re-appear. The background process is shown running in TM.

    On installing over the top of 2.38 non of the settings are remembered.
     
  14. MrGump

    MrGump Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    406
    launching malwarbytes when VS is locked gives me message that "regsrv32" is blacklisted. Malwarebytes still loads and seems to work fine though. I never got this block before.
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    I'm using Windows 7X64 Ultimate. I rolled my machine back to a time before VS was ever installed, and installed build 2.39. I rebooted, and waited for VS Training Mode to complete. I waited for about 20-30 minutes for the VS prompt that ask the user if they want to enable their protection now, but I never received it. I checked VS to see what Mode it was in, and it was in Smart Mode Already. VS either did not run in training mode after installation as it is suppose to, or it switched from training mode to smart mode without notifying me. I would bet VS switched from training mode to smart mode without notifying me.

    I tried installing Microsoft Silverlight while VS was in Disable Protection Mode, and the installation completed successfully this time. I also tried updating Java while VS was in Disable Protection Mode, and the Java installation failed. I end up having to shut down VS to install the latest Java update.

    If I try running CMD to get the DOS Command Prompt VS blocks it, and informs me that it is blacklisted. VS opens the tweaks tab showing me that CMD is ticked as do not whitelist. I think an option is needed for the user to allow CMD on-demand as needed even with CMD ticked as do not whitelist. I would like to see a prompt given to the user asking if they would like to allow CMD.

    VS does not carry over Training Mode when rebooting. VS resorts back to Smart Mode. I think maybe it could be useful for VS to remain in Training Mode when rebooting to possibly learn some software that loads early in startup. I could be wrong though. I guess maybe time will tell when VS has a large user base to see if any startup items on some users machines cause problems. Maybe it will not be an issue. I myself reboot a couple of times in Training Mode when installing Online Armor for the first time. Maybe i'm just overly cautious.
     
  16. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    I'm planning to install VS when I get home this evening but I always install apps using Revo Uninstaller Pro and was wondering how (if) VS would be able to detect Revo (in training mode) when it is open during the installation?

    Cruise

    Ps. Does VS provide any kind of notice that it is in Training Mode or Smart Mode?
     
    Last edited: Jul 25, 2014
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    VS does not activate Training Mode until after rebooting to complete VS's installation. Does Revo continue to monitor an installation after rebooting? I have not used Revo in a long time since I prefer to make disk image backups instead of monitoring installations for system changes.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    Yes, VS will ask you if you want to enable Protection after running in Training Mode for 10 minutes. VS also has a Desktop Gadget that says OFF, and the Shield will be Red when protection is disabled. Also, if you disable VS's protection instead of operating in Training Mode VS will remind you to enable your protection after 10 minutes. I think it is still 10 minutes anyways that you receive the reminder. Regardless anytime VS's protection is disabled the Desktop Gadget will say OFF, and it will be Red.
     
  19. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Hi C_E,

    That's a very good point. Afaik, Revo's installation tracker must be given an installation name and then closed before any reboot (if not, installation tracking is cancelled).

    Cruise
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    Cruise, here is a screen shot showing how VS will appear when Protection is disabled.
     

    Attached Files:

  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    Here is a screenshot of how VS will appear when Protection is enabled. The shield, and tray icon will change to Blue, and say ON.
     

    Attached Files:

  22. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Thanks C_E - I'll report back with my findings later on...

    Cruise
     
  23. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,603
    Location:
    South Wales, UK
    Cheers Dan, but I am having trouble keeping up with you...LOL

    OK, will get this installed this evening and look to give this version some wellie over the weekend.

    Have a great weekend.

    Regards, Baldrick
     
  24. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,563
    I have also found that if you kill VS via the Task Manager then it will not start up again until a reboot. It does show running as a service but it is not active in stopping anything from running.
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    VS started silently blocking everything again on my machine last night. Just as soon as I shut down VS everything I had tried to open launched all at once.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.