VoodooShield ?

Discussion in 'other anti-malware software' started by CloneRanger, Dec 7, 2011.

  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,057
    Location:
    Ontario, Canada
    c:\windows\temp\673e3476-3c04-476c-8859-1af8660e3204\dismhost.exe {2f8ba1b8-e622-4c06-be94-3e61d22954cf}

    It's in C:\Windows\System32\Dism\DismHost.exe 2016-06-15_17-48-32.png

    2016-06-15_17-40-37.png 2016-06-15_17-44-58.png 2016-06-15_17-45-33.png
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    3.27 is still freezing, and as usual for me, it froze just after prompting for something out of the blue. In this case it was a Command Line.

    Dan, I've emailed the logs and it looks like an error WAS logged this time.
     
    Last edited: Jun 16, 2016
  3. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    What a bummer... thank you for letting me know. Can you please send me your DeveloperLog.log and DeveloperServiceLog.log? Hopefully the error was logged and we will finally get to the bottom of this, thank you!
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    Logs emailed. Please see my edit above.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    Code:
    [06-16-2016 15:37:41] [ERROR] - Exception in Utilities_FlushMemory: Access is denied.    at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
       at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
       at System.Diagnostics.Process.OpenProcessHandle()
       at System.Diagnostics.Process.get_Handle()
       at VoodooShield.Utilities.FlushMemory()
    Code:
    [06-16-2016 15:37:41] [ERROR] - Exception in Utilities_FlushMemory: Access is denied.    at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
       at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
       at System.Diagnostics.Process.OpenProcessHandle()
       at System.Diagnostics.Process.get_Handle()
       at VoodooShield.Utilities.FlushMemory()
     
  6. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, thank you!

    I definitely see an exception… I will fix that tomorrow and post a new version (it is an easy fix), let’s hope that is the final fix for this bug!

    [06-16-2016 15:37:41] [ERROR] - Exception in Utilities_FlushMemory: Access is denied. at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
    at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
    at System.Diagnostics.Process.OpenProcessHandle()
    at System.Diagnostics.Process.get_Handle()
    at VoodooShield.Utilities.FlushMemory()
     
  7. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Yeah, that one ;)!
     
    Last edited: Jun 16, 2016
  8. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Actually, that was such an easy fix, I figured I would just fix it before bed, that way everyone can start testing it.

    BTW, stapp... VS should not give that weird message anymore, if so, please let me know ;).

    http://www.voodooshield.com/artwork/InstallVoodooShield328.exe

    I will catch up on the other posts asap, thank you!
     
  9. hjlbx

    hjlbx Guest

    There really ain't one. So if you get a score from 4 to 6, take out a 2 Euro coin and toss it. Heads = malicious, tails = safe. :shifty:

    You get a "feel" after playing around with a lot files - both known safe, known malicious and shady/dodgy/unknown...

    I used a lot from MX Clean to get an idea.

    The "murky" ones can be scripts, programs - like Toggle Tweaker that use sub-programs like cmd.exe, powershell.exe, wscript.exe, cscipt.exe, etc.
     
  10. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    392
    Location:
    VPN city
    So I've got two computers, both have this problem.

    When I run something inside Sandboxie, Voodooshield is totally silent. I have it set to NOT allow by parent process. Set custom folders to block everything in the folder where the sandboxes are. Still nothing.

    I tested this with the spycar test files. I reset the whitelist after each try in an attempt to make this work. I was told there would be people here who could help me make this work.
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,719
    Location:
    UK
    No weird message anymore when updating to 3.28 Dan :thumb:
     
  12. old school

    old school Registered Member

    Joined:
    Nov 14, 2015
    Posts:
    29
    Location:
    Spain
    I think you've been the voice of many users :)
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    Dan, I found this in Windows Reliability History too. I don't know if it will help or not though.
    Code:
    Source
    VoodooShield
    
    Summary
    Stopped responding and was closed
    
    Date
    ‎16/‎06/‎2016 3:37 PM
    
    Status
    Report sent
    
    Description
    A problem caused this program to stop interacting with Windows.
    Faulting Application Path:    C:\Program Files\VoodooShield\VoodooShield.exe
    
    Problem signature
    Problem Event Name:    AppHangB1
    Application Name:    VoodooShield.exe
    Application Version:    3.10.108.0
    Application Timestamp:    57607c3b
    Hang Signature:    56c6
    Hang Type:    67247360
    OS Version:    10.0.10586.2.0.0.768.101
    Locale ID:    3081
    Additional Hang Signature 1:    56c6af5592dced40b96badb516e31c68
    Additional Hang Signature 2:    f836
    Additional Hang Signature 3:    f8365eaf24e0412af7ddec7f1c1dcb4e
    Additional Hang Signature 4:    56c6
    Additional Hang Signature 5:    56c6af5592dced40b96badb516e31c68
    Additional Hang Signature 6:    f836
    Additional Hang Signature 7:    f8365eaf24e0412af7ddec7f1c1dcb4e
    
    Extra information about the problem
    Bucket ID:    0b1748ab057f300a66285e8cf3724904 (50)
    
     
  14. BlackHawk1

    BlackHawk1 Registered Member

    Joined:
    Jul 22, 2004
    Posts:
    33
  15. dbrisendine

    dbrisendine Registered Member

    Joined:
    Jul 15, 2006
    Posts:
    51
    Location:
    BC, Canada
    Quick note: install to v3.28 went smoothly with a proper "Upgrade / shut down" dialog message. Still no freezes here but always checking for them.
     
  16. The alarming thing is that BCDEdit = Boot Command Data Editor

    The assuring thing is that your PC seemed to behave normally before

    This forum does not help with malware, so you need to go over to for instance MalwareTips.

    Here are some quick tips/checks.

    You could start a DOS Command Prompt with Admin priveledges

    Type BCDEDIT /enum

    When you see things like path = C:\Windows\sytem32\winload.exe and Partition=C, systemroot =\Windows and stuff like NX is Always On or Opt Out, Recovery enabled =Yes, Nointegritychecks=No and Testsigning=No all is probably well.

    You could do a "Repair Startup" (hold shift when restarting your system) when you are unsure.
     
  17. BlackHawk1

    BlackHawk1 Registered Member

    Joined:
    Jul 22, 2004
    Posts:
    33

    Say what? I don't have any malware loading though. Why do you think I have malware?

    In use are Avira antivirus, Malwarebytes Antimalware, Antiexploit, AntiRansomware, Zemana Antilogger, and now Voodooshield. GWX Control Panle loads also.
     
  18. When you are sure why ask whether you should worry?
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,057
    Location:
    Ontario, Canada
    Thanks Dan as always it's working great with WSA!

    Daniel :)
     
  20. BlackHawk1

    BlackHawk1 Registered Member

    Joined:
    Jul 22, 2004
    Posts:
    33
    Well let's see... I previously stated I just installed it. It's a brand new program to me and I wondered why I got the message I did. I think it's perfectly fine to inquire about it. Maybe it's a bug in the program? What better thread to ask in than one being addressed by the person who wrote it?
     
  21. OK fair enough, but do realize although VS is brand new to you, VS is in release 3 with many minor releases in between, so it would be very awkward after so many releases (slim chance) when VS had a bug in its core component.

    it is very worrying when BCDEdit starts to run, assuring thing is that everything seems to be normal. When you are sure, you are sure. Nothing to worry about.
     
    Last edited by a moderator: Jun 17, 2016
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    +1
     
  23. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Yeppers...just awesome with WSA! :thumb:
     
  24. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Cool, it turns out that it was just a permissions issue with the folder... I will fix it soon, thank you!
     
  25. VoodooShield

    VoodooShield Registered Member

    Joined:
    Dec 9, 2011
    Posts:
    5,881
    Location:
    United States
    Very cool, thank you for letting me know!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.