Does anyone have any information on the following. If I've posted this in the wrong sections, pls excuse me as my brain is fried from researching this problem.
Harley Octave Vicky
I went online with my laptop tonight and a message from IE said I couldn't connect because of my proxy information was incorrect.
I went into the settings on IE and firefox and found the settings changed to use a proxy 127.0.01 port 62020, so I unchecked it. Then I was able
to get online. I found it strange both had been changed. So I checked MSCONFIG and found "conhost.exe". So I used Process Explorer and found some
very interesting things.
Wasps Lure is the copyright owner.
Conhost. exe original name is Guam.exe
Description of conhost.exe is Harley Octave Vicky
Company is called Wait Urine. And the word Vogue is thrown in there too.
I immediately turned off my router and tried using every available tool to find this file and did indeed. Unfortunately McAfee didn't catch this, after 2 scans still didn't find this.
That's 2 times since I"ve had this Security software it's permitted something to get through. I understand things like this happen. I believe this is possibly a new varient of
conhost.exe because I am simpley unable to find any information relating to the above group of words online. I hesitate to go back online with the laptop that is infected because I use
this computer for banking, school, etc. Oh yes and I believe it set itself up as an "unknown user" with special permissions.
Should this be a new variant, would McAfee be willing to connect to my laptop to investigate, gather as much info needed to combat this version? and rid my laptop of it? I'm just really not interested in
dealing with another situation ( virus or trojen ) on this scale.
Moved to Makware Discussion > Home User Assistance.
Unfortunately no antivirus will stop everything, you have to be so careful these days, keep Windows up to date and keep some extra tools around handy just in case, some are suggesated HERE.
Can you access the internet in Safe Mode with Networking, reached by tapping F8 repeatedly while booting up and then selecting #2 on the ensuing menu?
If so, download, install, update (important) and run the FREE version of THIS software. Note if you can't reach the internet in either mode then using a computer that works, download the installer to a USB flash drive and then you should be able to install it in that mode.
If that fails to work then try the flash drive approach and go the Hijackthis route as described in that forst link I gave.
You can certainly have McAfee take a look but they charge for professional virus removal. That is not cheap and it is HERE.Message was edited by: Ex_Brit on 11/07/11 7:24:14 EDT AM
I forgot to add the first thing you could try is to use System Restore to go back to before all this happened. Then make sure to update McAfee and Windows right afterwards.
If necessary System Restore can be initiated from any of the Safe Modes.
This has also been reported by users in a thread in the Help section (https://community.mcafee.com/message/197387#197387) - you might want to keep an eye on it for developments.
I suggested there that the file be uploaded to VirusTotal to be checked by an array of anti-virus scanners.Message was edited by: Hayton on 11/07/11 22:21:09 IST
Hi, TY both Moderator's : for replying
I know I'll either need to do a system restore or new install. I'll try your suggestion with the THIS software. I've had my daughter put all of her pics on an external HD. Using the program Process Explorer and FileAlyzer, you are able to look into the trojan files. I found where all top brand Anti Virus are listed, inclusing McAfee, disabling them so the trojan can load. I'm taking computer programming and I wish I had time to decipher this so I could learn from it. I know you're correct, no anti virus can catch everything simple because of all of the variations. Sorry about posting in the wrong place. I've tried to investigate on my own as to how my daughter rec'd. this. I was able to pin point the day and time and it's when she was online. She said she was on Facebook, playing Farmville/Cityville, something like that when the internet shut down. I found out when I arrived home, tried to get online and found the proxy was changed. After unselecting the checked proxy, I was able to get online, but I immediately checked MSCONFIG and found con.host. Knowing this was foreign, I began to further investigate. I knew immediately when I saw "McAfee, etc" listed, it was bad news. I shall upload the con.host file to "Virus Total", but I think there could be another file associated with it. From what I gather, it all relates to csrss and dwn.exe.
Thank you for the helpful information
Hi again, this is really weird. I've put the trojan on the USB, moved the USB over to the uninfected desktop and low and behold, McAfee zapped it right away off of the USB?!? Go figure lol. I reloaded the trojan back onto the USB from the laptop, got back online with the laptop (only after disabling conhost.exe) and finally uploaded it to Virus Total.
I wanted to send it to McAfee but after my 1 hour attempt of trying to get it to Virus Total, I'm in the middle of a system restore.