i wan to know what mean the “absent” verdicct fls sometimes give
I wish I wish with all my heart. . . . .
That somewhere on the CCE GUI and Killswitch GUI there was an indicator informing us if DACS is up and working.
Also, I know one wish per post but a Web page as well we could visit giving us the status of DACS as well would be alright. Like which current AV’s are being supported, if they are on or off, and maybe even server load?
I find the idea good. It can be good to know if the servers of DACS is overloaded.
Take care all! 
Regards,
Valentin N
dacs dont use servers
remember its a p2p client
to implement something like this it should be like
see how much “antivirus A” contributors are online and so on
I get the idea of the difference and I am still interested in finding out about what is online, how much of a given av product is represented on that p2p, and how congested some of the p2p connections might be (say one group of av users have slower bandwidth than the rest of the norm, we would expect given the same amount of traffic on the network they would be backed up in comparison to the other users).
CCE should be able to identify and fix proxy changes and DNS changes, and other things that will stop you from being able to access the internet.
i was cleannig a highly infected conputer with Killswitch
but i crash with a wall
thats the situation
a malware is automatically created and executed even after deletion, so i block the file with D+ then im able to identify the source of the infection by seeying the D+ log (i think the filename was like wsbsca.exe and had a not32 icon)
once the malware was blocked i saw the source attenting to access him was a hidden rougue called PCHEALTH (c:\windows\pchealth\msconfig.exe)
Have you noticed that curious name?
yes… when is clic start>run>msconfig instead of the windows msconfig the one opened is the rogue!!
its a perfectly functional msconfig window!! i only noticed its a fake because of the directory
now the wors part is… Killswitch recognice the rougue as safe
i was not hable to report it because Killswitch have no interface to do so
the file folder is blocked in a way i cannot access it in no way (at least inside that windows OS )
i only was hable to block the fake msconfig throught D+
now when i open msconfig i get several error messages but at the end the original msconfig is opened
i will report it when i get time go work slowly in that machine on a live os because its a office pc, i will try to get rip of it in sunday
ah? this is the wish topic? then the wish is to be able to report files in memory as malware\safe
and be able to block files permanently like i do with CIS D+
OFF TOPIC!
PCHealth is a worm (W32.Cone worm).
Regards,
Valentin N
This cannot be a virus worm if the file is originally located in C:\WINDOWS\pchealth\helpctr\binaries
IF the file is located in c:\windows\pchealth is a virus worm.
+10000 :-TU
We really need to have sha1 of file or file to verify.
Thanks
-umesh
at the moment it was not possible for me to get the sample, that pc is free on sundays, then i will get the files and report it
I wish that DACS results, where virus is detected will be marked on red, like malicious processes in KillSwitch.
You know what i mean? When you open “Verdict” than you see smoething like that:
http://img412.imageshack.us/img412/850/04f7c4f20000aae8.jpg
Thank u flash Paweł:P
Thanks for correcting me
Regards,
Valentin N
Good idea.
Hide safe objects in Modules tab in Properties.
i’m really enjoying the KillSwitch process viewer, and the analyzing scan to check processes. Is there any plan in making that a stand-alone product, I tried just copying the files for KillSwitch but then i broke the analyzer, I think it was using the update from the CCE or something but I really like it over windows task manager
As i’ve written in other thread, the ability for KillSwitch to remove all the startup entries for terminated file.
I wonder how you would actually make a bootable CD version. Are you going to license WinPE for this, or are you going to write your own OS from scratch? Or make a GNU/Linux-based version?
Linux based is the way we are going…