Hi, perhaps someone could have a look at this.
With a specific Live Security Platinum infection (I can provide the sample if need be), on a Windows 7 Professional 64 bit (non-sp1), I am unable to start CCE or Killswitch in Aggressive mode.
As a side note: not even Hitman Pro can be started whilst the infection is active and running.
Thanks
Unfortunately Aggressive mode is not able to bypass malware which modifies registry classes associated with .exe files execution. This is what this fake AV seems to do. You can change killswitch.exe to iexplore.exe(or winlogon.exe or any other system file) and the run. Open QuickRepair and post a screenshot. You will see probably that “Exe file” is highlighted and able to fix. Can you test this?
Renaming to anything did not work.
Ended up adding the key to temporarily bypass the infection.
Here is the screenshot as per request.
I can provide the sample if you want.
Did you keep holding shift even while the UAC prompt came up, and after?
Holding shift key to answer UAC popup will not work, at least for me…
I have also attempted to run CCE on aggressive mode in a non-infected system and if I release shift key to answer UAC popup, I still get it running in Aggressive mode.
Hope this helps.
Also, my NIS2012 video I was able to run easily in Aggressive mode, despite being infected by Live Security Platinum and another Fake AV.
The Live security sample on that video was not the one I have provided (since I no longer remember where I got that sample from).
Thanks
