CIS was unable to stop a virus attack.

my CIS is 7.0.317799.4142 and i am running win7 64bit. my CIS was on and says secure .i tried some new programs like “bosskey” from Soft-BossKey .just after running this program ,CIS asked and i choose the option run isolated .then nothing happened afterwords ,boss key doesn’t run .
i tried opening task manager but it says like"you don’t have permissions ".i scanned with cis but it showed nothing.i opened killswitch to kill the process but it didn’t showed bosskey running.i hard rebooted the PC after logon ,none of the programs including task manager worked .it says "either you don’t have permissions or shortcut is moved ".CIS also showed error that defense+ is not working properly and repairing also failed.i tried so many times but it always failed.
i opened it safe mode and was able open task manager and other programs but CIS showed the same error.CTFMON.exe just popping up every times even when i kill it.i scanned the PC with bootable virus scanner ,it showed nothing.after that i opened the PC normally ,now task manager and other are working .i reinstalled CIS (updated) after so much of trying since it was not uninstalling.
i scanned with other scanners ,nothing found.then why PC is acting weird.
1.shutdown/logoff/restart don’t work - nothing happens
2.i have 2 user accounts but only one account of the two is showing with an option of “other user” on welcome screen.
i still think virus is not gone completely.please help.

It is possible you ran Explore.exe as isolated not boss key.

Please check in safe mode what settings you have for explorer.exe in Security Settings/ Defense+/Hips/Hips rules.


i don’t understand that i ran explorer.exe .window explorer was already running.when i double clicked bosskey CIS asked and i choose isolated.
BTW in hips rule there is
1.%windir%\explorer.exe - window system application
2.c:\windows\syswow64\explorer.exe - custom rule set

The reason I suggest this it has happen in the past, but as it is not marked as a Isolated application but a custom application this cannot be the case this time.

I have posted a screenshot of the alert with explorer.exe on the left if you had chosen Treat as a isolated application with remember my answer ticked this would cause the symptoms you have.


[attachment deleted by admin]

but at that time i got the option like “run unlimited - isolate - block” .so ,i think i have choose run that program in isolated enviroment. if CIS was blocking only explorer then why there are changes in my PC that i haven’t done .
my PC can shutdown now the only problem left is i am getting "other user " ,and my other user account is hidden .i haven’t done it and i haven’t seen this before. how do i remove this option and get back my both user accounts on login screen.

I presume you have no other options like a image?

If you did not tick remember my answer there will be no rule for it.

If possible can you check your CIS logs around that time to see what you actually run as isolated.


i have uninstalled that CIS when i have chosen that option since it showed defense+ is not working properly and can’t repaired it. these hips rule i gave for explorer are for current CIS when everything is running fine except those above stated two problems. and i have sorted out shutdown problems but i don’t get my other user account when i lock pc.

Sorry cannot help you there, will post in help topic /Mod board to see if anyone knows how to fix this.