VoodooShield discussion

Status
Not open for further replies.

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Is there are any instructions for how to make this command line with a wildcard? I do keep getting prompted for it every time I start the PC.
I had this issue with a Google's software_reporter. After I "allowed" it on several occasions, I sorted the Command Lines entries so I could find the related entries, and then simplified one of them with wildcards (*) replacing the unique characters with the wildcard. Then I deleted all the other entries from the Command Lines list, and the software reporter tool never raised its head again.

You can only do this with Command Lines entries. The Whitelist is uneditable (other than to delete), despite the fact that its header says "Whitelist Editor".

NOTE: Double click the Command Lines entry to edit it.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
And if the command line still stays the same after you edit it and okay it, that is probably because the parts you edited were already being ignored by the VS smart command line function. So it seems to me, from my experience.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Hi Dan, had 2 dimhost.exe blocks today. Can't whitelist them because of an error:
25-10-2017 8:19 User Blocked dismhost.exe c:\windows\temp\b003a49b-cea2-4f9c-a7aa-1fbb662c27e9\dismhost.exe B8037C46D0DB7A8CEE502407469B0EE3234D3365 c0fc152db24708d0be657d65232d6bd61a22bed4404ffe4337c82fd18bfc59dd c:\windows\temp\b003a49b-cea2-4f9c-a7aa-1fbb662c27e9\dismhost.exe {45723d39-80bc-4f6d-b7f7-5db39eca8b39} 143072 compattelrunner.exe c:\windows\system32\compattelrunner.exe
25-10-2017 8:20 User Blocked dismhost.exe c:\windows\temp\df458b65-11c3-453e-81f2-d85fcff0a3dd\dismhost.exe B8037C46D0DB7A8CEE502407469B0EE3234D3365 c0fc152db24708d0be657d65232d6bd61a22bed4404ffe4337c82fd18bfc59dd c:\windows\temp\df458b65-11c3-453e-81f2-d85fcff0a3dd\dismhost.exe {412624d5-f1e4-40d5-9487-826e313921dd} 143072 compattelrunner.exe c:\windows\system32\compattelrunner.exe
Error:
Zie het einde van dit bericht voor meer informatie over het aanroepen
van JIT-foutopsporing (Just In Time) in plaats van dit dialoogvenster.

************** Tekst van uitzondering **************
System.InvalidCastException: De conversie van tekenreeks naar type Integer is ongeldig. ---> System.FormatException: De indeling van de invoertekenreeks is onjuist.
bij Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat)
bij Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value)
--- Einde van intern uitzonderingsstackpad ---
bij Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value)
bij VoodooShield.Settings.﷐﷨(Object ﷐, EventArgs ﷑)
bij System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
bij System.Windows.Forms.ToolStripMenuItem.OnClick(EventArgs e)
bij System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
bij System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
bij System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
bij System.Windows.Forms.ToolStripDropDown.OnMouseUp(MouseEventArgs mea)
bij System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
bij System.Windows.Forms.Control.WndProc(Message& m)
bij System.Windows.Forms.ToolStrip.WndProc(Message& m)
bij System.Windows.Forms.ToolStripDropDown.WndProc(Message& m)
bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
bij System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
 
  • Like
Reactions: _CyberGhosT_

Nocturnalizer

Level 1
Verified
Oct 23, 2017
16
I had this issue with a Google's software_reporter. After I "allowed" it on several occasions, I sorted the Command Lines entries so I could find the related entries, and then simplified one of them with wildcards (*) replacing the unique characters with the wildcard. Then I deleted all the other entries from the Command Lines list, and the software reporter tool never raised its head again.

You can only do this with Command Lines entries. The Whitelist is uneditable (other than to delete), despite the fact that its header says "Whitelist Editor".

NOTE: Double click the Command Lines entry to edit it.

The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.
Does the temp directory have the same name every time? Because if you have the licensed version of VS, you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.
After you get that step taken care of, there may or may not be a command line that runs, which you can deal with accordingly.
 

Nocturnalizer

Level 1
Verified
Oct 23, 2017
16
Does the temp directory have the same name every time? Because if you have the licensed version of VS, you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.
After you get that step taken care of, there may or may not be a command line that runs, which you can deal with accordingly.

It seems to have the same directory but it generates a differently-named temp file each time, so even trying out the custom folders idea didn't work as it still prompted me to allow 'rubyw.exe' when I signed in and back out of Windows again. I've attached a picture pointing to the instances where that's happening.
 

Attachments

  • vsproblem.png
    vsproblem.png
    49.7 KB · Views: 322
  • Like
Reactions: shmu26

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
you can enable custom folders, and then you should leave everything at default settings except for that particular temp folder, which you untick. This will allow all processes to launch from that folder.
I would consider this only if the temp folder is under the PIA folder structure. If you did this with "C:\Users\<username>\AppData\Local\Temp" (for example) you might be opening the door to malware execution.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I would consider this only if the temp folder is under the PIA folder structure. If you did this with "C:\Users\<username>\AppData\Local\Temp" (for example) you might be opening the door to malware execution.
Right. It is totally foolish to whitelist AppData\Local\Temp. But IMHO a subfolder of it could be whitelisted, in case of need,
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It seems to have the same directory but it generates a differently-named temp file each time, so even trying out the custom folders idea didn't work as it still prompted me to allow 'rubyw.exe' when I signed in and back out of Windows again. I've attached a picture pointing to the instances where that's happening.
I think that only Dan can troubleshoot this one.
 
  • Like
Reactions: _CyberGhosT_

DotNet

Level 1
Verified
Sep 4, 2017
34
The particular file I'm having issues with doesn't actually appear in the command lines section of VS unfortunately, so I'm not able to edit it. The only thing I seem able to do is whitelist the file, but then every time I start the PC or sign in/out I'm getting a message stating that a process cannot be completed. It's just this one particular 'rubyw.exe' file coming from a temporary directory that is giving me the issue.
This is a known issue & PIA is not going to fix it. Users have tried a few work arounds with varying success. I have a year paid with PIA & switched to Mullvad.
The PIA application needs to be fixed! (Not solved)
Run rubyw.exe from Fixed Location with Personal Firewall
PIA from a fixed location in Windows - Page 3
 
Last edited:

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
  • Like
Reactions: _CyberGhosT_

Nocturnalizer

Level 1
Verified
Oct 23, 2017
16
This is a known issue & PIA is not going to fix it. Users have tried a few work arounds with varying success. I have a year paid with PIA & switched to Mullvad.
The PIA application needs to be fixed! (Not solved)
Run rubyw.exe from Fixed Location with Personal Firewall
PIA from a fixed location in Windows - Page 3

That's a shame, as I just bought a 2-year subscription to PIA... which might explain why it's always on sale, now that I think about it! I might look into AirVPN and cut my losses. It sounds like this isn't going to be an easy issue to fix since it's on PIA's side and I'd rather use VS than have issues with a VPN I don't use that often anyway.
 

faircot

Level 1
Mar 31, 2014
7
That's a shame, as I just bought a 2-year subscription to PIA... which might explain why it's always on sale, now that I think about it! I might look into AirVPN and cut my losses. It sounds like this isn't going to be an easy issue to fix since it's on PIA's side and I'd rather use VS than have issues with a VPN I don't use that often anyway.
Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!
 
  • Like
Reactions: Nocturnalizer

Nocturnalizer

Level 1
Verified
Oct 23, 2017
16
Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!

If it's safe then I might well do that, just so I'm not out of pocket on it. Should have done some more research before I bought the subscription really!
 

Nocturnalizer

Level 1
Verified
Oct 23, 2017
16
Well, if you want to stay with PIA your only option is to follow the procedure in the link I posted which forces rubyw to start from PIA's Program folder. I did this and ran PIA until my sub expired - and then changed my VPN service!

I checked out the page you linked me to in greater detail and it turns out that in the comments someone came up with a way of creating a desktop shortcut that gets past this issue, although you do have to recreate it every time a new version of PIA comes out. I was able to create that, pin it to my taskbar and remove PIA from starting up with Windows. That seems to have bypassed the issue completely now, which is great. I definitely won't be renewing once my subscription is up.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
As most of you guys know… I am a full time IT consultant, and I also perform pretty much every task that is required to keep VoodooShield up and running. We have experienced unprecedented growth the last few months, and I no longer able to keep up with everything. So I have been looking into a few different options, such as raising a little money and going full time with VS, and hire a few people full time as well.

Another option is to expand our marketing campaign a little more, and if all goes well, we will not have to raise any money and I will still be able to go full time with VS. There are other options as well that I am considering.

I see there are a few bugs that I still need to work out and several emails, posts and pms I need to respond to… but there are simply not enough hours in the day, but I am going to get to them asap, sorry for the delay.
 
P

plat1098

As most of you guys know… I am a full time IT consultant, and I also perform pretty much every task that is required to keep VoodooShield up and running. We have experienced unprecedented growth the last few months, and I no longer able to keep up with everything.

No! I for one did not know, only thinking VS was your full-time thing. OK! You have my support for what it's worth, you know that hopefully--my Tower of Babble-on status at times notwithstanding. :) Thank you for the updated info! :cool:
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top