VoodooShield discussion

Status
Not open for further replies.

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
The main thing I noticed in my case, is that the shield diseappear, and go top left, instead that down right.
I saw this too. I have no clue what happened.

Regarding the token in the temp folder... with VS running I moved the token to ProgramData. I then opened the VS GUI and "Confirm Registration" and ... the token file was recreated in the temp folder.

Next, I deleted the token from ProgramData and then "Confirm Registration" ... no new token was created in ProgramData.

Maybe this is a 64-bit OS issue... IDK.

Edit1: Back after a reboot. No registration window required, even without a token in ProgramData. Methinks the ProgramData token has no real use on my system (it was not recreated on reboot). Only the temp folder token is necessary.

BTW, after rebooting the shield appeared in the upper left corner.
 
Last edited:

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
The shield positioning, is releated to the registration, and the db files inside ProgramData, I managed to fix it. Hope in a better management in future. :)

The token position that matter is in temp.
 
Last edited:

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
@danb the VodooShield issue I mentioned you in msg with VPN, not present in beta 4.0.9 ;)

Seems ok with me, the 2 main bugs of the shield and the token are fixed for me.
 

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,616
Try this @VecchioScarpone
XpVgaoG.png

perhaps obvious to others, but comparing
C:\ProgramData\VoodooShield\voodooshield-token.json
to
C:\Users\nnn\AppData\Local\Temp\voodooshield-token.json

the token files are NOT identical although they both have the same size, 115 on my win7. I'm guessing that my token should be unique to me and my pw, but then shouldn't both these tokens be identical unless time-sensitive stamp on them?? Just guessing and thinking out loud :confused:
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
If someone has a shield issue, it means the Token was involved. I not have any issue too.

I'm interested now in new features of the v4, like the moving dot inside the VodooShield Icon, that sometime is showed, what's the meaning?
 

dg17

Level 1
Aug 20, 2017
9
Hi David, I see lowdetection has already replied (thank you lowdetection), but I was curious about a few things. I agree that file insight is absolutely vital to the end user, and for executable blocks, VS should provide plenty of file insight. For command line blocks, there is a lot less file insight that VS is able to provide.

So I am curious what is being blocked that is not providing proper file insight? Thank you!


Very cool, thank you!


Thank you for letting me know! I will test with some file cleaning utilities and see what happens. There very well could be a couple of things that are causing the same issue.

Thanks Dan & Lowdetection.

I see what you mean but all that is very technical for the average user. What I thought would be more helpful would be the properties of the file such as the enclosure. Whilst not giving the same level of info it would give the user some idea of where the file came from and could make a judgement of to use it or not. VS is not going to be able to know every file so that giving this info may assist the user.

Hope you understand what I am getting at.
I seem to remember that some program maybe Online Armor or Emisoft gave a hot link to the program in the popup - can't remember the details now.
Regards

David

upload_2017-11-4_12-12-46.png

upload_2017-11-4_12-9-40.png
 
  • Like
Reactions: lowdetection

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
I don't know dg17, usually I do this way:
If VodooShield alert me of something I don't know, I look for more information from VodooShield, if I have still doubts I put the file inside PEStudio, if I think is something more I send it to a Sandbox service like Cuckoo Sandbox or VxStream through hybrid-analysis.

This how I do :p
 
  • Like
Reactions: simmerskool

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
d9gslLv.png

JLRijeV.png


Then I move here:

zvudllw.png


I think what can be added is the direct link to VirusTotal, but the other things of PEStudio are excess of Info, need to remember is mean for general audience I think. I don't know.
 
Last edited:
  • Like
Reactions: milas

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
Just to report, but it's ok and I understand, having some VodooShield.exe has stopped on startup on 5400 rpm hard-disk, if I have a certain degree of defragmentation, was happening also with late 3.59b3 if I remember right.

Not happening on a SSD.
 
Last edited:

milas

Level 2
Verified
Mar 1, 2016
50
@danb,
I'd like to jump in and say that I had to re-register VS at least 3 times after restarting my system yesterday. I did use CCleaner twice yesterday. So I am not sure if that's why I had to re-register. I have VS listed in %Temp% and ProgramData. I also had a 2 year license if that means anything. Running VS on a 64bit system.

My other issue is when starting up my system each morning I get VS saying the "disnhost.exe. does not exist" and will block on 20sec. I am not sure what that is all about?
Blocked.PNG
 
  • Like
Reactions: simmerskool

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
@milas for the token try to set exclusion like my screenshot in CCleaner

For dismhost.exe, try to reset whitelist, was common also in 3.5.9, did you do upgrade over previous? I will try clean reinstall.

What I see from your screenshot is the path for dismhost.exe inside \temp always changing \temp\random

If I remember right there were new rules in v4 to avoid this, but not sure.
 
Last edited:
  • Like
Reactions: milas

milas

Level 2
Verified
Mar 1, 2016
50
@milas for the token try to set exclusion like my screenshot in CCleaner

For dismhost.exe, try to reset whitelist, was common also in 3.5.9, did you do upgrade over previous? I will try clean reinstall.

Thank you, I appreciate the help..

I already did a clean install of 4.0.9b 2 days ago. I'll try the reset as you mentioned and set exclusion in CCleaner. :)
 
Last edited:

milas

Level 2
Verified
Mar 1, 2016
50
Before you reinstall, delete any remnants of VS under ProgramData.

I will do that the next time I have to reinstall. So far VS isn't giving me an issue. Thanks!:)

I'll restart my system and see if I have the same issues just to be sure.

EDITED: Restarted my system after resetting the VS Whitelist all seems ok right now!
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top