Hello,
I was infected 2 times by a virus/ malware/rootkit which installs this "hidr.exe" process on c/windows/system32 this infection REMOVES and BLOCK the action of ANY antispy/antivirus program.
This agent also makes the computer unable to boot in safemode
I think SD can found this but when i try to remove it ,the comp freezes and so after the reboot if i click on sd icon ,windows inform the program is not installed but i can see the program folder in c/windows/program files
Fortunately i found a specific removal tool which removes this
Tf can find it too but only can quarantine it
No way to make sd+av remove this?
Thanks

Hello,
I was infected 2 times by a virus/ malware/rootkit which installs this "hidr.exe" process on c/windows/system32 this infection REMOVES and BLOCK the action of ANY antispy/antivirus program.
This agent also makes the computer unable to boot in safemode
I think SD can found this but when i try to remove it ,the comp freezes and so after the reboot if i click on sd icon ,windows inform the program is not installed but i can see the program folder in c/windows/program files
Fortunately i found a specific removal tool which removes this
Tf can find it too but only can quarantine it
No way to make sd+av remove this?
Thanks

Hey Vecchio,

Could you please run the MD tool and also send a zipped up copy of hidr.exe and send it to my email and we'll look into this.

Hey Vecchio,

Could you please run the MD tool and also send a zipped up copy of hidr.exe and send it to my email and we'll look into this.
Anthony
Fortunately i am unable to do it as i dont have this infection on my comp anymore
Also please note i only can see the process name and location but i cant locate it in order to sent to you a copy
I am asking if would be possible implement a way in SD to cath it in order to avoid new infection
Please i would like develop team can read about "hidr.exe" if possible
Please note again i can assure you i dont have this infection anymore
Thanks

hidr.exe is a Trojan W32.Beagle.DZ. hidr.exe tries to terminate antiviral programs installed on a user computer.
Is sd/pctis/sd+av already able to detect and clean it?
I was infected 3 times with it on past And pct products were unable to detect it
So sd already can detected /block it?(Avast can do it:) )
thanks

I was infected 3 times with it on past..thanks

Hi vecchio,
3 times.., so you know where to find it :)
Could you, please, write me in PM where to find that "nice" sample.
I want to check my security set on my machine with it.
I especially set up rules in Defence+ ( Comodo firewall) to protect my real-time running security programs from termination, etc. So, I am curious it is efficient or not.
Also, I added Mamutu to my security set for real-time protection.
So, I will check my protection :)

Thank you

Fortunately,i dont know were to specifically find it
I was infected by this thing on past and this comes through emule as compressed files
If you are able to test it it would be great
maybe in the internet you can find this :)

maybe in the internet you can find this :)

vecchio :)
Do you offer me to visit a few porno sites? LOL
No offence :) just kidding.

Ok, I will try to catch something through emule, might be I will be lucky.
Really want to check how Defence+ protects security programs from termination (by the way Mamutu has this function as well), also I made rules to protect security programs files from deleting or changing in Program Files and Program Data (as nasties can change or delete).
I tried terminate manually security programs in Task Manager and Security Process Explorer (Glarysoft), but D+ did not allow to do it.
But the best checking is the real nasty.

Ok thanks to you
Please note ,i am not a expert on this but it seems to be a rootkit
with rootkit files option enabled SD can detect it but in the moment of removal ,the comp freeze and reboot,and after this you stay unable to run ANY security apps
So,my question continues
Is sd already able to detected it?(again,the app were unable to detected it on past)
Thanks

but it seems to be a rootkitt..
Is sd already able to detected it?(again,the app were unable to detected it on past)
Thanks
Gmer is good for rootkits. Good test results with discover and deleting rootkits, no installation (although no one program is perfect). Good to have it in your arsenal for emergency case.
Cannot say anything about SD without testing with real sample.
This question for PC Tools team.

Gmer is good for rootkits. Good test results with discover and deleting rootkits, no installation (although no one program is perfect). Good to have it in your arsenal for emergency case.
Cannot say anything about SD without testing with real sample.
This question for PC Tools team.
Yes it is
It would be great (as i said before) if you tested it
But this is a directly question to pctools

Hi
I would advise highly against trying to infect yourself with Beagle/Bagle. It's one of the nastiest infections out there.
I would only even think about doing it if I had a secure virtual system that could be wiped quickly and utterly. DO NOT PUT THIS ON YOUR MAIN SYSTEM unless you don't mind formatting.

Hi
I would advise highly against trying to infect yourself with Beagle/Bagle. It's one of the nastiest infections out there.
I would only even think about doing it if I had a secure virtual system that could be wiped quickly and utterly. DO NOT PUT THIS ON YOUR MAIN SYSTEM unless you don't mind formatting.
Thank you ,mjq424.
Of course, I have virtual machine and full Norton Ghost backups of pc for emergency.
So it would not be a problem.
Real checking of security is only possible with real threats.

Hi
I would advise highly against trying to infect yourself with Beagle/Bagle. It's one of the nastiest infections out there.
I would only even think about doing it if I had a secure virtual system that could be wiped quickly and utterly. DO NOT PUT THIS ON YOUR MAIN SYSTEM unless you don't mind formatting.
Matt
Please note i am not asking for anybody put this thing on the system
Greyhound Makes me think he is able to test some security apps against this
So i only said maybe he can find this on net
I am never asked (and never will ask ) to anybody to put this in the system as i know the only way to get rid of this is formatting the machine(unfortunatelly)
My question is to pct (if sd already can detect it as previous versions of sd were unable to detected it)
Thanks
Your friend
vecchio

There are many variants of bagle and beagle type infections. SD and SD+AV can remove many of these types of infections. New variants are created on a regular basis and we are always creating new signatures to combat these type of infections.
If you come across any infections that SD, or SD+AV cannot remove, we will need a sample in order to create new signatures to remove any new variants.
You can also run the Malware Detective tool :)

There are many variants of bagle and beagle type infections. SD and SD+AV can remove many of these types of infections. New variants are created on a regular basis and we are always creating new signatures to combat these type of infections.
If you come across any infections that SD, or SD+AV cannot remove, we will need a sample in order to create new signatures to remove any new variants.
You can also run the Malware Detective tool :)
Maybe once infected again, i will be able to send to you THE FILE which start the problem
But please note,As i said before,its IMPOSSIBLE to me find the "hidr.exe" process which this thing installs.I can see the name of process and the folder but I am unable to locate this and send a copy
Also,This thing BLOCKS ANY SECURITY APPLICATION TO LAUCH so, i will be unable to run MD
unfortunatelly once infected , it seems i have to formatt the machine again