Skip navigation.

New Wave of Surveillance Software - VM Takeover

I have encountered a surveillance program on my network computers. Once infected, the computers have been found to be operating inside a VM, with very limited ability to see the outside machine. There are clues which indicate the existence of the outer Machine.

I have gotten by much of the restrictions of being stuck in a VM. I am looking for the escape route. This is a targeted attack, affecting myself and all of my computers. Additionally, the program goes after anyone who directly assists me. Please do not dismiss this as paranoia, it is not.

Currently reinfection is enabled by PXe programs which are protected by BIOS Memory Manager, subversion of the Certificates on my systems, and the Group Security Policies. I have confirmed this behavior on multiple machines, different brands, and both Windows Xp and Vista.

The program has the additional benefit of NOT BEING DETECTED BY ANTI_VIRUS programs, because it is pretending to be a 'net nanny' type monitoring program. As such they get a pass from all of the majors. (A possible exception is Sunbelt Software products which they deal with differently.) Each of the AVAS type programs is disabled by the intruding software and rendered meaningless, BUT appears to continue to run. I'd love to know why the major's configuration program files are not encrypted, the plain english editing allows the disabling of the program to be accomplished easily. Often with ONE CHARACTER.

I have plenty more information, which I wil gladly share. Communications are difficult as there is a great effort to keep this information from being shared. I will attempt to document as much as I can, but would sincerely appreciate a 'red pill' to get me out of the situation.

- Terance

surveillance software

I am having the same problem. I also actually found a license for the software and confirmed the program on their website. I have requested by e-mail to be furnished an uninstall program to remove it. (I know, pretty funny). Waiting to see what happens today, since I sent it last night.
I am not any sort of pro, nor think I understand a whole lot of this crap, but I invite any questions, etc.
anyone may have

Could you be more specific...

Could you provide the link to the software? Do you have more specific about how the software works? Does it have be installed on VM or on VM Host? Does it work on VM and "see" the Host? What does it see?


I don't get it. Do you mean

I don't get it. Do you mean the virus encapsulates your operating system into its own VM? That would explain why antivirus can't detect it.

Yes. It happens in stages,

Yes. It happens in stages, but the end result is what you see as your 'windows desktop' is running as a VM inside the computer on your desk... the computer on your desk is under full remote control from 'somewhere'. There is no way to stop the flow of data outward. And the clues are all subtle anomalies which primarily arise because of a hardware issue which is something they cannot control remotely.