New Wave of Surveillance Software - VM Takeover
I have encountered a surveillance program on my network computers. Once infected, the computers have been found to be operating inside a VM, with very limited ability to see the outside machine. There are clues which indicate the existence of the outer Machine.
I have gotten by much of the restrictions of being stuck in a VM. I am looking for the escape route. This is a targeted attack, affecting myself and all of my computers. Additionally, the program goes after anyone who directly assists me. Please do not dismiss this as paranoia, it is not.
Currently reinfection is enabled by PXe programs which are protected by BIOS Memory Manager, subversion of the Certificates on my systems, and the Group Security Policies. I have confirmed this behavior on multiple machines, different brands, and both Windows Xp and Vista.
The program has the additional benefit of NOT BEING DETECTED BY ANTI_VIRUS programs, because it is pretending to be a 'net nanny' type monitoring program. As such they get a pass from all of the majors. (A possible exception is Sunbelt Software products which they deal with differently.) Each of the AVAS type programs is disabled by the intruding software and rendered meaningless, BUT appears to continue to run. I'd love to know why the major's configuration program files are not encrypted, the plain english editing allows the disabling of the program to be accomplished easily. Often with ONE CHARACTER.
I have plenty more information, which I wil gladly share. Communications are difficult as there is a great effort to keep this information from being shared. I will attempt to document as much as I can, but would sincerely appreciate a 'red pill' to get me out of the situation.