Anyone used this http://download.cnet.com/VirtualProtect/3000-8022_4-10902410.html

Seems a chines application, so maybe some chines reading members could help out

Thanks in advance

-{ Quote: "Anyone used this http://download.cnet.com/VirtualProtect/3000-8022_4-10902410.html

Seems a chines application, so maybe some chines reading members could help out

Thanks in advance" }-is this tool new?

No posted on download.com in 2008

ah i see i check this one we never know maybe something good come out of it;D and maybe for free:thumb: is it free?thanks kees

VirtualProtect (http://msdn.microsoft.com/en-us/library/aa366898(VS.85).aspx) :) Not really good position from the point of view of naming.

it doesnt look complete;D

Tried to DL it, no go.

Quite frankly, if it was da bom i think we would have heard more about it by now. I'm guessing it's unfinished, so probably not wise to rely on it.

-{ Quote: "VirtualProtect (http://msdn.microsoft.com/en-us/library/aa366898(VS.85).aspx) :) Not really good position from the point of view of naming." }-


:thumb: virtual protection as in not real protection :argh:

Actually, Virtual Protect is VERY similar to Returnil or those in that category. And it's very light as well (between 250-415 Kbytes). From what I can tell so far it has one process running (btrsmtsv.exe) in Task Manager. You have to reboot when you engage or disengage it. I'm going to do a few things with here shortly like install an application or two and see if they're gone on a reboot.

Later...

Trespasser

Looking forward to that. If you have imaging etc, would you like some Malware to test it with ? let me know and i'll send you some, offsite of course !

Trespasser,

I'll endorse that, thanks in advance.

Regards

Kees

-{ Quote: "Trespasser

Looking forward to that. If you have imaging etc, would you like some Malware to test it with ? let me know and i'll send you some, offsite of course !" }-

Thanks for the offer StevieO but I'm too much of a weenie to try anything like that. I'll leave that to the more adventurous souls...like you, or Kees, or Rmus for sure.

It erased the few applications I installed while it was activated. So far so good. BTW, under the Tools heading there's a password listing...whatever you do don't click on it unless you intend to enter a password. I clicked on it just to have a look at it but from that point on whenever I tried to access the GUI it requested a password even though I hadn't entered one. Had to uninstall then reinstall it just to get back to square one.

Later...

Thanks for trying anyway, appreciate that :thumb:

How did it feel performance wise, any delay starting up browsers, booting?

-{ Quote: "Thanks for trying anyway, appreciate that :thumb:

How did it feel performance wise, any delay starting up browsers, booting?" }-

Not that I could tell. Seems to run quite smooth.

Later...

There's a v2.0 on http://vprotect.meibu.com/ that was released late last month.

-{ Quote: "There's a v2.0 on http://vprotect.meibu.com/ that was released late last month." }-

This version (if it is VirtualProtect) had two hits at VirusTotal by both McAfee and AntiVir as a TR/Dropper.Gen. The 1.62 version showed up as clean.

I sent the creator an email yesterday evening asking if there's a more recent version available. Think I'll wait until I hear from him/her.

Later....

I'm chatting with the developer on QQ. He states that there's no viruses in his program. So, its a false positive. Also, an English version should be out soon.

I'm sure that's the case...but to be on the safe side I sent vp20n9.rar off to Avira to be analyzed as a possible false-positive. :).

Actually I tried vp20n9 today before I re-imaged. It appears a bit more complex than version 1.62 but I couldn't make heads or tails of it since the text is in Chinese.

BTW, I have two hard drives in my computer...VirtualProtect 1.62 offers to virtualize both or either one.

Later...

Here's the results from Avira concerning VirtualProtect's latest (vp20n9.rar)...

************************
We received the following archive files:
File ID Filename Size (Byte) Result
25394117 vp20n9.rar 179.71 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
25394118 vp20n9.exe 540 KB FALSE POSITIVE


Please find a detailed report concerning each individual sample below:
Filename Result
vp20n9.exe FALSE POSITIVE

The file 'vp20n9.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.
**********************************

So I guess it's safe to use.

Later.....

Anyone know Chinese and English? If so, then you could use Resource Hacker (http://www.angusj.com/resourcehacker/) to translate the text inside its exe.

I've gotten a developer that's Chinese and knows English to translate it. After he did that, I went and fixed it up a bit. You can get it at http://www.mediafire.com/download.php?gkmoyjmgnwy.

Thanks a lot :thumb:

It says demo, is it a demo or a full functioning application?

regards Kees

I noticed on the version offered by Zero3K there's a section to register this copy by adding a serial number. That would suggest VirtualProtect will eventually become a paid version. Too bad.

I do have to admit though that Ram usage is very low. After running for a while btrsmtsv.exe settles down to around 215 Kilobytes on my system. About a third that of Returnil. But I still prefer Returnil.

Later...

Kees1958: I think its a fully functioning application.

Trespasser: I think that's if you were to use it in a business setting.

I'll ask the developer those two questions both of you gave me when he comes online ( he's on QQ with the user ID of 10408138 ).

Trespasser: Why do you still prefer Returnil?

-{ Quote: "Trespasser: Why do you still prefer Returnil?" }-

Returnil has worked perfectly for me for a long time. No show stopper bugs like the Password thing I experienced shortly after first trying VirtualProtect. I've also encountered another "bug" or problem with VirtualProtect...that being data corruption. I downloaded a bunch of zip files from RapidShare but when I unzipped them the resulting ISO was corrupt (the MD5 didn't match). Exit VirtualProtect's shadow mode, unzip the files once again, and the MD5 did match. That's a show stopper at least for me. VirtualProtect needs to mature for a while.

I think that problem was fixed in the English version I linked to. Unless that's what you were using.

-{ Quote: "I think that problem was fixed in the English version I linked to. Unless that's what you were using." }-

That's the one I was using. Thanks for your interest and input, Zero3K.

Later...

I searched this program with Baidu (chinese search engine) but couldn't find a clue at all. I also searched in a chinese security forum,not even a post mentioned it.

So,zero,what's the chinese name of the program?

Its chinese name is 虚拟保护.

-{ Quote: "Its chinese name is 虚拟保护." }-

:argh:

Did you use the google translator?

:argh:

It is like an AV program names itselft "AntiVirus".

1. A serial number can be inputted because the cache function has a time limit.

2. Its called a demo because it will stop working after a while.

The English version is now available. You can get it at http://www.vpcache.com/english/englishdn.html.

Also, the developer now has a WLM account. Its oldplace2008@sohu.com.