Hi Guys,

I waited for the final release of 'Returnil' for my 64-bit Vista box, and I'm pleased with 'Returnil's defense.

This AM after booting '"Returnil' immediately quarantined the following:

1. Tweakvi.exe, which contained "W32/Themida_Packed!ElDorado <note> Virus Total only listed a handful of AV companies which ID this threat. Perhaps Returnil should be added to AV totals list. Anyway my AV "AntiVir Personal" slept, while 'Returnil' nailed it.

2. Not sure about this one threat "1248573747.ini" this seems to be associated with my "HP Printer" I've printed fine with this file in quarantine. So I guess it OK to delete.

Excellent software 'Returnil', perhaphs when I'm more comfortable with 'Returnil', I can delete Avira

Thanks
Rico

Hi Rico,
That is a generic PUP (potentially unwanted program) detection and we are working to adjust this feature as soon as possible. We suggest the following work-around until this is adjusted:

1. Open the RVS interface
2. Click preferences > Virus Guard Tab
3. Change the Real-Time Advanced malware analysis mode option to "Do not use advanced rules analysis"

This should stop the detection on Tweakvi.exe. If it does not, please let me know and will flag this to the development and research teams.

Thanks
Mike

Hi Coldmoon,

Got this, with these settings see pic's:

Hi Rico,
Please update to the latest build as this should now be corrected:

http://www.wilderssecurity.com/showthread.php?t=255480

Mike

Hi I get this with this ver. Still! & switched back virus guard protection to recommended.

Thanks
Rico

Hi Rico,
Can you send us a copy of the file for analysis? If yes, send it to support (dash) tech (at) returnil (dot) com

Thanks
Mike