Safe Returner

[sg09]

Quote:

Safe Returner is an awesomely impressive anti-malware tool which aids in the removal of Malware - Trojan Horses, Worms, Adware, Spyware - when standard anti-virus software either fails to detect them or fails to effectively eliminate them. Safe Returner's a relatively speedy malware remover, it works at a high speed with the full scan taking less than 5 minutes even with other high-resource programs running. It has a self-developed heuristic malware detection engine which displays the severity of the Spyware threat, used ranging from High Risk, Moderate Risk, and Low Risk.

Homepage
http://www.safereturner.com/index.html
Screenshots
http://www.safereturner.com/screenshot.htm
Softpedia review
http://www.softpedia.com/reviews/win...w-144403.shtml

Quote:

The Good

Safe Returner is a simple program with a simple mission: detect any malicious processes that take shelter in sensitive system areas. It is easy to configure and offers plenty of possibilities to check whether detected items are friends or foes.

It is easy to use and configure and scanning operations take very little to complete. Malware removal is done with a push of a button.

The Bad

When looking for details about a detected item on the security websites provided by the application, you are not taken directly to the information page on those websites but to Google search results.

False positives are likely to be reported because of the aggressive heuristics engine Safe Returner relies on. Expert mode shows valid processes and malware together, no segregation being involved; also, all items in this section have a threat score. The $29.95 price does not make the application more appealing either.

The Truth

The program is still at the beginning and it shows. At this stage of development, it is not firm enough in declaring which detected item is a threat to the system and which is actually a valid one, leaving this decision to the user. Sunny side up, an average user should be able to recognize the files that are clean and entitled to run unhindered on the system.

Although aggressive and inclined to false positives, the heuristic engine driving Safe Returner is powerful enough to root out malware. The app is designed as an additional layer of protection for your computer and to intervene where conventional antivirus products couldn’t.

[CiX]

Safe Returner detect Torchsoft's product as a threat ... See screenshot #4

[sg09]

Quote:

Originally Posted by CiX

Safe Returner detect Torchsoft's product as a threat ... See screenshot #4

lol they are digging themselves in...

[jmonge]

lol poor xioalin

[J_L]

...Looks pretty shady, especially since LinkExtend Safety (Web of Trust, McAfee SiteAdvisor, Web Security Guard, Browser Defender, Norton Safe Web, Compete, Google Safe Browsing) rates it as unknown.

Here's what Google Safe Browsing says: http://www.google.com/safebrowsing/d...fereturner.com

~ Virus Total Results Removed per Policy ~ for downloaded file from website.

Personally, I'm not installing that (at least on my real machine).

[jmonge]

J L it looks very risky thanks for the value info man

[CloneRanger]

Agreed it does have the look of a rogue.

The way it's marketed as something different etc, could be just a ploy to evade detection for a while ?

Strange it's a .COM file ?



Then



Then



Also got a PEG alert

I didn't install it

VT results not totally conclusive yet to me ? But caution yes. Might be the .COM etc stuff ?

Lots of download www's are hosting it though if you do a quick search, including.

http://www.downloadpipe.com/Windows/...r-1320365.html

Safe Returner Publisher: JonPetter ?

We have to careful not to diss something outright we don't have enough info about yet, so as not to harm if genuine.

I'm going to email support(at)safereturner.com and see what they say

[falkor]

Installed . Will not scan . access violation .

[jmonge]

is it a fake scaner?

[falkor]

It also wants to turn off almost every application that is running in order to scan . It shut down most of my apps automatically while trying to update . Are you kidding me ? I missed something or this is total crapware . Good luck with this one !

[Franklin]

Being on Softpedia I doubt it would be a rogue but you never know.

Runs as a .scr and managed to start and kill the procesess of three different rogues, exe killers included.

Ran it against a multidrop trojan and it did kill all of the malicious procesess.

At reboot there seems to be no malware running but it does leave a lot behind.

All in all may be OK to use first up to get in behind and kill any exe killer rogues which will allow other AM's with better detections to run.

[J_L]

Quote:

Originally Posted by CloneRanger

Agreed it does have the look of a rogue.

The way it's marketed as something different etc, could be just a ploy to evade detection for a while ?

Strange it's a .COM file ?

Attachment 218938

Then

Attachment 218940

Then

Attachment 218939

Also got a PEG alert

I didn't install it

VT results not totally conclusive yet to me ? But caution yes. Might be the .COM etc stuff ?

Lots of download www's are hosting it though if you do a quick search, including.

http://www.downloadpipe.com/Windows/...r-1320365.html

Safe Returner Publisher: JonPetter ?

We have to careful not to diss something outright we don't have enough info about yet, so as not to harm if genuine.

I'm going to email support(at)safereturner.com and see what they say

The VirusTotal scanned a .exe file
Uploaded with VirusTotal Uploader and it detected a previous hash (upload). Saves time..

Anyhow I did notice a .COM file, then downloaded again, it became .exe
Maybe different servers of Download.com is hosting different files.. Softpedia file is definitely .exe, but the hash is still the same.

Edit:
CNET (Download.com) hosts a .COM and Softpedia hosts a .exe
Hashes are identical though.

[Franklin]

Got both here and one is an .exe and the other a .com but both install and run as a .scr

I think this is to help the app get up and running when an exe killer is active.

Even then, some exe killers will stop all types from executing includuding .com, .scr and .pif but a simple rename to Firefox.exe or Opera.exe can get an app up and running.

[J_L]

Here's an Anubis (online sandbox analyzer) report for those that understand it: http://anubis.iseclab.org/?action=re...b0&format=html

[Franklin]

Quote:

Originally Posted by falkor

It also wants to turn off almost every application that is running in order to scan . It shut down most of my apps automatically while trying to update . Are you kidding me ? I missed something or this is total crapware . Good luck with this one !

You can select whether to kill suss procesess or not before a scan starts which seems to work ok here.

[egomoo]

Hi,all

thanks plusface who give me email about the thread.

To be honest,I'm the author of Safe Returner.

I'm so glad that someone find it and post my software here,but I'm very sad that someone say it would be a rogue.

However it 's a super tool to remove almost all of the rogue which has 30 days all function included.

Is there a rogue that you do not need payment to remove something?

I will give you some explain anything what you want?

Safe Returner is a smart version of Sysinternal's Autoruns.

It is a unique approach to fighting malware.

1.why install package is a ".com " file ?

lots of malware hijack the exe file to run on user's system

2. why the main file is "Safe Returner.scr"?

the reason is the same as above.

3.why Safe Returner detect Torchsoft's product as a threat ... See screenshot #4

Yes,Because Safe Returner uses aggressive methods to detect these threats, there is a risk that in rare case it can select some legitimate programs for removal.

Please read more from the help document about "False Positive"

I personally also use malware defender ,so there is a False Positive on the screenshot #4.
some version of "malware defender" use random driver name to protect itself,so there is few google result.
there are so many random malware file name,so Safe Returner give it a import term on it.

for example in the picture :

http://www.safereturner.com/f1.jpg

It's quite simple to resolve the problem ,safe returner will collect the False Positive md5 to ignore list.

4.It also wants to turn off almost every application that is running in order to scan.

I'm sorry there is no message box to show that safe returner will turn off almost every application on version 1.22

but in version 1.24 it will be tell user to select infected or not. Franklin has give you the picture.

this feature is some like Rkill.com

5.CNET (Download.com) hosts a .COM and Softpedia hosts a .

Softpedia has rename the .com file to .exe file

[J_L]

Quote:

Originally Posted by egomoo

Hi,all

thanks plusface who give me email about the thread.

To be honest,I'm the author of Safe Returner.

I will give you some explain anything what you want?

Safe Returner is a smart versionof AutoRuns.

It is a unique approach to fighting malware.

1.why install package is a ".com " file ?

lots of malware hijack the exe file to run on user's system

2. why the main file is "Safe Returner.scr"?

the reason is the same as above.

3.why Safe Returner detect Torchsoft's product as a threat ... See screenshot #4

Yes,Because Safe Returner uses aggressive methods to detect these threats, there is a risk that in rare case it can select some legitimate programs for removal.

Please read more from the help document about "False Positive"

I personally also use malware defender ,so there is a False Positive on the screenshot #4.
some version of "malware defender" use random driver name to protect itself,so there is few google result.
there are so many random malware file name,so Safe Returner give it a import term on it.

for example in the picture :

http://www.safereturner.com/f1.jpg

It's quite simple to resolve the problem ,safe returner will collect the False Positive md5 to ignore list.

4.It also wants to turn off almost every application that is running in order to scan.

I'm sorry there is no message box to show that safe returner will turn off almost every application on version 1.22

but in version 1.24 it will be tell user to select infected or not. Franklin has give you the picture.

Interesting graphics you put there.. Problem is, website didn't build enough reputation yet, therefore it really does seem like a rogue.
Also the text "an awesomely impressive anti-malware tool" seems cheesy, to be honest.

Can you provide a source for the Neutron Tech US and other customer testimonials?

[egomoo]

Yes,it is a brand new tool.

Is there a rogue has help document about 524 KB?

=====================
NeutronTech from technibble.com

Simple to use. I like how it compares current scan to previous ones to find new startup items. I also like how it gives you the security threat level and gives you the option of searching for more information. Seems like a unique approach to fighting malware. I think it would be a great diagnostic tool for the shop.

WeissTech1

Pros: Small and fast! Less then 4 meg download and scanned 130GB in 7 minutes. Nice tool to add to the disinfecting routine to assure a clean system.

Cons: Bug: When you click on update definations on overview, it says everything is up to date. Then when you click scan, it says there's a new version of the program and asks to update it. The update button on overview should check DB and EXE version.

Summary: I like the expert options on any identified file to quickly bring up explorer on the file, submit it as a false positive, and perform further research via 3rd party tools that we usually use in virus removal. It's an example of crowd sourcing in action

I have posted a thread some days ago at technibble.com,and reviews are from technibble.

http://www.technibble.com/forums/showthread.php?t=16243

To be honest,I'm a chinese which have 8 years manually removal experience.

My blog is on Chinese Malware Analysis Blogs

~ Removed Link as per Policy - We don't want inexperienced users clicking over to the Malware site ~

I have developed a tool called XDelBox which is famous in chinese from 2006

[J_L]

The graphics may attract newbies, but definitely not techies or consumers who had to deal with rogues. With the power of the internet, most people should learn of rogues already.

Doubt a lot of newbies are going to stumble across your site..

[sg09]

@J.L: Hope you have seen that it has been reviewed by softpedia.
http://www.softpedia.com/reviews/win...w-144403.shtml
I didn't see a single software reviewed by Softpedia is useless..

[Franklin]

From Softpedia's review:

Quote:

Safe Returner is not an antivirus per se and does not mean to take over the tasks and purpose of an antivirus. It is a complementary solution designed to take care of malware already rooted in the system.

In my tests it performed quite well even very good against live infections and I would use it on other machines where an exe killer rogue was present.

It doesn't pick up all bits of the infection but does enough to kill the infection allowing a scan with a full on blacklist scanner to grab the dregs.

I hope this app goes well for the author and with him coming into the Wilder's den of wolves shows me he's fair dinkum.

[J_L]

Quote:

Originally Posted by sg09

@J.L: Hope you have seen that it has been reviewed by softpedia.
http://www.softpedia.com/reviews/win...w-144403.shtml
I didn't see a single software reviewed by Softpedia is useless..

Personally I never really trust only one source, but it does seem to be legit after all.

[sg09]

Quote:

Originally Posted by Franklin

I hope this app goes well for the author and with him coming into the Wilder's den of wolves shows me he's fair dinkum.

Thanks for the confirmation friend...

[sg09]

btw, is it more aggressive than Norton Power Eraser?

[egomoo]

In my test,Safe Returner has less FP.

Anyone who make a review on it could apply a free license according its website page here

http://www.safereturner.com/getakey.html