Advice re: Cleaners and Reg tools

I will try to contact him and direct to your posts.

 

Hi ronjor,

Regwatcher looks like a very nice product. I ran it alongside Prevx for a while and now I am running it alone. Both look they are very good products. Do you have a preference?

Rich

 

What address are you using to contact radsoft? I know they usually reply instantly.

 

However there is occassionaly a slight problem. And that is that this is a program, not a human being, and so it can make mistakes which we would be more likely to notice. For example removing files you actually want or need by accident.

 

Yes, but I'm still not clear what you are actually going to do if RW pops up and tells you an unauthorised change has occured?

Does it allow you to reverse the change and then allow you to terminate those processes that caused the change? Does it allow you to delete those alien progs on reboot? If not what apps are you going to use to help you in the fight? (You can't rely on Task Manager or Process Explorer since they will not provide multiple kill facility - though Ewido will probably let you do this).

I'm still not convinced by a simple Reg monitor that does nothing else - it's like telling you you've been nailed and then sticking it's tongue out at you!

Hey - this is in the wrong thread, but so was the point I was aluding to!

 

Because of certain tricks that malware might possibly use, RegWatcher quickly REVERSES any & every change to one of the registry items that it is set to monitor.

AFTER RW reverses a change, it then will ask the user if he or she wants to allow the change. If the user says, "Yes" then RW re-instates the change. If the user says "No" then the change is gone -- Poof!

As to deciding what action should be taken when RW sounds an alert -- that is strictly up to the user.

 

Sounds good in theory, but if something unpleasant has got into your machine and started changing your Registry around it is not likely to let the matter drop politely - it's going to keep on trying at the first opportunity!

So you need to tackle the underlying processes before they get a vice like grip on you. The nastier bugs these days have a disturbing habit of working as part of a team so you can't squash them individually by using Task Manager. You need something more versatile - that is why I prefer WinPatrol. I do appreciate the need for monitoring as many keys as possible, but I suspect the next version of WinPatrol will be looking at more.

For me personally the ability to designate keys to look at is less important than being able to have a crack at the underlying problem if you do get hit

 

I totally agree! Even so, it's nice to have RW or *something* sound the alarm so that you know a problem exists.

Of course, if it's a malware that's trying to mess with your computer, your other protection (antivirus, antitrojan, antispyware, et alia) SHOULD have taken action. If they didn't, RW can at least alert you that something brown is floating around in your computer's punchbowl.

 

Oh yes, but if they were successful you wouldn't be suffering Registry changes in the first place!

I'm looking at a last ditch scenario after all else fails. If your AV permits something to get in and fiddle about with your system then it is not going to help you much from there on. I want an appliance that offers some hope in this situation, that is why I like WinPatrol.

But if even that fails then you are down to alternative scanners, either backup or online, though if these locate but cannot cure the problem you are either faced with a difficult manual cleaning task or reformatting. I understand (from The CWS Chronicles) that there are now variants of CWS that are impossible to remove manually (even if you have the knowledge to do it - which I don't!).

For this reason I believe in as many layers of protection as I can reasonably get - things like ProcessGuard and SSM can be defeated by human error (if you accidently let something through) so a Reg monitor is not just for reassurance it could be a 'life' saver if it helps you kill off something before it has become too entrenched.

 

which is a good argument for having a recent "good" image ready to slap back on the drive