Safe Returner

Discussion in 'other anti-malware software' started by sg09, Jun 14, 2010.

Thread Status:
Not open for further replies.
  1. sg09
    Offline

    sg09 Registered Member

    Homepage
    http://www.safereturner.com/index.html
    Screenshots
    http://www.safereturner.com/screenshot.htm
    Softpedia review
    http://www.softpedia.com/reviews/windows/Safe-Returner-Review-144403.shtml

  2. CiX
    Offline

    CiX Registered Member

    Safe Returner detect Torchsoft's product as a threat ... See screenshot #4 :ninja:
  3. sg09
    Offline

    sg09 Registered Member

    lol they are digging themselves in...:D
  4. jmonge
    Offline

    jmonge Registered Member

    lol:D poor xioalin:D
  5. J_L
    Online

    J_L Registered Member

    ...Looks pretty shady, especially since LinkExtend Safety (Web of Trust, McAfee SiteAdvisor, Web Security Guard, Browser Defender, Norton Safe Web, Compete, Google Safe Browsing) rates it as unknown.

    Here's what Google Safe Browsing says: http://www.google.com/safebrowsing/diagnostic?site=safereturner.com

    ~ Virus Total Results Removed per Policy ~ for downloaded file from website.

    Personally, I'm not installing that (at least on my real machine).
    Last edited by a moderator: Jun 14, 2010
  6. jmonge
    Offline

    jmonge Registered Member

    J L it looks very risky:D thanks for the value info man:thumb:
  7. CloneRanger
    Offline

    CloneRanger Registered Member

    Agreed it does have the look of a rogue.

    The way it's marketed as something different etc, could be just a ploy to evade detection for a while ?

    Strange it's a .COM file ?

    sr.gif

    Then

    tmp.gif

    Then

    wiz.gif

    Also got a PEG alert :thumb:

    I didn't install it :D

    VT results not totally conclusive yet to me ? But caution yes. Might be the .COM etc stuff ?

    Lots of download www's are hosting it though if you do a quick search, including.

    http://www.downloadpipe.com/Windows...virus-tools/review-Safe-Returner-1320365.html

    Safe Returner Publisher: JonPetter ?

    We have to careful not to diss something outright we don't have enough info about yet, so as not to harm if genuine.

    I'm going to email support(at)safereturner.com and see what they say ;)
  8. falkor
    Offline

    falkor Registered Member

    Installed . Will not scan . access violation .:D
  9. jmonge
    Offline

    jmonge Registered Member

    is it a fake scaner?
  10. falkor
    Offline

    falkor Registered Member

    It also wants to turn off almost every application that is running in order to scan . It shut down most of my apps automatically while trying to update . Are you kidding me ? I missed something or this is total crapware . Good luck with this one !:cool:
  11. Franklin
    Offline

    Franklin Registered Member

    Being on Softpedia I doubt it would be a rogue but you never know.

    Runs as a .scr and managed to start and kill the procesess of three different rogues, exe killers included.

    Ran it against a multidrop trojan and it did kill all of the malicious procesess.

    At reboot there seems to be no malware running but it does leave a lot behind.

    All in all may be OK to use first up to get in behind and kill any exe killer rogues which will allow other AM's with better detections to run.

    Safe.JPG
  12. J_L
    Online

    J_L Registered Member

    The VirusTotal scanned a .exe file
    Uploaded with VirusTotal Uploader and it detected a previous hash (upload). Saves time..

    Anyhow I did notice a .COM file, then downloaded again, it became .exe
    Maybe different servers of Download.com is hosting different files.. Softpedia file is definitely .exe, but the hash is still the same.


    Edit:
    CNET (Download.com) hosts a .COM and Softpedia hosts a .exe
    Hashes are identical though.
    Last edited: Jun 14, 2010
  13. Franklin
    Offline

    Franklin Registered Member

    Got both here and one is an .exe and the other a .com but both install and run as a .scr

    I think this is to help the app get up and running when an exe killer is active.

    Even then, some exe killers will stop all types from executing includuding .com, .scr and .pif but a simple rename to Firefox.exe or Opera.exe can get an app up and running.

    scr.JPG
  14. J_L
    Online

    J_L Registered Member

  15. Franklin
    Offline

    Franklin Registered Member

    You can select whether to kill suss procesess or not before a scan starts which seems to work ok here.

    No.JPG
  16. egomoo
    Offline

    egomoo Registered Member

    Hi,all

    thanks plusface who give me email about the thread.

    To be honest,I'm the author of Safe Returner.

    I'm so glad that someone find it and post my software here,but I'm very sad that someone say it would be a rogue.

    However it 's a super tool to remove almost all of the rogue which has 30 days all function included.

    Is there a rogue that you do not need payment to remove something?

    I will give you some explain anything what you want?

    Safe Returner is a smart version of Sysinternal's Autoruns.

    It is a unique approach to fighting malware.

    1.why install package is a ".com " file ?

    lots of malware hijack the exe file to run on user's system

    2. why the main file is "Safe Returner.scr"?

    the reason is the same as above.

    3.why Safe Returner detect Torchsoft's product as a threat ... See screenshot #4

    Yes,Because Safe Returner uses aggressive methods to detect these threats, there is a risk that in rare case it can select some legitimate programs for removal.

    Please read more from the help document about "False Positive"

    I personally also use malware defender ,so there is a False Positive on the screenshot #4.
    some version of "malware defender" use random driver name to protect itself,so there is few google result.
    there are so many random malware file name,so Safe Returner give it a import term on it.

    for example in the picture :

    http://www.safereturner.com/f1.jpg

    It's quite simple to resolve the problem ,safe returner will collect the False Positive md5 to ignore list.

    4.It also wants to turn off almost every application that is running in order to scan.

    I'm sorry there is no message box to show that safe returner will turn off almost every application on version 1.22

    but in version 1.24 it will be tell user to select infected or not. Franklin has give you the picture.

    this feature is some like Rkill.com

    5.CNET (Download.com) hosts a .COM and Softpedia hosts a .

    Softpedia has rename the .com file to .exe file
    Last edited: Jun 15, 2010
  17. J_L
    Online

    J_L Registered Member

    Interesting graphics you put there.. Problem is, website didn't build enough reputation yet, therefore it really does seem like a rogue.
    Also the text "an awesomely impressive anti-malware tool" seems cheesy, to be honest.

    Can you provide a source for the Neutron Tech US and other customer testimonials?
  18. egomoo
    Offline

    egomoo Registered Member

    Yes,it is a brand new tool.

    Is there a rogue has help document about 524 KB?

    =====================
    NeutronTech from technibble.com

    Simple to use. I like how it compares current scan to previous ones to find new startup items. I also like how it gives you the security threat level and gives you the option of searching for more information. Seems like a unique approach to fighting malware. I think it would be a great diagnostic tool for the shop.

    WeissTech1

    Pros: Small and fast! Less then 4 meg download and scanned 130GB in 7 minutes. Nice tool to add to the disinfecting routine to assure a clean system.

    Cons: Bug: When you click on update definations on overview, it says everything is up to date. Then when you click scan, it says there's a new version of the program and asks to update it. The update button on overview should check DB and EXE version.

    Summary: I like the expert options on any identified file to quickly bring up explorer on the file, submit it as a false positive, and perform further research via 3rd party tools that we usually use in virus removal. It's an example of crowd sourcing in action

    I have posted a thread some days ago at technibble.com,and reviews are from technibble.

    http://www.technibble.com/forums/showthread.php?t=16243

    To be honest,I'm a chinese which have 8 years manually removal experience.

    My blog is on Chinese Malware Analysis Blogs

    ~ Removed Link as per Policy - We don't want inexperienced users clicking over to the Malware site ~

    I have developed a tool called XDelBox which is famous in chinese from 2006
    Last edited by a moderator: Jun 15, 2010
  19. J_L
    Online

    J_L Registered Member

    The graphics may attract newbies, but definitely not techies or consumers who had to deal with rogues. With the power of the internet, most people should learn of rogues already.

    Doubt a lot of newbies are going to stumble across your site..
  20. sg09
    Offline

    sg09 Registered Member

  21. Franklin
    Offline

    Franklin Registered Member

    From Softpedia's review:
    In my tests it performed quite well even very good against live infections and I would use it on other machines where an exe killer rogue was present.

    It doesn't pick up all bits of the infection but does enough to kill the infection allowing a scan with a full on blacklist scanner to grab the dregs.

    I hope this app goes well for the author and with him coming into the Wilder's den of wolves shows me he's fair dinkum.
  22. J_L
    Online

    J_L Registered Member

  23. sg09
    Offline

    sg09 Registered Member

    Thanks for the confirmation friend...:)
  24. sg09
    Offline

    sg09 Registered Member

    btw, is it more aggressive than Norton Power Eraser?
  25. egomoo
    Offline

    egomoo Registered Member

Thread Status:
Not open for further replies.