Safe Returner

it's a time out error message.

It caused by a slow internet speed to online analysis.

if one item takes more than 60s to online analysis,the error will occur.

you could try again to scan.

 

Oh i see. May be broadband problem..

 

During my first review, it did quite better but missed the latest TDSS rootkit which infected my CD Rom driver. But to my surprise, it did not missed the latest sample of Trojan SpyEye. And to be very honest, it was missed by all the vendors except two at the beginning, but soon it was detected Hitman Pro not by the Hitman Pro cloud vendors. Even it was detected by MalwareBytes but they detected that malicious file on the basis of its name "Cleansweep.exe" which was there at C:\Cleansweep.exe (Actually it was folder with name Cleansweep.exe)...Any of you can create a folder in C: and name it as Cleansweep.exe and perform a quick scan it will flag it...So i was pretty much impressed with it...

Anyways during my second review i ran only 8-10 Chinese malwares with one rogue AV, as usual Saferetuner killed all the non-whitelisted programs but it failed to detect many of them, whereas i have performed a scan with Hitman Pro and it found 19 files with 51 traces... This what let me lil disappointed. It did cloud scanning but all in vain. Trailing below are the screen-shot...

I'll continue my testing for next 2 days and on Monday i'll writeup my unbiased review on it.

 

Good... Interesting results...

 

The main thing which impressed me in safe-returner that it always terminate all the non-whitelisted process/services in one go...this is quite interesting..But it really failed against rootkits and other stealthy malwares...

 

Well it is in its early state of development. And fighting with rootkits is the toughest job by any antimalware. But it is nice to see they kill rouges well which part is really neglected by most antimalware.

 

Killing a process is not to solution dude. What matter is complete removal...and it did failed to remove the only rogue AV which i installed in my system. Even i have installed an infected video player (Chinese) which installed some infected codecs with fake IE browser. But it failed to detect any of those malwares...See i am not bashing this product, i know that it did pretty well in my 1st test (Small) but during my 2nd test at evening, it did worst ...

 

Obviously not a perfect solution, what is ! But i think it's a welcome addition, especially as the www is overloaded with multiple nasties these days.

The fact that it uses different methods to other apps is a bonus It all helps.

I wouldn't expect it to be an ace RK remover, and it's not designed to be.

 

thanks for AvinashR' review.

1. to be honest,I metioned in the thread above that the current version do not have any anti hide rootkit features.

So it fail to detect rootkits and some stealthy malwares with some heavy API hook,especially tested with chinese samples.

the chinese ones are heavy infected,their author so clever to Prevent itself to be removed even without Moral.

I'm chinese,and I know them.I had to say that SafeReturner is not enough to fight chinese virus samples.

chinese virus samples is not the target of Safe Returner.

2."it failed to detect many of them, whereas i have performed a scan with Hitman Pro and it found 19 files with 51 traces"

Safe Returner focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running on the computer.

so it will do not detect outside of startup entry and system files.

because lots of malware files or trojan files are inactive and if there is no startup entry or other active method.All the malware are dead just like junk files.It could not harm anything to uses' system(do not include infected exe files samples).

Safe Returner does not replace an antivirus product. It is strictly a post-infection removal tool.

3."Even i have installed an infected video player (Chinese) which installed some infected codecs with fake IE browser. But it failed to detect any of those malwares"

yes,it do not scan all the files in such a short time but only startup entries and many system files. I say the chinese samples are clever that it do not use normal autorun items to active itself on next reboot. It infected others such as video player,fake IE browser,dll hijack,hijach QQ,and so on....

I have to say that no one anti-malware tool or antivirus product could easy remove all of the chinese samples which the people is Cunning and do not have Moral.

I'm chinese, and Safe Returner is a english version. So its target is most outside of chinese samples.

 

Thanks for your honest reply egomoo, I think you will target those samples in the near future versions. Is it true?

 

there are 4 type malware active method on reboot

[1]. normal autorun entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
taks
startup folders
.............

the list is long ,and safe returner has finished almost of all.

[2]. system files infected
userinit.exe
rpcss.dll
NOTEPAD.EXE
explorer.exe
atapi.sys
.......

it could be found more and more

safe returner have added a lot of those files to detect.


[3]. hijack

exe hijack

IEXPLORE.EXE hijack

video player,fake IE browser,dll hijack,hijach QQ in china, MSN

even hijack *.doc ,when you open any *.doc file the malware could be actived.

any common app that used by normal folks will be hijacked to run the malware itself

[4]. infected any exe files in any disk

run any infected exe could active the malware

Safe Returner is good at to remove the type of [1] and [2],but do little while [3],[4]

[3],[4] must be have a signature database anti-malware to remove,and scan all the disk with more time.

Safe Returner is smalll ,fast,and effective to remove malwares without signature database,but not all while no a single product could do remove all.
and I will do more on [1],[2] to anti-rootkit samples in next versions.....

 

Further to my post here > https://www.wilderssecurity.com/showpost.php?p=1696379&postcount=36

better luck with a version 1.25.


See screenies.

 

...one more screenie, and a slight spelling mistake to boot > "duble"

 

thanks tarnak for the spelling mistake.

 

You're welcome! ....Found another one.

 

I am giving away some Safe Returner license keys over at my blog. If any one wants one just leave a comment here.

 

thanks

 

Hi All Hi egomoo,
I have just installed latest Safe Returner in an XP SP 3 machine.
I think it is an interesting and promising antimalware tool.

I have submitted some false positive detections via included menu (see snapshot attached, please)
[Avira context menu, a-squared free, 7-zip context menu files detected as infected, same for some Shadow Defender drivers and files and some legittimate Windows system files flagged as malware]

Hence I put them into ignore list, nevertheless Safe Returner keep on detecting them.
I have rebooted and restarted Safe Returner with no success, at every scan it keep on detecting files into ignore list.

Is that a bug or where I am wrong?

Another couple of question
1) I couldn't find any e-mail to drop you two lines but that e-mail reserved to paid customers, may I use that e-mail?
2) Are you looking for translators maybe?

Thank you in advance and sorry for my poor english

Regards

 

Hi leofelix, is that detection is in expert mode only?

 

Hi sg09, first scan has been in normal mode, second scan in expert mode.
False positive had been detected in expert mode as you can see

 

Thank you leofelix. In my case also it detected many in expert mode. Only Advanced Wallpaper Changer and MBRGuard in normal mode...

 

I cant get it to complete a scan on my laptop. It fails every time at the very start of the process where it checks with the cloud or what ever. I know for a fact its not my internet with a 6Mbps down and a 3Mbps up speed.

 

No problem here..

 

i am trying this ondemand scaner it is fast,it is detecting PE Guard as malware

 

In expert mode,there are files that do not have digital signature and given each one a socre.