does returnil protect against TDL/TDSS rootkits?

Discussion in 'General Returnil discussions' started by taleblou, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    Hi:

    I was wondering if returnil will block TDSS/TDL rootkits infecting the pc or will it failed like those of wondershare time-freeze and shadow defender? Your reply is appreciate it. I am despratly looking for a TDL/TDSS rootkit protection virtualization type software.
     
  2. person

    person Registered Member

    Joined:
    Jul 6, 2010
    Posts:
    2
    I did not protect me from a TDSS rootkit today. I downloaded defense center which contains a TDSS rootkit and after I restarted my computer, it was still there, so i would say that returnil does not.
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello person and welcome to the forums :)

    Did you have the Virus Guard active and turn on the trust programs on the real disk only option? If not, you should have as that is the intended configuration for maximum protection. Please repeat your test with proper configurations and then let me know the results.

    Mike
     
  4. person

    person Registered Member

    Joined:
    Jul 6, 2010
    Posts:
    2
    Thank you.:D
    Don't feel like getting infected again. I had virus guard turned off because i have KIS on my computer. This was paused when i got infected with defense center, then i turned it back on and was trying to disinfect, i restarted thinking that it would be deleted. Once i started my computer, defense center was gone except the TDSS rootkit, luckily KIS was able to disinfect.
    I had returnil on default settings except virus guard off. (Probably would have protected me.)
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Questions:

    1. Are the "Virus Guard" and "Trust Real Disk Programs Only" features available on the paid version only?

    2. Will they prevent this type of rootkit (mentioned above) when enabled?

    3. To activate these features properly, do I need to check them and then restart? Or will they automatically become active as soon as I check them?

    4. With the "Trust Real Disk Programs Only" feature, is there a way that I can use this feature but also choose to install a software in virtual mode, just temporarily, and still keep this protection?
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Yes

    Yes

    The VG is active by default. You need to set the AE appropriately as it will have an additional options setting in 3.2 that allows flexibility between do not allow and allow anything to do what it wants...

    No as it is not from the real disk.

    Mike
     
  7. lolpop

    lolpop Registered Member

    Joined:
    Jul 15, 2010
    Posts:
    9
    I thought the free version has the "trust programs from real disk only" feature.
    That's what it says here (File Protection is checked under Returnil Free on the table):
    http://www.returnilvirtualsystem.com/products

    but I haven't tried using that feature for myself.
     
Thread Status:
Not open for further replies.