Eaz-Fix not the same as Rollback Rx

Discussion in 'backup, imaging & disk mgmt' started by SourMilk, Jul 2, 2012.

Thread Status:
Not open for further replies.
  1. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Hi all, I've owned Eaz-Fix for many years but was surprised when a scan by Avira said the Shdserv.exe component was a trojan! I sent the file via email to Avira for verification, and again they said it was a trojan. So, I uninstalled Eaz-Fix.

    I bought Rollback Rx from Horizon Datasys last night. I installed it and scanned Shdserv.exe and it came back clean.

    I realize that Eaz-Fix's Shdserv.exe could be a false positive but I would rather be safe than sorry.

    If there is a moral here, it's buy from a respected company.

    SourMilk out
     
  2. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    And, you consider HDS a respected company?

    But not Eaz-Fix?

    What about MagiCure?

    Best regards,
     
  3. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Horizon DataSys certainly seems to be respected on this forum considering the amount of positive comments concerning its products. One hardly ever reads a comment about MagiCure here or the other ones whose names I don't recall. Maybe I should have written most popular or favored.

    Anyway, that's my story and I'm stickin' to it.

    Peace,
    SourMilk
     
  4. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Dear SourMilk,

    There are Agency Laws. HDS is the developer of Rollback Rx, Easy-Fix and MagiCure. The ethics comes from the parent company and not the other way around.

    Best regards,
     
  5. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,564
    Both Are developed by EAZ SOLUTION, INC. HorizonDatasys is the main and the biggest reseller /OEM Partner of Eaz Solution and have a very very close relation.
    http://horizondatasys-forum.com/eaz-solutions/
    And Shdserv.exe introduced in version 8.1 can be considered as "trojan" since it communicates with their server and can/will render useless Rollback or EAZ your installation if it finds that your installation is not legit....

    by the way Both rollback and EAZ are rootkits/bootkits of the most advanced form that we intentionally install on our systems. This does not mean that they are malicious...

    Panagiotis
     
  6. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    The Shdserv.exe component of Eaz-Fix is called "unspecified malware" by Comodo as well as Avira calling it a trojan. But, I yield to the labs of Aladdin and pandlouc. I must be wrong in my assumptions based on my observations in the threads above.

    SourMilk out
     
  7. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,564
    Well you should not yield to our labs. :rolleyes:
    But to say that you submitted to Avira and that they had confirmed to be a trojan, but add that it could be a false positive means that you did not submitted it. If they had confirmed to be a trojan how can it be a false positive? o_O It would be a verified positive instead!;)

    By the way virustotal and similar sites are not avira labs...

    Panagiotis (labs) out.
     
  8. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    @pandlouc
    excerpt from first post:

    "Hi all, I've owned Eaz-Fix for many years but was surprised when a scan by Avira said the Shdserv.exe component was a trojan! I sent the file via email to Avira for verification, and again they said it was a trojan. So, I uninstalled Eaz-Fix."

    Rollback Rx's Shdserv.exe was scanned and it was clean. Oh, by the way, Netreg.exe is the license checker used by both programs that communicate with the author's server not Shdserv.exe. Shdserv.exe is responsible for the workings of the program such as autosnaps, etc.

    SourMilk out
     
  9. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,564
    Except that you said in reality
    Although they verified it (verified positive), could still be a false positive.o_O Which one is it?
    Either they verified it or not... A verified/false positive does not exist.
    And you are correct netreg.exe checks for the registration and Shdserv.exe is the virtual private server of rbrx/eaz-fix that communicates with the hidden sub-console of the program, the rootkit intermediate if you like...

    Panagiotis
     
  10. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Exactly. I am using Rollback Rx because its shdserv.exe scanned clean. I don't have to worry about Eaz-Fix's shdserv.exe being a trojan or a false positive. I've taken this conundrum completely out of my consideration. If I don't have trust in a software, I don't use it.

    SourMilk out
     
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,564
    I don't say that you should use it or not, neither that the file is clean or it's not(lots of times developers computers have being infected by viruses and then infected their programs).
    I only say that the developers of EAZ-FIX that you don't trust are the same guys that develop Rollback-RX that you do trust.
    And if you really submitted it to avira labs and they reported back that is infected you should consider it infected and maybe write a post to the EAZ-FIX sub-forum of Horizondatasys to inform them.

    Panagiotis
     
  12. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    I've reported it via the Eaz-Fix portal but no response. Imagine that.

    SourMilk out
     
Loading...
Thread Status:
Not open for further replies.