Help with software choice to quickly undo a malware infection....

Guys sorry if this isn't the write forum but i don't know exactly which forum fits my question.

Anyways, like a lot of you here, im sure, i'm overly anal about security.

I'm pretty satisfied the ability to browse without getting infected with excellent products out there like sandboxie, appguard, & geswall.

So i think i'm set on browsing but one place where i don't feel as comfortable is installing software. A lot of the software these days that are infected won't be picked up by anti-malware programs until you install them (hopefully if they have definitions for the malware).

I really don't know how they hide there payload but they could either been encrypting it and only decrypt it after you try to install the program and already hit "yes" to the UAC Dialog or downloading it after you install.

But anyways i digress. Even if the malware is caught and blocked it has already made some changes to your system like registry changes or some malicious temp files remaining. I really really want a way to be able to roll all these changes back and have no reminants on your system of anything. This also would be nice if you just don't want some software you just installed. For example.....try to remove every piece of itunes after you install it.

There are a couple solutions but i really don't like either that much:

1. Install the software in a virtual machine - To much of a hastle if you ask me. Start up virtual machine. Take a snapshot, rollback snapshot...ect. Rinse Repeat!! Also not all software will install on the virtual machine because of the need for certain hardware ,ect... Using Itunes again. Try to install it on vmware. It won't work.

2. System Restore: First all the experience i've had with System Restore tells me its very unreliable. Also, one of the things malware commonly does is to disable system restore. System Restore might be a lot better if it was more reliable, you had the ability to set retention periods, and malware couldn't shut it down.

3. Restore from backups - Restoring from a backup seems a little extreme for this purpose.


One program i found while doing a little research was Shadow Defender which is a pretty nifty program. I thought it almost answered my needs but one thing shadow defender really needs is to ability to commit/rollback when you want it to rather than using to reboot as a time to always roll back. What if your installing something that needs a reboot to work correctly?

So guys here is my question. Is anyone aware of a program that would really fit my needs? I needs to be fully x64 compatible because all my machines are running x64 Win 7. Hopefully this all makes sense if not just ask and i will clarify.

thanks,
Ncage

 

Have you checked out Comodo Time Machine? Seems to fit your needs.

http://www.comodo.com/home/data-storage-encryption/data-recovery.php

 

Its funny you say that. I just found the program and was ready to post here about it. Here is my concern. It it works it seems like it definitely could be a fit but how do you guys feel about it screwing/injecting itself into the boot process? Do you think this could cause any problems? My boot is already non-standard in that i have ubuntu/win7 in my boot menu (used EasyBCD).

I do use acronis true image to do daily backups. Don't know if it could cause problems with acronis either restores or i was thinking on using acronisis feature (acronis startup recover manager) which also wants to inject itself into the MBR...what do you all think?

 

If you have sufficient storage space available you should create a full-disk image beforehand,then you can try the likes of CTM without any worries.If it installs correctly it'll certainly do what you require.

 

If you use Acronis then forget CTM. Acronis can't image your boot drive with Time machine installed (or at least that was the case 3 months ago when I tried CTM out). So in choosing between Acronis and CTM, Acronis wins totally and always.

 

Use ReImage... It will restore your OS to a functioning state and replace damaged files with clean ones...
http://www.reimage.com/

 

Is this a scareware?
http://www.urlvoid.com/scan/reimage.com
https://www.wilderssecurity.com/showthread.php?t=228940

 

I have been using Returnil for a couple of years now and it doesn't mess with the boot process. I use it all the time to test out software. When you restart your computer all changes made to your C: drive are gone and everything is restored to the way it was before you enabled Returnil.

 

Returnil Multi-Snapshot might be what you are looking for. It is currently beta software and can be obtained as a free download from Returnil Labs.

My understanding is that it is based on the same technology as RVS. As it does not modify the MBR or use disk sector mapping, it should be compatible with third-party disk defragmentation and imaging software.

As with those products that implement snapshots using disk sector mapping, it can be used to test software that needs a reboot; but this approach is safer because, unlike disk sector mapping, the snapshots are stored as files within the Windows file system (at least that's how I understand it).

You can read more about how it works in this thread: Technology of Multi-Snapshot.

 

Ask for a trial key and try to find out....
It worked for me....
No, I don't think this is scareware at all, I tested it myself.
Thing is, after repair, you need to download few fixes from windows update to have all the latest patches, which is not much...

 

You could also try VBoot or KRiver 1 Click Restore.
VBoot - Boot any Windows from VHD/VMDK/VDI/Raw or Keriver 1-click Restore

To see the strength of these various softwares v. baddies:
Virtualization/Rollback software test