Help with software choice to quickly undo a malware infection....

Discussion in 'other anti-malware software' started by ncage1974, Mar 21, 2011.

Thread Status:
Not open for further replies.
  1. ncage1974

    ncage1974 Registered Member

    Joined:
    Dec 6, 2009
    Posts:
    45
    Guys sorry if this isn't the write forum but i don't know exactly which forum fits my question.

    Anyways, like a lot of you here, im sure, i'm overly anal about security.

    I'm pretty satisfied the ability to browse without getting infected with excellent products out there like sandboxie, appguard, & geswall.

    So i think i'm set on browsing but one place where i don't feel as comfortable is installing software. A lot of the software these days that are infected won't be picked up by anti-malware programs until you install them (hopefully if they have definitions for the malware).

    I really don't know how they hide there payload but they could either been encrypting it and only decrypt it after you try to install the program and already hit "yes" to the UAC Dialog or downloading it after you install.

    But anyways i digress. Even if the malware is caught and blocked it has already made some changes to your system like registry changes or some malicious temp files remaining. I really really want a way to be able to roll all these changes back and have no reminants on your system of anything. This also would be nice if you just don't want some software you just installed. For example.....try to remove every piece of itunes after you install it.

    There are a couple solutions but i really don't like either that much:

    1. Install the software in a virtual machine - To much of a hastle if you ask me. Start up virtual machine. Take a snapshot, rollback snapshot...ect. Rinse Repeat!! Also not all software will install on the virtual machine because of the need for certain hardware ,ect... Using Itunes again. Try to install it on vmware. It won't work.

    2. System Restore: First all the experience i've had with System Restore tells me its very unreliable. Also, one of the things malware commonly does is to disable system restore. System Restore might be a lot better if it was more reliable, you had the ability to set retention periods, and malware couldn't shut it down.

    3. Restore from backups - Restoring from a backup seems a little extreme for this purpose.


    One program i found while doing a little research was Shadow Defender which is a pretty nifty program. I thought it almost answered my needs but one thing shadow defender really needs is to ability to commit/rollback when you want it to rather than using to reboot as a time to always roll back. What if your installing something that needs a reboot to work correctly?

    So guys here is my question. Is anyone aware of a program that would really fit my needs? I needs to be fully x64 compatible because all my machines are running x64 Win 7. Hopefully this all makes sense if not just ask and i will clarify.

    thanks,
    Ncage
     
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
  3. ncage1974

    ncage1974 Registered Member

    Joined:
    Dec 6, 2009
    Posts:
    45

    Its funny you say that. I just found the program and was ready to post here about it. Here is my concern. It it works it seems like it definitely could be a fit but how do you guys feel about it screwing/injecting itself into the boot process? Do you think this could cause any problems? My boot is already non-standard in that i have ubuntu/win7 in my boot menu (used EasyBCD).

    I do use acronis true image to do daily backups. Don't know if it could cause problems with acronis either restores or i was thinking on using acronisis feature (acronis startup recover manager) which also wants to inject itself into the MBR...what do you all think?
     
  4. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    If you have sufficient storage space available you should create a full-disk image beforehand,then you can try the likes of CTM without any worries.If it installs correctly it'll certainly do what you require.
     
  5. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    If you use Acronis then forget CTM. Acronis can't image your boot drive with Time machine installed (or at least that was the case 3 months ago when I tried CTM out). So in choosing between Acronis and CTM, Acronis wins totally and always.
     
  6. GakunGak

    GakunGak Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    953
    Use ReImage... It will restore your OS to a functioning state and replace damaged files with clean ones...
    http://www.reimage.com/
     
  7. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
  8. markedmanner

    markedmanner Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    134
    I have been using Returnil for a couple of years now and it doesn't mess with the boot process. I use it all the time to test out software. When you restart your computer all changes made to your C: drive are gone and everything is restored to the way it was before you enabled Returnil.
     
  9. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Returnil Multi-Snapshot might be what you are looking for. It is currently beta software and can be obtained as a free download from Returnil Labs.

    My understanding is that it is based on the same technology as RVS. As it does not modify the MBR or use disk sector mapping, it should be compatible with third-party disk defragmentation and imaging software.

    As with those products that implement snapshots using disk sector mapping, it can be used to test software that needs a reboot; but this approach is safer because, unlike disk sector mapping, the snapshots are stored as files within the Windows file system (at least that's how I understand it).

    You can read more about how it works in this thread: Technology of Multi-Snapshot.
     
    Last edited: Mar 27, 2011
  10. GakunGak

    GakunGak Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    953
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
Loading...
Thread Status:
Not open for further replies.