Need Help! Hitman destroyed EAZ-FIX

Discussion in 'backup, imaging & disk mgmt' started by Yura, Jul 6, 2012.

Thread Status:
Not open for further replies.
  1. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    Please help me. I lived long and happy with eaz fix (rollback rx clone) untill this night when I was helping my friend and installed hitman to explain him how to use it.
    And I didn't expect it to screw me so much.

    After restart nothing is here. Bare system. Can I restore anything?
    :'(
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
  3. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Welcome to the nightmares of Rollback Rx a.k.s. EAZ-Fix. Isn't Rollback Rx suppose to protect you for such situations?

    Best regards,
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Easy-Fix is detected by some AVs, particularly Emisoft as a rootkit. Emisoft is one of the scanners of Hitman Pro therefore when it is allowed to delete malware, it will break Easy-fix.

    I don't think there's anything that can be done without a complete image of the hard drive.
     
  5. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Yes, they put this rootkit for activation purposes. But then the same rootkit is destroyed by AV, thus rendering their system useless against which Easy-Fix is supposed to protect. Catch 22.

    Which is first the chicken or the egg!

    Best regards,
     
  6. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    I found this forum. I spent many days in reading and planning my perfect setup. I built multi layered system which was virus proof and kids proof, or so I thought.
    And then one FP at 3am where I was trigger happy to allow Hitman to do it's job, I face that I have nothing.

    Yes, it's my fault in letting hitman to delete mbr rootkit. But I used all this advanced software in attempt to make my life easier and safer not more paranoic and time consuming.

    I didn't get a single threat in 5 years without any AV or FW or anything. Why did I start to use this? I'm dissapointed.

    Let this be a lesson to me and others who will come after me.
     
  7. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    The problem is not Hitman or any other AV. The problem is Easy-Fix (Rollback Rx). Almost everyone has Rollback Rx nightmare stories, if they use it for a long time. Isn't Rollback suppose to protect from such things. And, what about hard disk failure?

    For this reason, it is very good idea to do regular imaging of your system. If you have one, just restore it. And, then forget about Easy-Fix and instead install a good freeware AV instead.

    Best regards,
     
  8. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    After being on this forum a little while I understood how important regular backups are, this is a truism.

    The point is I used Rollback not as a security solution! I used it as vmware/backup/testing platform. I installed programs, tested things, I knew I can roll back.

    And yet again, it was not a virus or trojan which hurt me. It was my own actions, using rollback and hitman together and believing that if Hitman didn't see Rollback as bootkit before then why should it see it as bootkit now? Anyway.

    I try to reinstall rollback but I dont think it would help since all system changes were in that mbr file which is undeletable.

    I will start from scratch, I dont care for AV. I will use VMwares for everything. Yes it's resource consuming but I have 2600k, 16gb so it's fine.

    Sorry for rant guys, but I am really dissapointed how I could live worriless if didn't rely on all these paranodidal programs who hate each other and would screw your system at any given chance.

    P.S. Suggest me a good 64bit setup for my purposes. Vmware, some antiexe and sandboxie? I'm open to suggestion again. Let's try this wilderss philosophy one more time.
     
  9. Motherroad

    Motherroad Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    234
    Location:
    Florida
    I sent a e-mail to support on this issue as Hitman Pro detected RollbackRX as a rootkit. They said to change the advanced settings to compatible disc access. I did this and it is no longer detected. As with any program in the cloud or behaviour based detections it is wise to check the results before removing.
     
  10. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    not rollback rx or eaz-fix. actually the mbr sector on the HDD. the mbr sector is modified by these apps to launch even if the os is not booting anymore. and yes there`s nothing to do. a clean install will do the job. at least for me it did...
     
  11. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    The same thing happened to myself a few years ago,
    with Rollback Rx and Prevx. Prevx detected a rootkit,
    I allowed Prevx to do its job and no more Rollback Rx.
    I lost about two years of data on my PC.
    Learned my lesson, that will never happen again.
     
  12. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    That's why i'm a CTM happy user for about 3 years now.At least if it fails me,it's free,i didn't pay a dime for it(and i have a Paragon backup always in handy).And no Hitman pro nor Emsisoft doesn't detect any FP rootkit from Comodo Time Machine.:thumb:
     
  13. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    May I ask which advanced settings you are referring to? I have been using Zemana AntiMalware which uses HitMan but since I only use the program when I am doing my monthly house cleaning Rx is not installed and thus no problems. Still, it would be good to know a bit more about this issue and its solution.
     
  14. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    Some time passed and I chilled down a bit. Only recent of my unimportant files from download folder disappeared in a thin air. But I had to spend whole day to reinstall programs.

    Question to Rollback users. Did I lose disk space after rollback's bootkit MBR was deleted? I mean, do I still have all this data laying on my drive but I can't reach it? I used rollback on SSD drive so space is precious.

    I hope I don't need to reinstall OS and programs again. Just want my space back and will rely on hardware(raid) and not on software from now on.
     
  15. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    I doubt it but you probably would be best off asking this question on the Rx forum (I suspect Froggie might know).

    http://horizondatasys-forum.com/disaster-recovery-programs/

    EDIT: I have been thinking about this and I would suggest that a possible way to be sure all space on the drive is free from anything eaz fix may have done is to install eaz fix again which will create a new baseline, then defrag your snapshot. When you defrag snapshots with Rx it frees any space that may have been protected by no longer existing snaps so this may free anything that remains locked (if there is any). Again, someone who better understands the workings of Rx than I would probably be more definitive on this, and that someone would be Froggie (The Roll-Back Frog) I think.
     
    Last edited: Jul 11, 2012
  16. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    From the content of this thread it seems probable that all rollback rx clones (or perhaps EAZ-FIX clones) place a rootkit in the MBR. I was wondering if any of the publishers or resellers of these programs have advised their users of this rootkit and more to the point how to prevent the situation described in the OP from occurring.
     
  17. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Yura,

    Having recently had a similar experience, I completely understand your frustration. Fortunately, I was able to restore a relatively recent image-backup which saved my day.

    The really pertinent issue in both of our episodes is that Rx is not capable of properly protecting its own MBR or its very own snapshots. While it does have a mechanism for protecting them against Windows 'proper' write attempts, it is not able to protect them against specific AV intrusions or malware infections!!! :thumbd: :thumbd:

    If you haven't yet wiped that drive/partition, you might request HDS to send you their 'snapshot scanvenger' ASAP. Having said that, I should tell you that there's only a slight chance that it can help you recover your snapshots. Another option is to bootup your system with a Linux or WinPE boot-disk. One of them should 'see' your baseline (installation) snapshot, but it won't see any of the subsequent (more recent) ones! By doing that you should at least be able to copy off any user-files (in the baseline snapshot) which are of value to you.

    Good luck!

    TS
     
    Last edited: Jul 11, 2012
  18. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Hi bg,

    While there are other programs which (supposedly) can protect the MBR, including Rx's modifications thereto, there aren't any other programs which can protect Rx's snapshots. As Rx's code is proprietary, only their development team can properly devise an effective mechanism to do that and, after 6 years of their awareness of these issues, they apparently are not placing much importance to that task!

    So to those who still use Rx or its clones, I strongly advise them to be sure to do proper image-backups!

    TS
     
  19. aladdin

    aladdin Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    2,986
    Location:
    Oman
    Why don't you use your GOLD Support and CHAT to find out the answer to the above directly from HDS the maker of Rollback Rx?

    According to Panagiotis, EAZ-Fix is the maker of the software and HDS is one of the biggest reseller of this program.

    Don't you think this will be a good time to use your GOLD Support and CHAT?

    Best regards,
     
  20. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    The Shadow,

    Thank you for trying to help me. Our situation is very similar indeed and it seems we are not alone in this. I have to say that rollback rx was fun while it worked but waiting for MBR protection is like waiting for v11 version. Figuratively speaking, I won't bother to jump around rollback with their "don't defragment me", "don't scan me", "don't back up me without unintastalling", "sector by sector backups" loops.

    From one side this tool is making my computer experience convenient, but it takes so many precautions that it's not convenient anymore for me. I didn't lose any files per se. Only download crap files but I lost all my programs and settings due to my latest backup was made after installing rollback rx and not later. At least, I was not lazy enough to backup my data files.

    To KOR/Aladdin,

    is this personal vendetta against BG? Lol. I think this tool is simply not for everyone. Not for you, not for me but for BG and other people.

    To HDS,

    how about writing about rootkit/bootkit in your feature list?
    How about making your own backup tool fully integrated with your rollback so it can backup easily while rollback is installed?
    How about being honest with people?

    Thanks to Shadow and BG, who tried to help me. Sorry BG, now I'm one of angry ex users you didn't like so much in your thread. And 1 angry customer is worth 10 happy customers so HDR has something to think about.
     
  21. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    V11 you say? - I won't live that long! - v10 is now a year past its initial target date!

    There's no question that Rx (or by any other name) would be the king of instant restore programs if only the developers could have protected Rx's MBR/snapshots from deletion/corruption (by AVs seeing their bootkit as malware, or malware dropping their direct I/O driver into the system and overwriting Rx's snapshot-referenced sectors)!

    I could have lived with it's other limitations/restrictions, but I can't live with it failing at its very promise of being able to restoring from malware attacks, etc., etc.

    TS
     
  22. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,551
    Actually they do write about it.
    http://www.horizondatasys.com/217802.ihtml
    Panagiotis
     
  23. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    That's really just one of their 'over-the-top' claims. Sadly, I (and others) 'swallowed' and believed it until it didn't happen! :(

    TS
     
  24. The Shadow

    The Shadow Registered Member

    Joined:
    Jan 24, 2012
    Posts:
    814
    Location:
    USA
    Sad as it may be, this one is a real 'gem'...

    Day Zero Protection & Disaster Recovery Solution
    RollBack Rx is designed to protect both the user and PC from accidental user errors and day-zero attacks. Without restricting the users’ activities, RollBack Rx will transparently take system snapshots on a schedule that you configure for your system. If a virus, malware or even *BSoD occurs – You can restore your system up-to-the-minute of the system crash. With no data loss. RollBack Rx the only Day Zero disaster recovery solution that can guarantee no data loss, even if Windows is unbootable!

    http://www.horizondatasys.com/169614.ihtml

    TS
     
  25. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    No problem, I have no issue with folks who are dissatisfied with Rx just with those who have made it their mission to discredit it at every opportunity. You had a bad experience and I get that will turn you off the program. I have had bad experiences with software in the past and I stopped using the programs in question but I did not make it my objective to attack it and the publishers of the program at every opportunity. And even this I could accept, but the way its been done has gone way beyond rational. Rudeness and frequent insults IMO have no place in a discussion forum of this type. You would think we were discussing religion or something where its common for tempers to flair. Its a piece of software for gods sake, use it or not as you see fit, make its shortcomings public, definitely a good thing. I have learnt a good deal about Rxs shortcoming in the past few weeks. This makes it possible for me to take preventative measures as in the HitMan Pro rootkit issue. I guess I have been lucky that I have been able to learn about these issues the easy way, that is by reading about others problems.

    Anyway, hopefully this animosity and aggression can be laid to rest soon I doubt if anyone is enjoying it, I certainly am not.
     
Loading...
Thread Status:
Not open for further replies.