Returnil cleans on reboot

Discussion in 'General Returnil discussions' started by twl845, Sep 30, 2009.

Thread Status:
Not open for further replies.
  1. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Hi, My daughters computer has always been plagued with malware and trojans due to my Grand children using game sites etc. A while ago, based on my belief that RVS will erase what you do when you close down, I installed it on their computer and instructed them to make the icon red when they go on line. According to my Daughter the kids have been doing it. A week or so ago they got infected with a pretty aggresive trojan which I got rid of, and I found scores of ad-ware, data miners and cookies on the computer. I blamed them for not activating RVS and since then they have been using it. Yesterday, my Daughter was doing a AV scan and it brought up a few trojans and scads of other malware which she quarantined. I'm going over there today to see what I need to do. My question is am I wrong in assuming RVS cleans on reboot? Am I doing something wrong telling them to simply activate it? I don't want to try to explain how to create a partition to a 10 year old, so is activating RVS enough? Thanks for any advice. :)
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    If the protection is on, the changes should be lost at restart. Please investigate what is happening and perhaps you might need to change the password and set the virtualization to start with Windows (always on) for a period of time to see if the virtualization is actually being turned on...

    If it is, please let us know and we can go from there. I am assuming RVS 2008 at this point - yes?

    Mike
     
  3. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Hi Coldmoon, Yes I'm using RVS 2008. When you mention "change the password", each child has their own sign on password, but the RVS icon appears on each childs task bar. Does their sign on password have anything to do with it? When I go to see what I can do today, I thought I'd make a change to something and then reboot and see is my change is gone. I did tell them to make RVS load on bootup just the other day, but they hadn't done it yet. They will before I leave today.
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    For the test, change the RVS access password and configure the virtualization to be on all the time. If they are able to change the settings, my theory here is that they may have forgotten to turn it on at a critical moment or they are not turning it on. I will assume for the moment that it is the former rather than the latter but the effect would be the same = no virtualization when the malware was encountered/installed.

    Be sure to do a thorough cleanup and wipe existing restore points to ensure you start the test with a clean slate.

    Mike
     
  5. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    OK Thanks Coldmoon. I'll see what's up. :)
     
Thread Status:
Not open for further replies.